0% found this document useful (0 votes)

21 views685 pages

Test Out Final Test Practice

The document describes different network topologies and types. It provides examples of client-server, peer-to-peer, intranet, extranet networks and discusses physical and logical bus, star, ring, mesh topologies. It also answers questions about different network scenarios and topology implementations.

Uploaded by

ADRIAN ESTEBAN SALTOS SALAZAR

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

21 views685 pages

Test Out Final Test Practice

Uploaded by

ADRIAN ESTEBAN SALTOS SALAZAR

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 685

You've implemented a network where hosts are assigned specific roles, such as file

sharing and printing roles. Other hosts access those resources, but they don't host
services of their own.
Which type of network do you have?
Answer

Intranet
Correct Answer:
Client-server

Peer-to-peer

Extranet

Explanation

In a client-server network, hosts have specific roles. For example, some hosts are
assigned server roles, which allow them to provide network resources to other hosts.
Other hosts are assigned client roles, which allow them to consume network
resources.
In a peer-to-peer network, each host can provide network resources to other hosts or
access resources located on other hosts, and each host is in charge of controlling
access to those resources.
An intranet is a private network that uses internet technologies. Services on an
intranet are only available to hosts that are connected to the private network.
An extranet is a private network that uses internet technologies, but whose
resources are made available to external (but trusted) users. For example, you might
create a website on a private network that only users from a partner company can
access.

References

• 2.1.4 Networking Facts

q_intro_network_client_server_np6.question.fex

Question 2:
Correct
Which of the following geographic network types is typically managed by a city as a
public utility?
Answer

Wide area network (WAN)

Local area network (LAN)

Personal area network (PAN)
Correct Answer:
Metropolitan area network (MAN)

Explanation

A metropolitan area network (MAN) is a network that can cover an entire city. A city
typically owns and manages a MAN as a public utility.
A PAN is a small network for communication between personal devices. A LAN is
contained to an office and managed by a business.
A WAN is a collection of LANs that are connected together to form a large
internetwork. WAN connections are typically managed by an ISP.

References

•
2.1.4 Networking Facts
q_intro_network_man_np6.question.fex

Question 3:
Correct
You've implemented a network where each device provides all other devices on the
network with access to shared files.
Which type of network do you have?
Answer

Polling

Client-server

Multiple access
Correct Answer:
Peer-to-peer

In a partial mesh topology, only some redundant paths exist. A partial mesh topology
is more practical and less expensive than a full mesh topology.
In a full mesh topology, every device has a point-to-point connection with every other
device. This provides full redundancy, but it's expensive and impractical.
A star topology connects network devices to the network with a single patch cable. A
patch cable failure makes the connected device unavailable.
A bus topology has a single point of failure. If there's a break in the network media,
the network becomes unavailable.

References

• 2.1.5 Network Topologies

Question 7:
Correct
Which of the following topologies connects all devices to a trunk cable?
Answer

Star

Ring
Correct Answer:
Bus

Mesh

Explanation

A bus topology connects all devices to a trunk cable.

A ring topology connects neighboring nodes until they form a ring.
A star topology uses a hub or switch to connect all network connections to a single
physical location.
A mesh topology exists when there are multiple paths between any two nodes on a
network.

References

• 2.1.5 Network Topologies

Question 8:
Correct
Your manager has asked you to implement a network infrastructure that will
accommodate failed connections.
Which of the following network topologies provides redundancy for a failed link?
Answer
Correct Answer:
Mesh

Ring

Star

Bus

Explanation

In a mesh topology, each network device is interconnected with all other network
nodes. This creates multiple data paths. If a link fails, the data has an alternate route
to its destination.
A star topology connects network devices to the network with a single patch cable. A
patch cable failure makes the connected device unavailable.
A bus topology has a single point of failure. If there's a break on the network
medium, the network becomes unavailable.
A single break on a physical ring topology disables the network.

References

• 2.1.5 Network Topologies

Question 9:
Correct
Which of the following topologies connects each device to a neighboring device?
Answer

Star
Correct Answer:
Ring

Mesh

Bus

Explanation

In ring topologies, each device connects to a neighboring device so that a ring is

formed.
The bus topology connects all devices to a trunk cable.
A star topology uses a hub or switch to connect all network connections to a single
physical location.
A mesh topology exists when there are multiple paths between any two nodes on a
network.

References

• 2.1.5 Network Topologies

Question 10:
Correct
You have a small network that uses a switch to connect multiple devices. Which
physical topology are you using?
Answer
Correct Answer:
Star

Bus

Mesh

Ring

Explanation

A switch creates a network with a physical star topology. The physical star topology
uses a logical bus topology and sends messages to all the devices connected to the
hub.
A mesh topology is a series of point-to-point links between devices.
A ring topology uses a central device called an MSAU.
A bus topology connects all devices to a trunk cable.

References

• 2.1.5 Network Topologies

Device control for data transmission rates.

Correct Answer:
Integration of network functionality into the host operating system.

Communication setup, maintenance, and teardown.

Standard setting for sending and receiving signals.

Correct Answer:
Enabling of communication between network clients and services.

Explanation

The Application layer enables network services and integrates network functionality
into the host operating system. Applications actually run above the OSI Application
layer.
The setup, maintenance, and teardown of communication happens at the Session
layer.
The Data Link layer controls the rate of data transmission between hosts (flow
control).
The Physical layer sets standards for sending and receiving electrical signals
between devices.

References

• 2.2.2 OSI Model Facts

q_osi_application_np6.question.fex

Question 2:
Correct
Which of the following are included as part of the Data Link layer specifications?
(Select two.)
Answer

Digital data conversion

Physical topology
Correct Answer:
Data transmission between hosts
Cable and connector specifications
Correct Answer:
Physical network device identification

Explanation

The Data Link layer controls device identification on networks, as well as how
messages travel through the network (the logical topology).
The other functions listed here are performed by the Physical layer.

References

• 2.2.2 OSI Model Facts

q_osi_datalink_02_np6.question.fex

Question 3:
Correct
In the OSI model, what is the primary function of the Network layer?
Answer
Correct Answer:
Route messages between networks.

Ensure that packets are delivered with no loss or duplication.

Transmit data frames.

Enable communication between network clients and services.

Explanation

The Network layer is responsible for routing messages between networks.

Explanation

Connection establishment is controlled through Session layer protocols.

The Transport layer breaks down data into blocks called segments. It then appends
a port number to identify which top-layer application needs to receive the data on the
destination device.
One very important thing that happens at the Network layer is IP address
assignment.

References

• 2.2.2 OSI Model Facts

q_osi_session_np6.question.fex

Question 7:
Correct
During TCP/IP communication between two network hosts, information is
encapsulated on the sending host and decapsulated on the receiving host using the
OSI model.
Match the information format on the left with the appropriate layer of the OSI model
on the right.
Transport layer
Segments
correct answer:
Network layer

Packets
correct answer:
Data Link layer

Frames
correct answer:
Physical layer

Bits
correct answer:
Keyboard Instructions

Explanation

Encapsulation is the process of breaking a message into packets, adding controls

and other information, and transmitting the message through the transmission
media. The following is the five-step data encapsulation/decapsulation process used
by the OSI model:
• Upper layers prepare the data to be sent through the network.
• The Transport layer breaks the data into pieces called segments, adding
sequencing and control information.
• The Network layer converts the segments into packets, adding logical
network and device addresses.
• The Data Link layer converts packets into frames, adding physical device
addressing information.
• The Physical layer converts the frames into bits for transmission across
the transmission media.

References

• 2.2.2 OSI Model Facts

q_osi_tcpip_np6.question.fex

Question 8:
Correct
Which of the following functions are performed by the OSI Transport layer? (Select
three.)
Answer
Packet formatting for delivery through the medium
Correct Answer:
End-to-end flow control

Path identification and selection

Media access control, logical topology, and device identification

Correct Answer:
Data segmentation and reassembly
Correct Answer:
Reliable message delivery

Consistent data formatting between dissimilar systems

Explanation

The Transport layer is responsible for breaking upper-layer data into segments and
allowing reliable communication through end-to-end flow control, error detection, and
error correction.
Message transmission through a medium is performed at the Physical layer.
Media access, logical topology, and device identification occur at the Data Link layer.
Path identification and selection is a function of the Network layer.
Data formatting is performed at the Presentation layer.

References

• 2.2.2 OSI Model Facts

q_osi_transport_02_np6.question.fex

Question 9:
Correct
Match each networking function or device on the left with its associated OSI model
layer on the right.
Application layer

HTTP
correct answer:
Presentation layer

Translates data
correct answer:
Session layer
Session ID number
correct answer:
Transport layer

Port number
correct answer:
Network layer

Router
correct answer:
Data Link layer

Switch
correct answer:
Physical layer

Modem
correct answer:
Keyboard Instructions

Explanation

The following table describes how devices function at different layers of the OSI
model:
HTTP functions at the Application layer.
Encapsulation happens at the Presentation layer.
Session IDs are assigned at the Session layer.
Port numbers are assigned at the Transport layer.
Routers function at the Network layer.
Switches function at the Data Link layer.
Modems function at the Physical layer.

References

• 2.2.5 OSI Layers Facts

q_osi_layers_01_np6.question.fex

Question 10:
Correct
Match each layer of the TCP/IP model on the left with the corresponding layer of the
OSI model on the right. Each option on the left can be used more than once.
Presentation layer

Application
correct answer:
Data Link layer

Network
correct answer:
Application layer

Application
correct answer:
Session layer

Application
correct answer:
Network layer

Internetwork
correct answer:
Transport layer

Transport
correct answer:
Keyboard Instructions

Explanation

The TCP/IP model maps to the OSI model as follows:

The Application layer corresponds to the OSI model's Session, Presentation, and
Application layers.
The Transport layer matches the OSI model's Transport layer.
The Internetwork layer is comparable to the OSI model's Network layer.
The Network layer (sometimes called the Link layer) corresponds to the OSI model's
Physical and Data Link layers.

References

• 2.2.5 OSI Layers Facts

q_osi_layers_tcpip_np6.question.fex
Which of the following is the process of breaking a message into packets, adding
controls and other information, and then transmitting the message through the
transmission medium?
Answer

Sequencing

Segmentation

Transformation
Correct Answer:
Encapsulation

Explanation

Encapsulation is the process of breaking a message into packets, adding controls

and other information, and then transmitting the message through the transmission
medium.
The Transport layer adds sequencing and control information.
The Internet layer converts the segments into packets.
Data flows down through the layers of the OSI model on the sending system and is
transformed at each layer.

References

• 2.3.2 Data Encapsulation Facts

q_data_encapsulation_01_np6.question.fex

Question 2:
Correct
What is the purpose of a frame check sequence (FCS) footer?
Answer

Hold segment data

Contain logical network addresses

Correct Answer:
Checksum error detection

Control information

Explanation
The Link layer converts packets into frames, adding physical device addressing
information and a frame check sequence footer for error detection. It also converts
the frames into bits (0s and 1s) for transmission across the transmission media.
Control information is added at the Transport layer.
The Transport layer breaks the data into pieces called segments.
The Internet layer converts the segments into packets, adding logical network and
device addresses.

References

• 2.3.2 Data Encapsulation Facts

q_data_encapsulation_fcs_np6.question.fex

Question 3:
Correct
Which term does the OSI model use that's different from the TCP/IP model in
reference to the terms frame, packet, and segment?
Answer

Presentation

HTTP

Session
Correct Answer:
Protocol data unit (PDU)

Explanation

The OSI model uses the term protocol data unit (PDU) instead of the terms frame,
packet, and segment.
The Presentation and Session layers are Layers 5 and 6 of the OSI model,
respectively, and do not correspond to the use of frame, packet, and segment in the
TCP/IP model.
HyperText Transfer Protocol (HTTP) is the protocol in the Application layer that
supports web requests.

References

• 2.3.2 Data Encapsulation Facts

q_data_encapsulation_pdu_np6.question.fex

Question 4:
Correct
Match each TCP/IP layers with its function.
Breaks the data into pieces.

Transport
correct answer:
Prepares the data to be sent.

Application
correct answer:
Adds physical addresses.

Link
correct answer:
Adds logical addresses.

Internet
correct answer:
Keyboard Instructions

Explanation

The Application layer prepares data to be sent through the network.

The Transport layer breaks data into pieces called segments, adding sequencing
and control information.
The Internet layer converts segments into packets, adding logical network and
device addresses.
The Link layer converts packets into frames, adding physical device addressing
information and a frame check sequence footer for error detection. It also converts
the frames into bits (0s and 1s) for transmission across the transmission media.

References

• 2.3.2 Data Encapsulation Facts

q_data_encapsulation_tcpip_02_np6.question.fex

Question 5:
Correct
Workstation2 needs to send data to Workstation3. Identify the Layer 2 and Layer 3
addresses Workstation2 will use to send the data by dragging the corresponding
address from the list on the left to its location on the right.
Layer 2 source address

080046987654
correct answer:
Layer 3 source address

192.168.10.12
correct answer:
Layer 2 destination address

000b5f2a2222
correct answer:
Layer 3 destination address

192.168.11.11
correct answer:
Keyboard Instructions

Explanation

Workstation2 will use the following addresses to send the data:

• The source Layer 2 address is its own MAC address, which is
080046987654.
• The source Layer 3 address is its own IP address, which is 192.168.10.12.
• The destination Layer 2 address is the MAC address of the default
gateway router, which is 000b5f2a2222. The MAC address is the address
of the interface connected to the same subnet as Workstation2.
• The destination Layer 3 address is the IP address of the destination
device (Workstation3), which is 192.168.11.11.

References

• 2.3.5 Network Communication Process Facts

q_network_comm_address_01_np6.question.fex

Question 6:
Correct

Workstation3 has started communicating with Workstation2. It sends a frame to the

default gateway. Identify the Layer 2 and Layer 3 addresses used by the Cisco 2600
router to forward the data to Workstation2 by dragging the corresponding address
from the list on the left to its location on the right.
Layer 2 source address

000b5f2a2222
correct answer:
Layer 3 source address

192.168.11.11
correct answer:
Layer 2 destination address

080046987654
correct answer:
Layer 3 destination address

192.168.10.12
correct answer:
Keyboard Instructions

Explanation

The Cisco 2600 router is the default gateway. When it receives a frame from
Workstation3, it examines the Layer 3 address in the packet to locate the destination
device. Then it creates a new frame and modifies the source and destination Layer 2
addresses (MAC addresses) as follows:
• The source Layer 2 address is the gateway's own MAC address on the
same segment as the destination device, which is 000b5f2a2222.
• The destination Layer 2 address is the MAC address of the destination
device, which is 080046987654.
The source and destination Layer 3 addresses (IP addresses) do not change.
• The source IP address is the IP address of Workstation3, which is
192.168.11.11.
• The destination IP address is the IP address of Workstation2, which is
192.168.10.12.

References

• 2.3.5 Network Communication Process Facts

q_network_comm_address_02_np6.question.fex

Question 7:
Correct
When does a router use ARP?
Answer
Correct Answer:
When the router's routing table doesn't contain the MAC addresses of devices on the
local LAN that they need to forward frames to.

If a router does not know a destination device's IP address, it sends an ARP

broadcast containing the destination device's MAC address and requesting its IP
address.

If a router knows a destination host's MAC and IP address, it sends an ARP request
to update the other routers' routing tables.

ARP does not play any role in the routing process. Switches use ARP to map IP
addresses to MAC addresses in collision domains.

Explanation

ARP (Address Resolution Protocol) resolves IP addresses into MAC addresses.

Routers and other network devices use ARP when their routing tables don't contain
the MAC addresses of devices on the local LAN that they need to forward frames to.
References

• 2.3.3 Address Resolution Protocol (ARP)

• 2.3.5 Network Communication Process Facts
• 3.5.2 Network Adapter Facts
q_network_comm_arp_01_np6.question.fex

Question 8:
Correct
Routing data between computers on a network requires several mappings between
different addresses. Which of the following statements is true?
Answer

ICMP lets routers bypass the general network broadcast by providing a dynamic
table of IP-to-MAC address mappings.
Correct Answer:
Hosts use ARP to resolve known IP addresses into MAC addresses.

Routers use DNS to resolve MAC addresses of diskless workstations into IP

addresses based on the information contained in other routers' routing tables.

Diskless workstations use ARP to ask a server for an IP address.

Explanation

ARP lets hosts resolve known IP addresses into MAC addresses by broadcasting
requests to the network.
DNS is used to map hostnames to IP addresses. ARP is used to map IP addresses
to MAC addresses.
Diskless workstations use BOOTP to discover their IP address, the server's IP
address, and the boot files they should use.
ICMP notifies routers of problems on the network and undeliverable packets.

References

• 2.3.3 Address Resolution Protocol (ARP)

• 2.3.5 Network Communication Process Facts
• 3.5.2 Network Adapter Facts
q_network_comm_arp_02_np6.question.fex

Question 9:
Correct
During network transmission, data is transferred to various routers, which forward
the data to the appropriate network. If the source and destination network addresses
reside on the same network, which protocol is used to determine the destination IP's
MAC address?
Answer
Correct Answer:
ARP

HTTP GET

TCP

UDP

Explanation

Address Resolution Protocol (ARP) is used to determine the host's MAC address
using the destination IP address.
An HTTP GET requests web page information from a web server.
UDP and TCP are both Transport layer protocols.

References

• 2.3.3 Address Resolution Protocol (ARP)

• 2.3.5 Network Communication Process Facts
• 3.5.2 Network Adapter Facts
q_network_comm_arp_03_np6.question.fex

Question 10:
Correct
TCP is a connection-oriented protocol that uses a three-way handshake to establish
a connection to a system port. Computer 1 sends a SYN packet to Computer 2.
Which packet does Computer 2 send back?
Answer

RST

SYN/RST
Correct Answer:
SYN/ACK

ACK

Explanation
If Computer 1 sends a SYN packet to Computer 2, Computer 2 receives the packet
and sends a SYN/ACK packet to Computer 1. Computer 1 receives the SYN/ACK
packet and replies back with an ACK packet, and the connection is complete.
A SYN flag is used to start a connection between hosts.
An ACK acknowledges the receipt of a packet.
An RST resets a connection.

References

• 2.3.7 Three-Way Handshake and TCP Flags Facts

q_tcp_flags_syn_ack_np6.question.fex
Which of the following protocols allows hosts to exchange messages to indicate
problems with packet delivery?
Answer

DHCP

TFTP
Correct Answer:
ICMP

IGMP

Explanation

Internet Control Message Protocol (ICMP) allows hosts to exchange messages to

indicate a packet's status as it travels through a network.
IGMP (Internet Group Management Protocol) establishes multicast group
memberships, which allows a computer to send a single network packet to multiple
hosts on a network at the same time.
DHCP is used to automatically assign addresses and other configuration parameters
to network hosts.
TFTP (Trivial File Transfer Protocol) is often used when files need to be transferred
between systems quickly.

References

• 2.4.4 Network Port and Protocol Facts

q_network_protocol_facts_icmp_np6.question.fex

Question 2:
Correct
You have a large TCP/IP network and want to keep a host's real-time clock
synchronized. Which protocol should you use?
Answer

SMTP
Correct Answer:
NTP

FTP

SNMP

Explanation

Network Time Protocol (NTP) keeps computers' clocks synchronized.

SMTP is used to send mail between email servers.
SNMP lets network administrators set up alerts to monitor the state of a network.
FTP (File Transfer Protocol) provides a generic method for transferring files.

References

•2.4.1 TCP/IP Protocols

•2.4.3 Explore Network Services
•2.4.4 Network Port and Protocol Facts
•2.4.5 Common Ports
q_network_protocol_facts_ntp_np6.question.fex

Question 3:
Correct
Your company has just acquired another company in the same city. You need to
integrate the two email systems so that messages can be exchanged between email
servers. Currently, each network uses an email package from a different vendor.
Which TCP/IP protocol enables message exchange between systems?
Answer

POP3

ICMP
Correct Answer:
SMTP

IMAP4

Explanation
Simple Mail Transfer Protocol (SMTP) specifies how messages are exchanged
between email servers. Email clients use POP3 and IMAP4 to download email
messages from email servers.
ICMP (Internet Control Message Protocol) is used with ping and traceroute to
communicate network information.

References

• 2.4.1 TCP/IP Protocols

• 2.4.3 Explore Network Services
• 2.4.4 Network Port and Protocol Facts
• 2.4.5 Common Ports
q_network_protocol_facts_smtp_02_np6.question.fex

Question 4:
Correct
You're an application developer, and you're writing a program for exchanging video
files through a TCP/IP network. You need to select a transport protocol that will
guarantee delivery.
Which TCP/IP protocol provides this capability?
Answer

UDP

SIP
Correct Answer:
TCP

FTP

Explanation

In this scenario, you should write the application to use Transmission Control
Protocol (TCP). TCP guarantees delivery through error checking and
acknowledgments.
FTP provides a generic method for transferring files. It can protect access to files by
requiring usernames and passwords.
UDP is a host-to-host protocol like TCP, but it doesn't acknowledge that each packet
was transmitted.
SIP is an open-source VoIP protocol.

References

• 2.4.4 Network Port and Protocol Facts

q_network_protocol_facts_tcp_02_np6.question.fex
Question 5:
Correct
Which of the following features does UDP provide? (Select two.)
Answer

Data packet sequencing

Correct Answer:
Low overhead
Correct Answer:
Connectionless datagram services

Lost packet retransmission

Packet acknowledgement

Explanation

UDP is a connectionless protocol used by applications that need low overhead and
don't require guaranteed delivery.
TCP provides data packet sequencing, packet acknowledgement, and lost packet
retransmission.

References

• 2.4.4 Network Port and Protocol Facts

q_network_protocol_facts_udp_np6.question.fex

Question 6:
Correct
You've recently installed a new Windows server. To ensure system time accuracy,
you've loaded an application that synchronizes the hardware clock on the server with
an external time source on the internet. Now you must configure your network
firewall to allow time synchronization traffic through.
Which of the following ports are you MOST LIKELY to open on the firewall?
Answer
Correct Answer:
123

119

110
Explanation

TCP/IP port 123 is assigned to Network Time Protocol (NTP). NTP is used to
communicate time synchronization information between systems on a network.
HyperText Transfer Protocol (HTTP) uses TCP/IP port 80. HTTP is the protocol used
to send requests to a web server and retrieve web pages from the web server.
TCP/IP port 119 is used by the Network News Transfer Protocol (NNTP). NNTP is
used to access and retrieve messages from newsgroups.
TCP/IP port 110 is used by Post Office Protocol version 3 (POP3). POP3 is used to
download email from mail servers.

References

•
2.4.1 TCP/IP Protocols
•
2.4.3 Explore Network Services
•
2.4.4 Network Port and Protocol Facts
•
2.4.5 Common Ports
q_common_ports_123_np6.question.fex

Question 7:
Correct
Which port number is used by SNMP?
Answer

110

119
Correct Answer:
161

Explanation

Simple Network Management Protocol (SNMP) uses port 161.

The other listed ports are used by the following protocols:
• SMTP uses port 25.
• POP3 uses port 110.
• NNTP uses port 119.

References

• 2.4.1 TCP/IP Protocols

• 2.4.3 Explore Network Services
•
2.4.4 Network Port and Protocol Facts
•
2.4.5 Common Ports
q_common_ports_161_np6.question.fex

Question 8:
Correct
You're configuring a network firewall to allow SMTP outbound email traffic and POP3
inbound email traffic.
Which of the following TCP/IP ports should you open on the firewall? (Select two.)
Answer

443
Correct Answer:
25
Correct Answer:
110

143

Explanation

Simple Mail Transfer Protocol (SMTP) uses TCP/IP port 25. Post Office Protocol
version 3 (POP3) uses TCP/IP port 110.
File Transfer Protocol (FTP) uses TCP/IP port 21.
Internet Message Access Protocol version 4 (IMAP4) uses TCP/IP port 143.
Secure Sockets Layer (SSL) uses TCP/IP port 443.

References

•
2.4.1 TCP/IP Protocols
•
2.4.3 Explore Network Services
•
2.4.4 Network Port and Protocol Facts
•
2.4.5 Common Ports
q_common_ports_25_10_np6.question.fex

Question 9:
Correct
Which port does Telnet use?
Answer

53
Correct Answer:
23

Explanation

Telnet uses port 23.

HyperText Transfer Protocol (HTTP) uses port 80.
Simple Mail Transfer Protocol (SMTP) uses port 25.
Domain Name System (DNS) uses port 53.

References

•
2.4.1 TCP/IP Protocols
•
2.4.3 Explore Network Services
•
2.4.4 Network Port and Protocol Facts
•
2.4.5 Common Ports
q_common_ports_53_np6.question.fex

Question 10:
Correct
Which of the following network services or protocols uses TCP/IP port 69?
Answer

NNTP
Correct Answer:
TFTP

POP3

SMTP

Explanation

Trivial File Transfer Protocol (TFTP) uses TCP/IP port 69. TFTP is a connectionless
service for downloading files from a remote system. It's often used for downloading
firmware to networking devices.
Network News Transfer Protocol (NNTP) is used to access and download messages
from newsgroup servers. NNTP uses TCP/IP port 119.
Simple Mail Transfer Protocol (SMTP) is used to send and receive email. SMTP
uses TCP/IP port 25.
Post Office Protocol version 3 (POP3) is used to download email from a remote
system. POP3 uses TCP/IP port 110.

References

•2.4.1 TCP/IP Protocols

•2.4.3 Explore Network Services
•2.4.4 Network Port and Protocol Facts
•2.4.5 Common Ports
q_common_ports_69_np6.question.fex
You're installing network wiring for a new Ethernet network at your company's main
office building. The project specifications call for Cat 5e UTP network cabling and
RJ45 wall jacks. Near the end of the project, you run out of wire before the last few
runs are complete. You have a spool of Cat 3 network cable in storage. Upon closer
inspection, it appears very similar to the Cat 5e wiring.
To finish the project, should you use the Cat 3 cabling as a substitute for the Cat 5e
cabling?
Answer

Yes. You can use Cat 3 cabling as a substitute for Cat 5e cabling since they're
electrically identical.

No. The sheath surrounding Cat 5e cabling is much thicker than the Cat 3 sheath,
creating an extra layer of shielding that reduces crosstalk and supports higher data
rates.

No. Cat 5e cabling uses a thicker copper wire than Cat 3 cabling, enabling higher
data transmission rates.
Correct Answer:
No. Cat 5e cabling has more twists per inch than Cat 3 cabling, reducing crosstalk
and supporting higher data rates.

Explanation

While Cat 3 and Cat 5e cabling may appear physically similar, they're electrically
different. Cat 5e cabling is twisted much more tightly than Cat 3 cabling. This
reduces crosstalk and enables Cat 5e wiring to support much faster data
transmission rates.

References

• 3.1.2 Twisted Pair Facts

q_twisted_pair_cat5e_np6.question.fex

Question 2:
Correct
Which of the following cable types often includes a solid plastic core that keeps the
twisted pairs separated?
Answer

Cat 5e

Cat 5

Cat 3
Correct Answer:
Cat 6

Explanation

Cat 6 cables include a solid plastic core that keeps the twisted pairs separated and
prevents the cable from being bent too tightly.
Cat 3, Cat 5, and Cat 5e don't include a solid plastic core that keeps the twisted pairs
separated.

References

• 3.1.2 Twisted Pair Facts

q_twisted_pair_cat6_np6.question.fex

Question 3:
Correct
You're adding new wires in your building for some new offices. The building has a
false ceiling that holds the lights and provides an air path for heating and air
conditioning. You'd like to run your Ethernet cables in this area.
Which type of cable must you use?
Answer
Correct Answer:
Plenum-rated cable

Fiber optic cables

STP cables

Cat 5e or Cat 6a cables

Explanation

Plenum-rated cable is fire resistant and non-toxic. You must use plenum-rated cable
to wire in air spaces used by heating and air conditioning systems.
Cat 5e cables provide better EMI protection than Cat 5 cables, and Cat 6a cables
are an improvement over Cat 6 specifications. However, neither of these qualities
are a requirement for use in a ceiling area.
If an area has a lot of EMI, you might consider using STP or fiber optic cables, but
this isn't a requirement in a ceiling area. Typically, you can avoid EMI sources by re-
routing cables.

References

• 3.1.2 Twisted Pair Facts

q_twisted_pair_plenum_np6.question.fex

Question 4:
Correct
Why might you use an RJ11 connector?
Answer

You want to connect a 10GBaseT network to a switch card using a Cat 6 cable.
Correct Answer:
You want to connect your computer to the internet with a DSL modem.

You want to upgrade your 10BaseT network to 100BaseTX.

You want to connect your computer to a network using a Cat 7 cable.

Explanation

RJ11 connectors are typically used for telephones and modems.

RJ45 connectors are used for 100BaseTX.
RJ45 connectors are used for 10GBaseT using Cat 6 cables.
GG45 or TERA connectors are used with Cat 7 cables.

References

Correct Answer:
It has a conductor made from copper in its center.

The conductors within the cable are twisted around each other to eliminate crosstalk.
Correct Answer:
It uses two concentric metallic conductors.

It is composed of four pairs of 22-gauge copper wire.

Explanation

Coaxial cable is composed of a central copper conductor surrounded by an insulator,

which is then surrounded by a second
metallic mesh conductor. The name coaxial is derived from the fact that both of
these conductors share a common axis. Both ends of a coaxial cable must be
terminated.
Twisted pair is composed of four pairs of 22-gauge copper wire. The wires are
twisted to reduce crosstalk, and they use RJ45 connectors.

References

•3.1.5 Coaxial Cable Facts

q_coaxial_copper_np6.question.fex

Question 9:
Correct
You have a small home network connected to the internet using an RG-6 cable. You
need to move the router, but you can't find anymore RG-6 cabling. Which cable type
could you use instead?
Answer

Cat 5e
Correct Answer:
RG-59

Cat 3

RG-58

Explanation

RG-6 has an impedance rating of 75 ohms. It's important to use coaxial cables with
the same impedance rating, and only RG-59 is rated for 75 ohms.
Connecting coaxial cables with Cat 3 and Cat 5e cables requires a media converter.

References

•3.1.5 Coaxial Cable Facts

q_coaxial_rg6_01_np6.question.fex

Question 10:
Correct
You've just signed up for a broadband home internet service that uses coaxial
cabling. Which connector type will you MOST LIKELY use?
Answer

RJ11

RJ45
Correct Answer:
F-type

BNC

Explanation

Use an F-type connector for broadband cable connections that use coaxial cabling.
Use a BNC connector for 10Base2 Ethernet networks.
Use an RJ11 connector for modem connections to a phone line.
Use an RJ45 connector for an Ethernet network that uses twisted pair cabling.

References

•3.1.5 Coaxial Cable Facts

q_coaxial_typef_01_np6.question.fex
Which of the following are advantages of using fiber optic cabling for a network?
(Select two.)
Answer
Correct Answer:
Greater cable distances without a repeater

No special training or equipment is required

Correct Answer:
Immunity to electromagnetic interference

Lower installation cost

Easy to work with

Explanation

Compared to other types of cabling, fiber optic cabling allows greater cable distances
without a repeater and is immune to electromagnetic interference. However, it is
more costly, difficult to work with, and specialized training and equipment is required
for installation.

References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_advantage_np6.question.fex

Question 2:
Correct
Which of the following connectors are used with fiber optic cables and include both
cables in a single connector? (Select two.)
Answer

BNC
Correct Answer:
LC

SC
Correct Answer:
MTRJ

Explanation
LC and MTRJ connectors have both fiber optic cables in a single connector.
ST and SC connectors hold a single strand of fiber optic cabling. A cable using either
one has two connectors on each end.
A BNC connector is used with coaxial cable.

References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_connector_np6.question.fex

Question 3:
Correct
Which of the following cables offers the best protection against EMI?
Answer

Cat 5
Correct Answer:
Single-mode fiber optic

Cat 5e

RG-6

Explanation

Fiber optic cables offer the best protection against electromagnetic interference
(EMI).

References

•3.2.2 Fiber Optic Facts

q_fiber_cables_emi_np6.question.fex

Question 4:
Correct
Which of the following are characteristics of an LC fiber optic connector? (Select
two.)
Answer

They are threaded.

They can be used with either fiber optic or copper cabling.

Correct Answer:
They use a housing and latch system similar to an RJ45 UTP connector.
Correct Answer:
They are half the size of standard connectors.

They use a one-piece bayonet connecting system.

Explanation

LC fiber optic connectors are small, at about half the size of other fiber optic
connectors. Their appearance is similar to a typical RJ45 connector used with UTP
wiring. Like an RJ45 connector, an LC fiber optic connector uses a small latch to lock
the connector in a jack.
ST uses a one-piece bayonet connecting system.

References

•3.2.2 Fiber Optic Facts

q_fiber_cables_lc_01_np6.question.fex

Question 5:
Correct
Which of the following connectors is used with fiber optic cables and requires that
you use a twisting motion to connect it?
Answer

BNC
Correct Answer:
ST

F-type

Explanation

An ST connector is used with fiber optic cables and uses a twist-type connector. Use
the mnemonic Set and Twist.
An SC connector is used with fiber optic cables, but you plug it in instead of twist it
in.
F-type and BNC connectors employ a twist to connect, but they're used with coaxial
cables.

References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_lc_02_np6.question.fex
Question 6:
Correct
Which of the following are characteristics of an MTRJ fiber optic connector? (Select
two.)
Answer

They're called push-in-and-twist connectors.

They use a keyed bayonet.

Correct Answer:
They can be used with multi-mode fiber optic cables.

They must never be used with single-mode fiber optic cables.

Correct Answer:
They use metal guide pins to ensure accurate alignment.

Explanation

MTRJ connectors can be used with either multi-mode or single-mode fiber optic
cabling. The connector is made from plastic and uses metal guide pins to ensure that
it's properly aligned in the jack.
ST has a keyed bayonet connector and is called a push-in-and-twist connector.

References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_mtrj_np6.question.fex

Question 7:
Correct
Multi-mode fiber is designed to operate at which of the following wavelengths?
Answer
Correct Answer:
850 nm and 1300 nm

1310 nm and 1550 nm

850 nm and 1310 nm

1300 nm and 1550 nm

Explanation
Multi-mode fiber is designed to operate at 850 nm and 1300 nm.
Single-mode fiber is optimized for 1310 nm and 1550 nm.

References

•3.2.2 Fiber Optic Facts

q_fiber_cables_multi_np6.question.fex

Question 8:
Correct
Which of the following connectors usually require polishing as part of the assembly
process? (Select two.)
Answer
Correct Answer:
SC

F-type

RJ45

BNC
Correct Answer:
ST

Explanation

The fiber optic cable assembly process is more complex than other assemblies. It's
necessary to polish the exposed fiber tip to ensure that light is passed from one
cable to the next with minimal dispersion.

References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_polish_np6.question.fex

Question 9:
Correct
Which of the following is true about single-mode fiber optic network cabling?
Answer

It's optimized for 850 nm and 1300 nm light sources.

Correct Answer:
Its central core is smaller than the standard multi-mode fiber optic cabling core.
It's less expensive than multi-mode fiber optic cabling.

It has shorter segment lengths than multi-mode fiber optic cabling.

Explanation

Single-mode fiber optic cabling provides one path (or mode) for light to travel. It
supports longer transmission distances than multi-mode fiber optic cabling, and it's
also more expensive.
Single-mode cabling also has a central core that's much smaller than the standard
multi-mode fiber optic cabling core.
Single-mode fiber cabling is optimized for 1310 nanometer (nm) and 1550 nm light
sources.

References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_single_01_np6.question.fex

Question 10:
Correct
Which type of optical fiber is normally used to connect two buildings that are several
kilometers apart?
Answer
Correct Answer:
Single-mode fiber

Multi-mode fiber

Coaxial cable

Shielded twisted pair

Explanation

In this scenario, you would use single-mode fiber optic cables. Fiber optic is graded
as single-mode or multi-mode. Single-mode consists of a very thin singular core,
which produces fewer reflections. This provides greater effective bandwidth over
greater distances.
Multi-mode is less costly than single-mode fiber. Multi-mode is used to transmit over
shorter distances, as the rays tend to disperse as the transmission distance
increases.
Coaxial and shielded twisted pair are not suitable for long distances between
buildings.
References

• 3.2.2 Fiber Optic Facts

q_fiber_cables_single_02_np6.question.fex
You need to terminate a Cat6 UTP cable with an RJ45 connector. Your
organization's IT policy states that all cable connectors must be wired according to
TIA568B standards.
Drag the UTP wire on the left to the correct pin on the RJ45 connector on the right.
Pin 1

White with orange stripe

correct answer:
Pin 2

Solid orange
correct answer:
Pin 3

White with green stripe

correct answer:
Pin 4

Solid blue
correct answer:
Pin 5

White with blue stripe

correct answer:
Pin 6

Solid green
correct answer:
Pin 7

White with brown stripe

correct answer:
Pin 8

Solid brown
correct answer:
Keyboard Instructions

Explanation

The T568B wiring standard specifies the following pinout for RJ45 connectors:
• Pin 1: White with orange stripe
• Pin 2: Solid orange
• Pin 3: White with green stripe
• Pin 4: Solid blue
• Pin 5: White with blue stripe
• Pin 6: Solid green
• Pin 7: White with brown stripe
• Pin 8: Solid brown

References

• 3.3.2 Cable Construction Facts

q_twisted_pair_cons_568b_01_np6.question.fex

Question 2:
Correct
Which of the following describes the point where the service provider's responsibility
to install and maintain wiring and equipment ends and the customer's begins?
Answer

Vertical cross connect

Punch down block

IDF
Correct Answer:
Demarc

Explanation

When you contract with a local exchange carrier (LEC) for data or telephone
services, they install a physical cable and a termination jack on your premises. The
demarcation point (demarc) is the line that marks the boundary between the Telco
equipment and the private network or telephone system. Typically, the LEC is
responsible for all the equipment on one side of the demarc, and the customer is
responsible for all the equipment on the other side of the demarc.
A punch down block is a block used to connect individual copper wires together.
While the demarc might terminate in a punch down block, punchdown blocks are
used within other locations at the customer site.
An intermediate distribution frame (IDF) is a smaller wiring distribution point within a
building. IDFs are typically located on each floor directly above the main distribution
frame (MDF), although additional IDFs can be added on each floor as necessary. A
vertical cross connect connects the IDF to the MDF on a different floor.

References

• 3.3.2 Cable Construction Facts

q_twisted_pair_cons_demarc_np6.question.fex

Question 3:
Correct
You have a network that occupies all three floors of a building. The WAN service
provider has installed the line in a wiring closet on the main floor. You have a wiring
closet on the two remaining floors directly above the wiring closet on the main floor.
What would you use to connect the wiring closets together?
Answer
Correct Answer:
Vertical cross connect

Smart jack

Demarc extension

Horizontal cross connect

Explanation

A vertical cross connect joins the main distribution frame (MDF) on the main floor to
intermediate distribution frames (IDFs) on upper floors. Cabling runs vertically (up
and down) between the MDF and the IDFs.
A horizontal cross connect joins IDFs on the same floor. Cabling runs horizontally
(sideways) between the IDFs. A smart jack is a special loopback plug installed at the
demarcation point for a WAN service. Technicians at the central office can send
diagnostic commands to the smart plug to test connectivity between the central office
and the demarc.
A demarc extension extends the demarcation point from its original location to
another location within the building. The demarc extension typically consists of a
single wire bundle that attaches to the existing demarc and supplies a termination
point to a different location. You might need a demarc extension if your network
occupies an upper floor of a building. The LEC typically installs the demarc on the
MDF on the bottom floor, and you'll need to install an extension to place the demarc
on the IDF on your floor.

References

• 3.3.2 Cable Construction Facts

q_twisted_pair_cons_vertical_np6.question.fex

Question 4:
Correct
Which recommendation should you follow while using 110 blocks for connecting
Cat5 and higher data cables?
Answer

Use C-5 connectors.

Connect wires using the T568B standard.

Correct Answer:
Keep wire pairs twisted up to within one half of an inch of the connector.

Connect wires using the T568A standard.

Explanation

When you use Cat5 (or higher) wiring, preserve the twists in each wire pair to within
one half of an inch of the connecting block.
Use C-4 connectors to connect four pairs of wires. When connecting data wires on a
110 block, you typically connect wires in the following order:
•
White wire with a blue stripe followed by the solid blue wire.
•
White wire with an orange stripe followed by the solid orange wire.
•
White wire with a green stripe followed by the solid green wire.
•
White wire with a brown stripe followed by the solid brown wire.
T568A and T568B are used to connect wires within an RJ45 connector when making
drop cables.

References

•
3.3.5 Wiring Distribution Facts
q_wire_distribution_110_01_np6.question.fex

Question 5:
Correct
Which of the following uses metal clips placed over plastic slots to connect individual
copper wires?
Answer

Horizontal cross connect

66 block
Correct Answer:
Patch panel

Explanation

A patch panel is a device that typically connects individual stranded wires into female
RJ45 connectors. For example, you might connect four pairs of wires from a punch
down block to a port on the patch panel. On the patch panel, you then connect drop
cables (cables with RJ45 connectors) to the patch panel on one end and a computer
on the other end.
Use 66 and 110 blocks to connect individual wires within a wiring closet. These
punch down blocks connect the individual wires together, but they do not terminate
in RJ45 connectors.
A horizontal cross connect connects IDFs on the same floor.

References

• 3.3.5 Wiring Distribution Facts

q_wire_distribution_patch_np6.question.fex

Question 9:
Correct
Which tool should you use to extend network services beyond the demarc?
Answer

Patch panel

Crimper

Tone generator
Correct Answer:
Punch down tool

Explanation

A demarc is the location where the local network ends and the telephone company's
network begins. This location is usually at a punchdown block in a wiring closet. You
use a punch down tool to attach wires to the punchdown block.
A tone generator sends a signal on the wire.
A crimping tool is used to attach connectors to wires.
Patch panels permit circuits to be arranged and rearranged by plugging and
unplugging respective patch cords on a mounted hardware assembly.
References

• 3.3.5 Wiring Distribution Facts

q_wire_distribution_punch_down_01_np6.question.fex

Question 10:
Correct
You are making Ethernet drop cables using Cat5e cables and RJ45 connectors. You
need to remove the plastic coating over the cable to expose the individual wires.
Which tool should you use?
Answer

Crimping tool

Snips

Punch down tool

Correct Answer:
Cable stripper

Explanation

Use a cable stripper to remove a cable's plastic jacket or sheath. When you make
drop cables or use punch down blocks, do not remove the plastic covering for
individual wires.
Use snips to cut cables. Use a punchdown tool to push wires into 66 or 110 blocks
and cut the wires at the same time.
A crimping tool is designed for RJ45 connectors to attach connectors to UTP cables.

References

Ultra Physical Contact polish

Correct Answer:
Angled Physical Contact polish

Flat Physical Contact polish

Explanation

A slight slant to the fiber ferrule indicates an Angled Physical Contact (APC) polish.
Using a non-angled connector will cause excessive insertion loss.
A Physical Contact (PC) polish is polished with a slight curvature.
An Ultra Physical Contact (UPC) polish uses a higher grade polish and is slightly
more curved than a PC polish.
A Flat Physical Contact connector has little to no curvature and suffers from the most
insertion loss.

References

• 3.4.4 Fiber Optic Wiring Troubleshooting Facts

q_trouble_fiber_apc_01_np6.question.fex

Question 5:
Correct
You're building a new network for a small financial services startup company.
Security is paramount, so each organization within the company will have its own
network segment separated by a router. However, funds are limited, and you've
been asked to keep costs to a minimum.
You've acquired a used fiber optic switch, and you want to use it to create a fiber
optic backbone that interconnects all of the routers. You've purchased several used
single-mode GBIC modules on eBay that you'll install on each router to allow them to
connect to the switch.
Both the switch and the GBIC modules use MTRJ connectors. You connect each
module to the switch with 1-meter multimode patch cables.
Will this implementation work?
Answer

Yes. All of the requirements for implementing a fiber optic network have been met.

No. You should purchase fiber optic equipment that use FC connectors.

No. You shouldn't use standard fiber optic switches to create a backbone network for
routers.
Correct Answer:
No. You shouldn't use multi-mode patch cables with single-mode GBIC modules.

Explanation

Some GBIC/SFP modules use multi-mode fiber, while others use single-mode. You
must use the correct type of fiber optic cable and connector required by the specific
adapter. You can't mix and match different types of cable. In this scenario,
connecting a single-mode GBIC to multi-mode fiber will introduce a catastrophic
signal loss of up to 99%.

References

• 3.4.4 Fiber Optic Wiring Troubleshooting Facts

q_trouble_fiber_mix_np6.question.fex

Question 6:
Correct
You're building a new network for a small financial services startup company.
Security is paramount, so each organization within the company will have their own
network segments separated by routers. Funds are limited, and you've been asked
to keep costs to a minimum.
You've acquired a used fiber optic switch, and you want to use it to create a fiber
optic backbone that interconnects all of the routers. You've purchased several used
multi-mode GBIC modules on eBay that you'll install on each router to allow them to
connect to the switch.
Both the switch and the GBIC modules use MTRJ connectors. You've purchased
several used 1-meter, multi-mode patch cables from Amazon. But when they arrived,
you noticed that they use LC connectors. Fortunately, with some force, you found
that you're able to get the LC connectors on the cables to lock into the MTRJ
connectors on the GBIC modules and on the switch.
Will this implementation work?
Answer

No. You should use single-mode patch cables to connect a GBIC module to a
switch.
Correct Answer:
No. You should purchase patch cables that use MTRJ connectors.

Demarc extension
Correct Answer:
Smartjack

Horizontal cross connect

Explanation

A smartjack is a special loopback plug installed at a WAN service's demarcation

point. Technicians at the central office can send diagnostic commands to the plug to
test connectivity between the central office and the demarc.
The demarcation point (demarc) is the line that marks the boundary between telco
equipment and the private network or telephone system.
A demarc extension extends the demarcation point from its original location to
another location within the building.
A horizontal cross connect connects wiring closets on the same floor.

References

• 3.4.6 Troubleshooting Tools Facts

q_trouble_tools_smartjack_np6.question.fex

Question 10:
Correct
You've connected a cable certifier to an RJ45 wall jack, and the output shown below
is displayed on the device. What does this output indicate? (Select two.)
Answer

There are multiple shorts on this cable.

Correct Answer:
The cable is functioning correctly.

This is a straight-through cable.

Correct Answer:
This is a crossover cable.

There are multiple open pins on this cable.

Explanation

In this display, the cable being tested is a correctly wired crossover cable.
Output with (x) characters between pins indicates that they're shorted.
Straight-through connections are displayed using (-) characters in the cable certifier's
output.
Open connections are displayed with no characters or lines between pin numbers.

References

• 3.4.6 Troubleshooting Tools Facts

q_trouble_tools_tester_01_np6.question.fex

A host wants to send a message to another host that has an IP address of

115.99.80.157, but it does not know the destination device's hardware address.
Which protocol can be used to discover the MAC address?
Answer
IGMP
Correct Answer:
ARP

ICMP

DNS

Explanation

Hosts use Address Resolution Protocol (ARP) to discover a host's hardware

address.
DNS is used to map hostnames to IP addresses.
ICMP notifies routers of problems on the network and undeliverable packets.
IGMP establishes multicast group memberships, which allows a computer to send a
single network packet to multiple hosts on a network at the same time.

References

•
2.3.3 Address Resolution Protocol (ARP)
•
2.3.5 Network Communication Process Facts
•
3.5.2 Network Adapter Facts
q_network_adapter_arp_np6.question.fex

Question 2:
Correct
You have a server that has a 100BaseFX network interface card you need to
connect to a switch. The switch only has 100BaseTX switch ports.
Which device should you use?
Answer

Hub

Repeater
Correct Answer:
Media converter

Bridge

Explanation

Use a media converter to convert from one media type to another within the same
architecture.
Use a bridge to connect two devices that use different network architectures. For
example, you can use a bridge to connect a wired network to wireless clients.
A hub or repeater connects devices using the same media type.

References

• 3.5.2 Network Adapter Facts

q_network_adapter_converter_01_np6.question.fex

Question 3:
Correct
At which OSI model layer does a media converter operate?
Answer
Correct Answer:
Layer 1

Layer 2

Layer 3

Layer 4

Explanation

A media converter operates at Layer 1 of the OSI model, which is the Physical layer.
The media converter translates frames into bits and transmits them on the
transmission medium.
At Layer 2, the MAC address is added to make the data into a frame.
At Layer 3, the IP address is added to the packet.
At Layer 4, the port and socket number are assigned.

References

• 3.5.2 Network Adapter Facts

q_network_adapter_converter_02_np6.question.fex

Question 4:
Correct
Which of the following is a valid MAC address?
Answer
Correct Answer:
AB.07.CF.62.16.BD

95ABC2F4.ABC5.569D.43BF
FABC.875E.9BG6

145.65.254.10

Explanation

MAC addresses are comprised of 12 hexadecimal digits (ranging from 0-9 and A-F).
They're typically represented as three sets of four hexadecimal digits or six sets of
two hexadecimal digits, separated with periods. Regardless of the grouping and
separator values, you look for 12 hex digits to determine whether a MAC address is
valid.

References

• 3.5.2 Network Adapter Facts

q_network_adapter_mac_01_np6.question.fex

Question 5:
Correct
Which of the following is a valid MAC address?
Answer
Correct Answer:
C0-34-FF-15-01-8E

83-5A-5B-0B-31-55-F1

34-9A-86-1G-B3-24

73-99-12-61-15

Explanation

A MAC address is a unique identifier hard coded onto every network adapter card. A
valid MAC address has a total of 12 hexadecimal numbers. Hexadecimal numbers
contain the numbers 0 to 9 and the letters A to F. Valid values for each octet in a
MAC address range anywhere from 00 to FF.
Note that one of the answers would be a valid MAC address except it uses a G
value, which is beyond the hexadecimal range.

References

• 3.5.2 Network Adapter Facts

q_network_adapter_mac_02_np6.question.fex

Question 6:
Correct
Which of the following are true about a MAC address? (Select two.)
Answer
Correct Answer:
It is typically represented by hexadecimal numbers.

It is a 32-bit address.
Correct Answer:
It is a 48-bit address.

It is a 64-bit address.

It is typically represented by octets of decimal numbers between 0-255.

Explanation

A MAC address identifies a network adapter's physical address. It's a 12-digit (48-bit)
hexadecimal number with each number ranging from 0-9 or A-F. The address is
often written as 00-B0-D0-06-BC-AC or 00B0.D006.BCAC. However, dashes,
periods, and colons can be used to divide it as well.
An IPv4 address is 32 bits and uses octets of decimal numbers between 0-255.
An IPv6 address is a 64-bit address that uses 32 hexadecimal numbers.

References

• 3.5.2 Network Adapter Facts

q_network_adapter_mac_03_np6.question.fex

Question 7:
Correct
Which of the following statements accurately describe how a modem works? (Select
two.)
Answer

It communicates over a telephone network using digital signals.

It modulates digital data from a telephone network into analog data that a PC can
use.
Correct Answer:
It modulates digital data from a PC into analog data and transmits it on a telephone
network.
Correct Answer:
It demodulates analog data from a telephone network into digital PC data.
It demodulates analog PC data into digital data that can be transmitted through a
telephone network.

Explanation

Modem is shorthand for modulator/demodulator. A modem's job is to convert (or

modulate) digital data from a PC into analog telephone signals and transmit them
through a telephone network. Modems also receive analog data from the telephone
network and convert (or demodulate) it into digital PC data.

References

•
3.5.2 Network Adapter Facts
q_network_adapter_modem_np6.question.fex

Question 8:
Correct
Which network component connects a device to transmission media and allows the
device to send and receive messages?
Answer

Client
Correct Answer:
Network interface card

Protocol

Server

Explanation

A network interface card (NIC) allows a device to send and receive messages over a
transmission media.
A client doesn't provide network services but instead consumes network services.
Server operating systems are designed to do one thing, and that's to provide network
resources.
Protocols are rules or standards that describe how hosts communicate and
exchange data.

References

•
3.5.2 Network Adapter Facts
q_network_adapter_nic_np6.question.fex

Question 9:
Correct
You want a switch to have the ability to modify the media type the switch port
supports. Which type of module might you use to make this possible? (Select two.)
Answer
Correct Answer:
GBIC

ARP
Correct Answer:
SFP

CRC

MAC

Explanation

Older network adapters used an external transceiver that matched the media type.
While nearly all current network adapters come with a built-in transceiver type, new
devices, such as switches and routers, use transceiver modules that allow you to
modify a port's media type by changing the transceiver. There are several types of
transceiver modules.
• A GBIC (gigabit interface converter) is a large transceiver that fits in a port
slot. GBICs are used for Gigabit media, including copper and fiber optic.
• An SFP (small form-factor pluggable) is similar to a GBIC but is smaller in
size. An SFP is sometimes called a mini-GBIC.
• An XFP transceiver is similar in size to an SFP, but it's used for 10-gigabit
networking.
• QSFP (a quad, or 4-channel, small form-factor pluggable) is a compact
hot-pluggable transceiver that's also used for data communication
applications.
A Media Access Control (MAC) address is a unique identifier burned into the ROM of
every Ethernet NIC.
A host uses ARP to discover a device's MAC address from its IP address.
Cyclic redundancy check (CRC) is used to detect frames that have been corrupted
during transmission.

References

• 3.5.2 Network Adapter Facts

q_network_adapter_transceiver_02_np6.question.fex

Question 10:
Correct
Which device sends signals from a computer onto a network?
Answer

Cable

Router
Correct Answer:
Transceiver

Gateway

Explanation

A transceiver (short for transmitter/receiver) sends signals to and receives signals

from a network. It translates a computer's parallel data stream to the network's serial
data stream, and vice versa. Most transceivers are now built into network interface
cards (NICs).
A cable transfers the data signals on a network.
A router uses its routing table to determine the best route for packets to be sent.
A gateway converts data from one protocol or format to another on the network.

References

•
3.5.2 Network Adapter Facts
q_network_adapter_transceiver_np6.question.fex
Which of the following hardware devices regenerate a signal out of all connected
ports without examining the frame or packet contents? (Select two.)
Answer
Correct Answer:
Hub

Router
Correct Answer:
Repeater

Switch

Bridge

Explanation

A hub and a repeater send received signals out of all other ports. These devices do
not examine the frame or packet contents.
Switches and bridges use the MAC address in a frame for forwarding decisions.
A router uses the IP address in a packet for forwarding decisions.

References

• 3.6.2 Network Device Facts

q_network_devices_hub_01_np6.question.fex

Question 2:
Correct
How do switches and bridges learn where devices are located on a network?
Answer
Correct Answer:
When a frame enters a port, the source MAC address is copied from the frame
header.

When a frame enters a port, the source IP address is copied from the frame header.

When a frame enters a port, the destination IP address is copied from the frame
header.

When a frame enters a port, the destination MAC address is copied from frame
header.

Explanation
Bridges and switches learn addresses by copying the MAC address of the source
device and placing it into the MAC address table. The port number that the frame
entered is also recorded in the table and associated with the source MAC address.
The switch or the bridge cannot record the destination MAC address because it does
not know the port that is used to reach the destination device.

References

• 3.6.2 Network Device Facts

q_network_devices_mac_np6.question.fex

Question 3:
Correct
At which OSI layer does a router operate to forward network messages?
Answer

Transport
Correct Answer:
Network

Physical

Data Link

Explanation

A router uses the logical network address specified at the Network layer to forward
messages to the appropriate LAN segment.
A bridge, on the other hand, uses the MAC address and works at the Data Link
layer.

References

• 3.6.2 Network Device Facts

q_network_devices_network_np6.question.fex

Question 4:
Correct
At which layer of the OSI model do hubs operate?
Answer

Internet
Correct Answer:
Physical
Layer 3

Data Link

Explanation

Hubs operate at Layer 1, or the Physical layer of the OSI model.

References

• 3.6.2 Network Device Facts

q_network_devices_physical_np6.question.fex

Question 5:
Correct
Which of the following BEST describes how a switch functions?
Answer

It connects multiple segments of different architectures. It translates frames and

broadcasts them to all of its ports.
Correct Answer:
It connects multiple cable segments (or devices) and forwards frames to the
appropriate segment.

It connects multiple segments of different architectures. It translates frames and

forwards them to the appropriate segment.

It connects multiple cable segments (or devices) and broadcasts frames to all of its
ports.

Explanation

Switches have multiple ports and can connect multiple segments or devices. The
switch forwards frames to the appropriate port. They function similarly to a hub,
except instead of sending packets to all ports, switches send packets only to the
destination computer's port.
A bridge is a device that connects two (or more) media segments on the same
subnet. It filters traffic between both segments based on the MAC address in the
frame.

References

• 3.6.2 Network Device Facts

q_network_devices_switch_01_np6.question.fex
Question 6:
Correct
You are the network administrator for a small organization. Recently, you contracted
with an ISP to connect your organization's network to the internet. Since doing so, it
has come to your attention that an intruder has invaded your network from the
internet on three separate occasions.
Which type of network hardware should you implement to prevent this from
happening again?
Answer
Correct Answer:
Firewall

Switch

Router

Hub

Explanation

A firewall's role is to provide a barrier between an organization's network and a

public network, such as the internet. The firewall's job is to prevent unauthorized
access to the organization's private network. To do this, the firewall examines
incoming packets and determines whether they should be allowed to enter based on
a set of rules defined by the network administrator.
Routers offer some packet-based access control, but it is not as extensive as what a
full-fledged firewall provides.
Hubs are not sufficient for managing the interface between a trusted and an
untrusted network.
Switches use the MAC address in a frame for forwarding decisions.

References

•3.6.6 Internetwork Device Facts

q_internetwork_devices_firewall_01_np6.question.fex

Question 7:
Correct
Which of the following hardware devices links multiple networks and directs traffic
between networks?
Answer

Repeater
Bridge

Hub
Correct Answer:
Router

Explanation

A router is a device that links multiple networks and directs traffic between networks.
Each network linked by routers has its own unique identifier called the network
number or network address.
A hub and a repeater send received signals out all other ports. These devices do not
examine the frame or the packet contents.
Bridges learn addresses by copying the MAC address of the source device and
placing it into the MAC address table.

References

•3.6.6 Internetwork Device Facts

q_internetwork_devices_router_np6.question.fex

Question 8:
Correct
Which of the following creates a visual representation of physical components along
with a clearly defined set of principles and procedures?
Answer

Rack diagram
Correct Answer:
Floor plan

Wiring diagram

Logical network diagram

Explanation

A floor plan creates a visual representation of physical components along with a

clearly defined set of principles and procedures.
A logical network diagram isn't so much about the physical layout of devices, but
more of how traffic flows across the network.
A rack diagram, or rack elevation, is a map of the IT equipment layout within a server
rack.
A wiring diagram is a map of the physical connections and physical layout of the
electrical and circuit systems in a building.

References

• 3.6.9 Data Center Device Installation Facts

q_data_center_install_floor_plan_np6.question.fex

Question 9:
Correct
Rack heights vary from a few rack units to many rack units. The most common rack
heights are 24U and 42U. How tall is a 24U rack?
Answer

48 inches
Correct Answer:
42 inches

36 inches

30 inches

Explanation

A 24U rack is 42 inches tall. A single rack unit (1U) is 1.75 inches tall and represents
one slot in the rack. Rack heights vary from a few rack units to many rack units. The
most common rack heights are 24U and 42U.

References

• 3.6.9 Data Center Device Installation Facts

q_data_center_install_rack_unit_02_np6.question.fex

Question 10:
Correct
A rack's height is measured in rack units (Us). How tall is a single rack unit?
Answer
Correct Answer:
1.75 inches tall

1.25 inches tall

1.5 inches tall

2 inches tall

Explanation

A single rack unit (1U) is 1.75 inches tall and represents one slot in the rack.

References

SubnetA = 61, SubnetB = 0, SubnetC = 5

SubnetA = 126, SubnetB = 2, SubnetC = 14

SubnetA = 253, SubnetB = 4, SubnetC = 29

SubnetA = 254, SubnetB = 6, SubnetC = 30

Explanation

The scenario asks you how many addresses remain that can be assigned to hosts.
In this scenario, remember to remove the following addresses from each range:
• The subnet address
• The broadcast address
• Addresses assigned to the router interfaces (For SubnetA and SubnetC,
one address is assigned. For SubnetB, two addresses have been
assigned.)
The following mask values provide for the following number of hosts:
• A mask of /25 provides 126 host addresses, with one of those being used
by the router.
• A mask of /30 provides for two host addresses, with both addresses being
used by routers.
• A mask of /28 provides for 14 host addresses, with one of those being
used by the router.

References

• 4.1.7 Subnet Facts

q_subnets_hosts_02_np6.question.fex

Question 6:
Correct
Your network has a network address of 172.17.0.0 with a subnet mask of
255.255.255.0.
Which of the following are true concerning this network? (Select two.)
Answer

172.17.0.1 is reserved for the default gateway.

256 IP addresses can be assigned to host devices.

Correct Answer:
254 IP addresses can be assigned to host devices.

172.17.255.255 is the network broadcast address.

Correct Answer:
172.17.0.255 is the network broadcast address.

Explanation

You can subnet a Class B address to provide additional subnet addresses. (Notice
how, by using a custom subnet mask, the Class B address looks like a Class C
address.)
• Network address: 172.17.0.0
• Subnet mask: 255.255.255.0
• Number of subnets: 256
• Number of hosts per subnet: 254
• Subnet addresses: 172.17.1.0, 172.17.2.0, 172.17.3.0, and so on
• Host address ranges: 172.17.1.1 to 172.17.1.254, 172.17.2.1 to
172.17.2.254, 172.17.3.1 to 172.17.3.254, and so on

References

• 4.1.7 Subnet Facts

q_subnets_mask_02_np6.question.fex

q_ip_assignments_iana_np6.question.fex

Question 10:
Correct
Which of the following devices is MOST LIKELY to be assigned a public IP address?
Answer

A database server that's used by your company's website for storing customer
information.
Correct Answer:
A router that connects your home network to the internet.

A workstation on your company network that has internet access.

A router on your company network that segments your LAN into two subnets.

Explanation
To connect a private network, home, or business to the internet, you must have a
router with a public IP address. The public address allows hosts on the internet to
send packets to the router.
When you connect a private network to the internet, only the router interface
connected to the internet needs a public address. You can then use Network
Address Translation (NAT) and assign private addresses to hosts on your private
network (including all the routers on the private network). The NAT router translates
your private addresses into public addresses.
You can even use NAT to place publicly available hosts, such as web servers, on a
private network (although these servers are often placed on a special subnet that's
connected to the internet and assigned public addresses). With port address
translation, incoming messages sent to the publicly available servers are relayed to
the private network. Servers that hold confidential data, such as database servers,
are normally placed on a private network. Generally, they can only be contacted
directly by the necessary devices (such as a web server).

References

• 4.1.9 IP Address Assignment Facts

q_ip_assignments_public_02_np6.question.fex
Which network address and subnet mask does APIPA use? (Select two.)
Answer

169.255.0.0
Correct Answer:
169.254.0.0

255.255.255.0
Correct Answer:
255.255.0.0

255.0.0.0

169.0.250.0

Explanation

Automatic Private IP Addressing (APIPA) uses a network address of 169.254.0.0

with a default Class B subnet mask of 255.255.0.0.
Host addresses are within the range of 169.254.0.1 and 169.254.255.254.

References

• 4.2.3 APIPA and Alternate IP Addressing Facts

q_conf_alt_address_apipa_01_np6.question.fex

Question 2:
Correct
Which of the following IP address ranges is reserved for Automatic Private IP
Addressing (APIPA)?
Answer

192.168.0.0 - 192.168.255.254

169.192.0.0 - 169.192.254.255
Correct Answer:
169.254.0.1 - 169.254.255.254

169.168.0.1 - 169.168.255.255

Explanation
The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.1 through
169.254.255.254 for Automatic Private IP Addressing (APIPA).
APIPA also sets the subnet mask on the network to 255.255.0.0.

References

• 4.2.3 APIPA and Alternate IP Addressing Facts

q_conf_alt_address_apipa_02_np6.question.fex

Question 3:
Correct
CorpServ is a small company with 14 client systems and a network printer. Because
there are only a limited number of network systems, you decide to use APIPA
addressing. With APIPA configured, all the systems are able to communicate with
each other, but you're having trouble configuring internet access.
What is the MOST LIKELY cause of the problem?
Answer

The DNS server is unavailable to resolve internet host names.

All client systems must be rebooted.

The default gateway is not set on the client systems.

Correct Answer:
Private addresses cannot directly communicate with hosts outside the local subnet.

Explanation

• 4.2.3 APIPA and Alternate IP Addressing Facts

q_conf_alt_address_arp_np6.question.fex

Question 7:
Correct
You are the network administrator for a small consulting firm. The office network
consists of 30 computers, one server, two network printers, and a switch. Due to
security concerns, there is no wireless network available in the office.
One of your users, Bob, travels to client sites and is generally not in the office. When
Bob goes to client sites, he typically just connects to their wireless networks. When
he's in the office, Bob connects his laptop to the network with an Ethernet cable.
You need to make sure that Bob's laptop is setup so that when he plugs the Ethernet
cable into his laptop, no further configuration is needed. Which of the following would
be the BEST option to achieve this?
Answer

Set up a wireless network in the office.

Set up a separate computer for Bob to use when he's in the office
Correct Answer:
Configure an alternate IP configuration.

Set up a separate DHCP server.

Explanation

In this scenario, you would want to configure an alternate IP configuration for the
office network. An alternate IP configuration is a method you can use to assign a
static IP address that can be used when there's no access to a DHCP server.
You wouldn't want to set up and configure a wireless network or DHCP server in this
scenario. That would require too many resources and is not necessary.
Setting up a separate computer wouldn't be feasible since this would require too
many resources and could lead to other issues for the user.

References

• 4.2.3 APIPA and Alternate IP Addressing Facts

q_conf_alt_address_atlernate_np6.question.fex

Question 8:
Correct
You are the network administrator for a large hospital. One of your users, Suzie,
calls you stating that she is unable to access any network resources. After some
initial troubleshooting, you realize that her computer is using the IP address
169.254.0.52.
You've performed the following troubleshooting steps so far:
• Verified physical network connection
• Attempted to renew the IP address
• Discovered other devices are experiencing the same issue
Which of the following is the MOST likely cause for Suzie's issue?
Answer
Correct Answer:
The DHCP server is misconfigured or down.
The computer is assigned a static IP address.

The gateway router is down.

The DNS server is misconfigured or down.

Explanation

In this scenario, the most likely cause is that the DHCP server is down or
misconfigured. The fact that other computers are experiencing the same issue
shows that this is a network-wide issue. This would indicate an issue with the DHCP
server.
The DNS server or gateway router would have no bearing on this issue.
The computer has most likely not been assigned a static IP address. While this could
be an issue, the fact that all the other devices are experiencing the same problem
indicates that this is not the problem.

References

• 4.2.3 APIPA and Alternate IP Addressing Facts

q_conf_alt_address_dhcp_01_np6.question.fex

Question 9:
Correct
You are the network administrator for a small consulting firm. Users are complaining
that they are unable to reach network resources. After some troubleshooting, you've
confirmed that the DHCP server is down.
Your network devices should be receiving an APIPA address so that they can at
least communicate on the internal network, but many devices are not receiving this
address.
Which of the following is the MOST likely reason the devices are not receiving their
APIPA addresses?
Answer

Alternate IP addresses need to be configured.

APIPA is not enabled.

The DNS lease has not expired.

Correct Answer:
The DHCP lease has not expired.

Explanation
In this scenario, the most likely reason that some devices are not receiving an APIPA
address is because their DHCP lease is still active. Many devices retain their DHCP
assigned address until their current lease expires.
DNS would not be applicable to this scenario.
APIPA does not need to be enabled.
An alternate IP address does not need to be configured for APIPA.

References

• 4.2.3 APIPA and Alternate IP Addressing Facts

q_conf_alt_address_dhcp_02_np6.question.fex

Question 10:
Correct
You are the network administrator for a large hospital. One of your users, Suzie,
calls you stating that she is unable to access any network resources. After some
initial troubleshooting, you realize that her computer is using the IP address
169.254.0.52.
You've confirmed that the network's physical connection is connected properly.
Which of the following should you do next?
Answer

Ping the gateway.

Reboot the DHCP server.

Reboot the DNS server.

Correct Answer:
Renew the IP address.

Explanation

In this scenario, the first step would be to attempt to renew the IP address. If the
device is unable to pull a new IP address on the subnet, that might indicate an issue
with the DHCP server itself or the DHCP configuration.
Rebooting the DHCP server is not an appropriate next step in this scenario. This
would take down the entire network. You need to perform more troubleshooting
before getting to this step.
Rebooting the DNS server would not be appropriate in this scenario as DNS has
nothing to do with APIPA addressing.
Pinging the gateway would not be appropriate in this scenario. As this is a large
network, the gateway device is most likely not responsible for handing out IP
addresses.

References
• 4.2.3 APIPA and Alternate IP Addressing Facts
q_conf_alt_address_renew_np6.question.fex
Which of the following statements about Dynamic Host Configuration Protocol
(DHCP) are true? (Select two.)
Answer

IP addresses cannot be excluded from a range of delivered addresses.

It is only used to deliver IP addresses to hosts.

Correct Answer:
A DHCP server assigns addresses to requesting hosts.

It cannot be configured to assign the same IP address to the same host each time it
boots.
Correct Answer:
It can deliver other configuration information in addition to IP addresses.

Explanation

DHCP servers deliver IP addresses as well as other host configuration information to

network hosts.
DHCP can be configured to assign any available address to a host, or it can assign
or exclude a specific address on a specific host.

References

• 4.3.2 DHCP Facts

q_dhcp_assign_np6.question.fex

Question 2:
Correct
You have a TCP/IP network with 50 hosts. There have been inconsistent
communication problems between these hosts. You run a protocol analyzer and
discover that two of them have the same IP address assigned.
Which protocol can you implement on your network to help prevent problems such
as this?
Answer

SNMP

IGMP
Correct Answer:
DHCP
TCP

Explanation

You can use Dynamic Host Configuration Protocol (DHCP) to set up a DHCP server
that will assign IP addresses automatically to network hosts. DHCP servers do not
assign the same IP address to two different hosts.
TCP provides services that ensure accurate and timely delivery of network
communications between hosts.
SNMP (Simple Network Management Protocol) lets network hosts exchange
configuration and status information.
IGMP (Internet Group Management Protocol) defines host groups.

References

• 4.3.2 DHCP Facts

q_dhcp_config_01_np6.question.fex

Question 3:
Correct
Due to wide network expansion, you've decided to upgrade your network by
configuring a DHCP server. The network uses Linux, Windows, and Mac OS X client
systems.
You configure the server to distribute IP addresses from 192.168.2.1 to
192.168.2.100. You use the subnet mask of 255.255.255.0.
After you make all the setting changes on the DHCP server, you reboot each client
system, but they are not able to obtain an IP address from the DHCP server.
Which of the following explains the failure?
Answer

You must reboot the DHCP server.

192.168.x.x requires a Class C subnet mask.

Correct Answer:
You must configure the clients to obtain IP addressing from a DHCP server.

DHCP does not function in a heterogeneous computing environment.

Explanation

Once a DHCP server has been configured for the network, each client system has to
be told to look for the server to obtain its IP addressing. Selecting DHCP to obtain IP
addressing information is typically as easy as selecting a radio button. If the client is
not set to DHCP, it will look for a statically assigned IP address.
The DHCP service is supported by all major operating systems today.
Using DHCP among different client systems would not be a problem.
Rebooting the DHCP server would not be helpful if the client systems aren't
configured to use the DHCP service.

References

• 4.3.2 DHCP Facts

q_dhcp_config_02_np6.question.fex

Question 4:
Correct
Which of the following strategies do we use to prevent duplicate IP addresses from
being used on a network? (Select two.)
Answer

Configure a HOSTS file for local IP resolution.

Correct Answer:
Install a DHCP server on the network.

Configure client systems to use static IP assignment.

Set the Windows Network Monitoring utility to identify potential IP conflicts.

Correct Answer:
Use Automatic Private IP Addressing (APIPA).

Explanation

To avoid duplicate IP addresses being used by network systems, we utilize

automatic IP assignment. Both the DHCP service and APIPA can automatically
assign addresses to client systems.
Clients configured to use static IP addressing may inadvertently have duplicate IP
addresses assigned to them. In such a case, one of the systems will not be able to
log onto the network.

References

• 4.3.2 DHCP Facts

q_dhcp_dynamic_np6.question.fex

Question 5:
Correct
You are creating a DHCP scope for a new network segment for the Development
department. The department has several printers and servers that need to have a
static IP address assigned to them that will not be changed by the DHCP server.
Which of the following DHCP scope setting do you need to configure to avoid DHCP
assigned IP addresses to these devices?
Answer
Correct Answer:
Exclusions

Subnet mask

IP range

Reservations

Explanation

You would configure Exclusions. Exclusions are IP addresses that the DHCP server
will not assign, and are typically used for devices such as servers, printers, routers,
or other network devices that must have a static IP address.
The IP range defines the range of IP addresses that the DHCP server can assign.
When a new device connects to the network, the DHCP server assigns the next
available address.
The subnet mask defines the network ID and host ID. The subnet mask must be
defined.
Reservations are static IP addresses that are not dynamically assigned by the DHCP
server.

References

• 4.3.2 DHCP Facts

q_dhcp_helper_np6.question.fex

Question 6:
Correct
After you install a new DHCP server on your network, you need to verify that the
network devices are receiving IP addressing via DHCP. You reboot a Windows 10
client system and, using the ipconfig /all command, receive the following
information:
Ethernet adapter Local Area Connection 1:
Description . . . . . . . . . . . : Intel(R) Ethernet Connection
Physical Address. . . . . . . . . : 02-00-4C-4F-3F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IPv4 Address. . : 169.254.25.129
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :

Which of the following statements are true? (Select two).

Answer
Correct Answer:
The client system is configured to use DHCP.

DHCP is disabled on the client system.

Correct Answer:
The client system is unable to reach the DHCP server.

The network subnet mask is incorrect.

The default gateway address needs to point to the DHCP server.

The network is configured to use static IP addressing.

Explanation

A system configured as a DHCP client will attempt to locate a DHCP server during
the boot process. If the client system is unable to locate the DHCP server and obtain
IP information, an APIPA address is used. The client also configures itself with a
Class B subnet mask of 255.255.0.0.
The output from the ipconfig command shows that the client system has been
configured to receive IP information from a DHCP server. As such, the client system
attempted to locate the DHCP server. When it couldn't, it received the APIPA
address of 169.254.25.129 and a subnet mask of 255.255.0.0. The default gateway
does not have to be present to access a DHCP server.

References

• 4.3.2 DHCP Facts

q_dhcp_ipconfig_np6.question.fex

Question 7:
Correct
You've configured your organization's DHCP server to dynamically assign IP
addresses and changed the default lease time from eight to four days.
What impact, if any, will this have on the network?
Answer

No impact

Router performance will improve

Network bandwidth will increase

Decreased network traffic

Correct Answer:
Increased network traffic

Explanation

Decreasing lease time does slightly increase network traffic because clients have to
continually renew their IP addresses. But decreasing the lease time also makes it so
that you use your addresses more efficiently.
There is no correlation to bandwidth increase or router performance increase.

References

•4.3.2 DHCP Facts

q_dhcp_lease_np6.question.fex

Question 8:
Correct
When a device renews its DHCP lease, which two steps in the DHCP process are
skipped?
Answer
Correct Answer:
Discover
Correct Answer:
Offer

Request

ACK

Renew

Explanation

When a new device connects to a network, it goes through a four-step process to

obtain the IP configuration from the DHCP server. The four steps in the process are:
Discover, Offer, Request, and Acknowledge. The DHCP renewal process occurs
when there is 50 percent remaining on the device's lease time. This process skips
the DHCP Discover and DHCP Offer steps. The client sends the DHCP request
packet to the server, which responds with the DHCP Ack packet and renews the IP
configuration.

References

• 4.3.2 DHCP Facts

q_dhcp_process_np6.question.fex
Question 9:
Correct
Which of the following DHCP scope options assigns a static IP configuration to a
device using that device's MAC address?
Answer

Exclusion
Correct Answer:
Reservation

Default gateway

IP range

Explanation

Reservations are static IP addresses that are not dynamically assigned by the DHCP
server. Reservations are assigned by the DHCP server using the device's MAC
address. Whenever the device with the specified MAC address connects to the
network, the DHCP server assigns it the reserved static IP configuration.
Exclusions are IP addresses that the DHCP server does not assign.
The IP range defines the range of IP addresses that the DHCP server can assign.
The default gateway defines where data packets that are leaving the network should
go.

References

• 4.3.2 DHCP Facts

q_dhcp_reservation_np6.question.fex

Question 10:
Correct
You have a network with 50 workstations. You want to automatically configure the
workstations with the IP address, subnet mask, and default gateway values.
Which device should you use?
Answer
Correct Answer:
DHCP server

Router

DNS server
Gateway

Explanation

Use a DHCP server to deliver configuration information to hosts automatically. Using

DHCP is easier than configuring each host manually.
Use a gateway to provide access to a different network or a network that uses a
different protocol.
Use a router to connect multiple subnets.
Use a DNS server to provide name resolution (for example, to get the IP address
associated with a logical hostname).

References

• 4.3.2 DHCP Facts

q_dhcp_server_np6.question.fex

You need to configure a Cisco RFC 1542-compliant router to forward any received
DHCP frames to the appropriate subnet. The remote DHCP server's address is
172.16.30.1.
Which of the following commands would you use to configure the router?
Answer

ip address dhcp 172.16.30.1

Correct Answer:
ip helper-address 172.16.30.1

host 172.16.30.1

ifconfig 172.16.30.1

Explanation

To configure a Cisco router to listen for DHCP traffic and route any received DHCP
frames to the appropriate subnet, use the following command:
ip helper-address [server_address]
The ifconfig command is used on a Linux computer to display TCP/IP configuration
information.
The host command is used to query a specified host's A records.
The ip address dhcp command is used to configure a Cisco switch to obtain its IP
address from a DHCP server.

References
• 4.4.3 DHCP Relay Facts
q_dhcp_relay_1542_np6.question.fex

Question 2:
Correct
Which port is a DHCP Discover packet sent out on when a device first connects to a
network?
Answer

53
Correct Answer:
67

Explanation

When a device first connects to a network, it sends out a DHCP Discover packet.
This packet is a UDP broadcast sent out on port 67 to all devices on the network,
asking if there's a DHCP server available.
Port 68 is used by the DHCP relay agent to send out a DHCP broadcast packet to a
client.
Port 80 is used for HTTP.
Port 53 is used by DNS.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_67_np6.question.fex

Question 3:
Correct
Which port does the relay agent use when it sends DHCP information back to the
client?
Answer

67
Correct Answer:
68

80
53

Explanation

When a DHCP server receives the DHCP Discover packet from the relay agent, the
server sends back a DHCP Offer packet. The relay agent puts the DHCP information
into a DHCP broadcast packet and sends it to the client on UDP port 68 on the local
network.
When a device first connects to a network, it sends out a DHCP Discover packet.
This packet is a UDP broadcast sent out on port 67 to all the devices on the network,
asking if there's a DHCP server available.
Port 80 is used for HTTP.
Port 53 is used by DNS.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_68_np6.question.fex

Question 4:
Correct
You are configuring the DHCP relay agent role on a Windows server.
Which of the following is a required step for the configuration?
Answer

Connect an RFC 1542-compliant router to the Windows server.

Use the ip helper-address command to specify the remote DHCP server.

Correct Answer:
Specify which server network interface the agent listens on for DHCP messages.

Configure the Windows server to be on the same subnet as the DHCP server.

Explanation

When you configure the DHCP relay agent role, you need to specify which server
network interface the agent will listen on for DHCP messages.
The ip helper-address command is used to configure DHCP relay on Cisco routers,
not Windows servers.
An RFC 1542-compliant router is not necessary for DHCP relay when you use a
Windows server DHCP relay agent.
Configuring the Windows server to be on the same subnet as the DHCP server
would prevent it from being able to relay DHCP messages from a different subnet.

References
• 4.4.3 DHCP Relay Facts
q_dhcp_relay_agent_np6.question.fex

Question 5:
Correct
What is the first thing a device does when it connects to a network?
Answer

Sends a DHCP Offer packet

Correct Answer:
Sends a DHCP Discover packet

Sends a DHCP ACK packet

Sends a DHCP Request packet

Explanation

When a device first connects to a network, it sends out a DHCP Discover packet.
This packet is a UDP broadcast sent out on port 67 to all the devices on the network,
asking if there's a DHCP server available.
All the other answers occur later in the DHCP process.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_discover_np6.question.fex

Question 6:
Correct
On a typical network, what happens if a client attempts to receive DHCP
configuration from a DHCP server that's located on a different subnet?
Answer
Correct Answer:
The router drops the DHCP request.

The client will not send a DHCP request.

The request needs to be manually forwarded to the server.

The DHCP request is automatically forwarded to the server.

Explanation
When a DHCP server is on a different network, the router drops the packet because
routers do not forward broadcast packets to other networks.
DHCP requests are not automatically forwarded to another network. You need to
configure a DHCP relay agent for this.
Clients still send out DHCP requests even if they do not know where the DHCP
server is.
DHCP requests are not manually forwarded.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_dropped_np6.question.fex

Question 7:
Correct
Which of the following does the DHCP relay agent use to tell the DHCP server which
pool of addresses to use?
Answer

DHCP scope

DHCP ACK
Correct Answer:
GIADDR

Subnet mask

Explanation

The relay agent adds the Gateway IP Address (GIADDR) field to the DHCP request
that defines the gateway, or network, that the client belongs to. The GIADDR tells
the DHCP server the pool of addresses to use when assigning an IP address to the
client.
The DHCP scope is configured on the DHCP server. The scope defines the DHCP
information for the network. The DHCP scope is not used by the relay agent to tell
the DHCP server which pool of addresses to use.
The DHCP ACK is the final step in the DHCP process. The DHCP ACK is not used
by the relay agent to tell the DHCP server which pool of addresses to use.
The subnet mask is configured on the DHCP scope and defines which network the
client belongs to. The subnet mask is not used by the relay agent to tell the DHCP
server which pool of addresses to use.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_giaddr_np6.question.fex
Question 8:
Correct
Which of the following would a device use to receive NTP configuration from a NTP
server that's located on a different network?
Answer

NTP helper
Correct Answer:
IP helper

NTP relay agent

UDP relay agent

Explanation

The IP helper performs the same actions as a DHCP relay agent for other UDP-
based protocols, such as NTP. As with DHCP relay, the IP helper forwards to
servers that are located on different networks or subnets. The process that takes
place is identical when forwarding UDP packets.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_helper_np6.question.fex

Question 9:
Correct
You have a Windows Server 2016 system that you want to use as a DHCP relay
agent.
Which Windows Server 2016 service would you use to do this?
Answer
Correct Answer:
Routing and Remote Access

SMB

Internet Information Services (IIS) Manager

DNS

Explanation
On Windows Server 2016, you configure and enable the DHCP relay agent role with
the Routing and Remote Access service. Before you can use a Windows server as a
DHCP relay agent, you must install the Routing and Remote Access service (RRAS).
IIS is a commonly used web server that runs on Windows.
A DNS server resolves easy-to-use domain names, such as google.com or
amazon.com, into numerical IP addresses that computers understand.
An SMB (Server Message Block) server provides shared resources, like folders,
files, and printers, to network hosts.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_remote_np6.question.fex

Question 10:
Correct
Which of the following protocols does DHCP use when it sends out IP configuration?
Answer

TCP

SMTP

IP
Correct Answer:
UDP

Explanation

DHCP uses User Datagram Protocol (UDP) when it sends out configuration
information to clients.
Transmission Control Protocol (TCP) provides services that ensure accurate and
timely delivery of network communications between hosts. It is not used to verify if
an IP address is currently in use on the network.
Internet Protocol (IP) allows devices to communicate across different networks. It is
not used to verify if an IP address is currently in use on the network.
Simple Mail Transfer Protocol (SMTP) is used to send outgoing emails.

References

• 4.4.3 DHCP Relay Facts

q_dhcp_relay_udp_np6.question.fex
If dynamic DNS is in use, which of the following events causes a dynamic update of
the host records? (Select two.)
Answer
Correct Answer:
Renew the DHCP server's IP address lease.

Add an MX record to the DNS server.

Clear the browser cache on a workstation.

Add a CNAME record to the DNS server.

Correct Answer:
Enter the ipconfig /registerdns command on a workstation.

Explanation

Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the
zone database automatically. Dynamic updates occur when:
• A network host's IP address is added, released, or changed.
• The DHCP server changes or renews an IP address lease.
• The client's DNS information is manually changed using the ipconfig
/registerdns command.
Clearing a browser's cache has no effect on DNS records.
Because you need to manually add and create MX and CNAME records, they have
no effect on DDNS.

References

• 4.5.2 DNS Facts

q_dns_dynamic_01_np6.question.fex

Question 2:
Correct
Which of the following services automatically creates and deletes host records when
an IP address lease is created or released?
Answer
Correct Answer:
Dynamic DNS

Correct Answer:
HOSTS file

DNS server

Forward lookup zone

Explanation

The HOSTS file is a local text file on each computer that maps hostnames to IP
addresses. The HOSTS file was used previously for smaller networks, but it is too
complicated to use on networks or the internet. Even though the HOSTS file is rarely
used today, it is still the first place that a computer looks at during the name
resolution process.
A computer contacts the DNS server if it is unable to find a match in the local
HOSTS file.
The forward lookup zone matches the hostname to the IP address. This is not the
first place a computer looks at during the name resolution process.
A reverse lookup zone matches the IP address to the hostname. This is not the first
place a computer looks at during the name resolution process.

References

• 4.5.2 DNS Facts

q_dns_host_np6.question.fex

Question 6:
Correct
You want to implement a protocol on your network that allows computers to find a
host's IP address from a logical name. Which protocol should you implement?
Answer
Correct Answer:
DNS

Telnet

DHCP

ARP

Explanation

DNS is a system that's distributed throughout an internetwork to provide address and

name resolution. For example, the name www.mydomain.com is identified with a
specific IP address.
ARP (Address Resolution Protocol) is a protocol for finding a known MAC address's
IP address.
DHCP is a protocol used to assign IP addresses to hosts.
Telnet is a remote management utility.

References

• 4.5.2 DNS Facts

q_dns_implement_np6.question.fex

Question 7:
Correct
Listed below are several DNS record types. Match each record type on the left with
its function on the right.
Points a hostname to an IPv4 address

A
correct answer:
Provides alternate names to hosts that already have a host record

CNAME
correct answer:
Points an IP address to a hostname

PTR
correct answer:
Points a hostname to an IPv6 address

AAAA
correct answer:
Identifies servers that can be used to deliver mail

MX
correct answer:
Keyboard Instructions

Explanation

Records are used to store entries for hostnames, IP addresses, and other
information in the zone database. Below are some common DNS record types:
• The A record maps an IPv4 (32-bit) DNS hostname to an IP address. This
is the most common resource record type.
• The AAAA record maps an IPv6 (128-bit) DNS hostname to an IP
address.
• The PTR record maps an IP address to a hostname. In essence, it points
to an A record.
• The MX record identifies servers that can be used to deliver email.
• The CNAME record provides alternate names (or aliases) to hosts that
already have a host record. Using a single A record with multiple CNAME
records means that when the IP address changes, only the A record
needs to be modified.

References

• 4.5.2 DNS Facts

q_dns_record_types_np6.question.fex

Question 8:
Correct
What is the process of a DNS server asking other DNS servers to perform name
resolution known as?
Answer

Dynamic DNS
Correct Answer:
Recursive lookup

Forward lookup zone

Reverse lookup zone

Explanation

When a computer's hostname is used to request a website or network device,

recursion is employed to find the IP address. A recursive lookup is the process of a
DNS server asking other DNS servers to perform name resolution.
The forward lookup zone matches the hostname to the IP address.
A reverse lookup zone matches the IP address to the hostname.
Dynamic DNS (DDNS) enables clients or the DHCP server to update records in the
zone database automatically. This occurs whenever an IP address lease is created
or renewed.

References

• 4.5.2 DNS Facts

q_dns_recursive_np6.question.fex

Question 9:
Correct
You need to enable hosts on your network to find the IP address of logical names,
such as srv1.myserver.com. Which device should you use?
Answer

IPS

Bandwidth shaper

IDS
Correct Answer:
DNS server

Explanation

A DNS server provides hostname-to-IP address resolution.

A bandwidth shaper modifies the flow of traffic to keep it within predefined limits.
A load balancer accepts incoming client requests and distributes them to other
servers.
An IDS (intrusion detection system) detects security threats, while an IPS (intrusion
prevention system) can both detect and respond to security threats.

References

• 4.5.2 DNS Facts

q_dns_server_np6.question.fex

Question 10:
Correct
You are the network administrator for a consulting firm. A website that users on your
network visit has a habit of frequently changing its IP address. When these IP
mappings change, users are unable to connect until you clear the DNS cache.
Which of the following settings should you configure so that the cache does not need
to be manually cleared every time?
Answer

Forward lookup zone

Correct Answer:
Time to live

Reverse lookup zone

CNAME record

Explanation
Because IP mappings can change frequently, you should configure the DNS time to
live (TTL). When the TTL expires, the recursive server clears its cache. The next
time the site is requested, the recursive process repeats.
The forward lookup zone matches the hostname to the IP address. This is not
necessary in this scenario.
A reverse lookup zone matches the IP address to the hostname. This is not
necessary in this scenario.
The CNAME record provides alternate names (or aliases) to hosts that already have
a host record. Using a single A record with multiple CNAME records means that
when the IP address changes, only the A record needs to be modified. This is not
necessary in this scenario.

References

• 4.5.2 DNS Facts

q_dns_ttl_np6.question.fex

Which of the following ports does NTP run on?

Question 5:
Correct
Which of the following best describes NTP efficiency?
Answer

One packet per second is necessary to sync two machines to an accuracy of within a
millisecond of one another.

One packet every five minutes is necessary to sync two machines to an accuracy of
within a millisecond of one another.
Correct Answer:
One packet per minute is necessary to sync two machines to an accuracy of within a
millisecond of one another.
Four packets per minute are necessary to sync two machines to an accuracy of
within a millisecond of one another.

Explanation

NTP is very efficient. Only one packet per minute is necessary to synchronize two
machines to an accuracy of within a millisecond of one another.

References

• 4.6.4 NTP Facts

q_ntp_efficiency_np6.question.fex

Question 6:
Correct
What are the small, rapid variations in a system clock called?
Answer

Drift

Dispersion

Skew
Correct Answer:
Jitter

Explanation

Jitter refers to small, rapid variations in a system clock.

Dispersion measures how scattered the time offsets (in seconds) are from a given
time server.
Skew measures the difference (in hertz) between a clock's actual frequency and the
frequency necessary to keep a more accurate time.
Drift measures how quickly a clock's skew changes in hertz per second.

References

• 4.6.4 NTP Facts

q_ntp_jitter_np6.question.fex

Question 7:
Correct
You are the network administrator for a small consulting firm. You've set up an NTP
server to manage the time across all the machines in the network.
You have a computer that's experiencing a slight time drift of just a few seconds.
Which time correction should you use to fix the system's clock?
Answer

Skew
Correct Answer:
Slew

Slam

Jitter

Explanation

If time is off by just a few seconds, slewing is better for putting it back on track.
Slewing is a slower, methodical method of correcting the time, but the risk of
problems occurring is much less.
Slamming is used if the time is off by quite a bit and slewing will take too long. While
this is a quick and immediate fix, slamming can cause some programs to function
improperly.
Jitter refers to small, rapid variations in a system's clock.
Skew measures the difference (in hertz) between a clock's actual frequency and the
frequency necessary to keep a more accurate time.

References

• 4.6.4 NTP Facts

On Linux, Miredo client software is used to implement Teredo tunneling. Teredo

tunneling establishes a tunnel between individual hosts. Hosts must be dual-stack
hosts so that they can tunnel IPv6 packets inside of IPv4 packets. Teredo works with
NAT.
ISATAP and 6to4 tunneling both require at least one router. You only need to tunnel
between two individual computers.
4to6 tunneling is used to send IPv4 traffic through an IPv6 network by encapsulating
IPv4 packets within IPv6 packets.

References

• 4.7.3 IPv4 to IPv6 Migration

q_ipv6_mig_miredo_np6.question.fex

Question 5:
Correct
Which of the following are characteristics of Teredo tunneling? (Select three.)
Answer
Correct Answer:
Has dual-stack hosts
Correct Answer:
Can be used to send data over the internet

Has dual-stack routers

Uses an IPv6 address static association for the IPv4 address

Can't be used to send data over the internet

Is configured between routers at different sites

Unique local unicast addressing

Explanation

You should use global unicast addressing in this scenario because internet access is
required by network hosts. Global unicast addressing uses registered addresses and
is equivalent to public addressing in IPv4. Because the addresses are registered with
IANA, no other organization can use them on any public network, including on the
internet.
Unique local unicast addresses are private addresses used for communication within
a site or between a limited number of sites. These addresses aren't registered with
IANA and can't be used on a public network without address translation.
Link-local addresses are assigned to all IPv6 interfaces on the network by default,
but they can only be used on the local subnet. Routers never forward packets
destined for local-link addresses to other subnets.
Anycast addresses are used to locate the nearest server of a specific type. For
example, this could be the nearest DNS or network time server.

References

• 4.7.7 IPv6 Address Assignment Facts

q_dhcp_ipv6_global_np6.question.fex

Question 9:
Correct
Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of
127.0.0.1?
Answer
Correct Answer:
::1
::

FF02::1

FE80::1

Explanation

The IPv6 loopback address is ::1. The local loopback address isn't assigned to an
interface. It can be used to verify that the TCP/IP protocol stack has been properly
installed on the host.
:: is the unspecified address (also identified as ::/128). The unspecified address is
used when there's no IPv6 address. It's typically used during system startup, or
when the host hasn't yet configured its address. The unspecified address shouldn't
be assigned to an interface.
Multicast addresses have an FF00::/8 prefix. FF02::/8 is the multicast prefix for all
nodes on the local link.

References

• 4.7.7 IPv6 Address Assignment Facts

q_dhcp_ipv6_loopback_np6.question.fex

Question 10:
Correct
You manage a network that uses IPv6 addressing. When clients connect devices to
the network, they generate an interface ID and use NDP to learn the subnet prefix
and default gateway.
Which IPv6 address assignment method is being used?
Answer

Static full assignment

Stateful DHCPv6

Static partial assignment

Correct Answer:
Stateless autoconfiguration

Explanation

With stateless autoconfiguration, clients automatically generate an interface ID and

learn the subnet prefix and default gateway through Neighbor Discovery Protocol
(NDP).
With static full assignment, the entire 128-bit address and all other configuration
information is statically assigned.
Static partial assignment generates the interface ID from the MAC address, and
clients are statically assigned the prefix.
Stateful DHCPv6 is when the DHCP server provides each client with an IP address,
default gateway, and other IP configuration information.

References

• 4.7.7 IPv6 Address Assignment Facts

q_dhcp_ipv6_stateless_np6.question.fex
Which of the following address types shares multiple hosts and groups of computers
that receive the same data stream?
Answer

Half-duplex

Broadcast
Correct Answer:
Multicast

Unicast

Explanation

A multicast address is an address that identifies a group of computers. Members of

the group share the same multicast address.
A unicast address is an address that identifies a single host.
A broadcast address is an address that's sent to all hosts. Broadcast traffic is
typically only forwarded with one subnet, but not between two.
A half-duplex address uses a separate channel for sending and receiving, but the
channels are shared by multiple devices and can only be used by one single device
at a time.

References

• 4.8.2 Multicast Facts

q_mutlicast_01_np6.question.fex

Question 2:
Correct
Which type of address is the IP address 232.111.255.250?
Answer

Private

Unicast

Broadcast
Correct Answer:
Multicast

Explanation
The address 232.111.255.250 is a multicast address. A multicast address is an
address that identifies a group of computers. Members of the group share the same
multicast address, and multicast addresses are in the range of 224.0.0.0 to
239.255.255.255.
A unicast address is an address that identifies a single host. A broadcast address is
an address that is sent to all hosts. Broadcast addresses are the last possible
address on a subnet (typically ending in 255).
The private IPv4 address ranges are:
• 10.0.0.1 to 10.255.255.254
• 172.16.0.1 to 172.31.255.254
• 192.168.0.1 to 192.168.255.254

References

• 4.8.2 Multicast Facts

q_mutlicast_02_np6.question.fex

Question 3:
Correct
Which address type do people use to support video conference calls consisting of
multiple participants?
Answer

Unicast
Correct Answer:
Multicast

Anycast

Loopback

Explanation

Unified communication (UC) systems typically use unicast network transmissions. An

example of a unicast transmission is a one-on-one VoIP phone call. UC systems
also support multicast transmissions. Examples of a multicast transmission are
conference phone calls or video conference calls consisting of multiple users.
The anycast address is a unicast address that's assigned to more than one interface,
typically belonging to different hosts.
The local loopback address for the local host is 0:0:0:0:0:0:0:1 (also identified as ::1
or ::1/128).

References

• 4.8.2 Multicast Facts

q_mutlicast_03_np6.question.fex

Question 4:
Correct
Which of the following BEST describes the special MAC address that multicast traffic
frames are sent to?
Answer

Begins with a form of the router's IP address and ends with 01-00-5E

Begins with a form of the IP multicast group address and ends with 01-00-5E

Begins with 01-00-5E and ends with a form of the router's IP address
Correct Answer:
Begins with 01-00-5E and ends with a form of the IP multicast group address

Explanation

Frames that contain multicast traffic are sent to a special MAC address. The MAC
address begins with 01-00-5E. The last portion is a form of the IP multicast group
address.

References

• 4.8.2 Multicast Facts

q_mutlicast_04_np6.question.fex

Question 5:
Correct
Which of the following allows the same IPv6 address to be assigned to multiple
interfaces?
Answer

Broadcast

Unicast
Correct Answer:
Anycast

Multicast

Explanation
The anycast address is a unicast address that's assigned to more than one interface,
typically ones that belong to different hosts. An anycast packet is routed to the
nearest interface, having that address based on routing protocol decisions.
Unicast transmissions are one-to-one communication between two devices. Unicast
does not allow the same IPv6 address to be assigned to multiple interfaces.
Multicast is used to send a message to a specific group of devices. Multicast does
not allow the same IPv6 address to be assigned to multiple interfaces.
A broadcast message sends data to all the hosts on the subnet. This does not allow
the same IPv6 address to be assigned to multiple interfaces.

References

• 4.8.2 Multicast Facts

q_mutlicast_anycast_np6.question.fex

Question 6:
Correct
Which of the following gives the same IP address to multiple servers and manually
defines different routes on an IPv4 network?
Answer
Correct Answer:
BGP

IGMP

Anycast

Multicast

enabled routers that they want to receive specific multicast frames. ICMP notifies
routers of problems on the network and of undeliverable packets.
SNMP (Simple Network Management Protocol) lets network administrators set up
alerts to monitor the state of a network.
SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used to send email.

References

• 4.8.2 Multicast Facts

q_mutlicast_igmp_np6.question.fex

Question 9:
Correct
Which type of address identifies which single host to send a packet to?
Answer

Simplex
Correct Answer:
Unicast

Broadcast

Multicast

Explanation

A unicast address is an address that identifies a single host.

A broadcast address is an address that's sent to all hosts. Broadcast traffic is
typically only forwarded with one subnet, but not between two.
A multicast address is an address that identifies a group of computers. Members of
the group share the same multicast address.
Simplex communication uses a single channel for both sending and receiving.

References

•
4.8.2 Multicast Facts
q_mutlicast_unicast_01_np6.question.fex

Question 10:
Correct
Which type of address is the IP address 198.162.12.254/24?
Answer

Broadcast

Private
Multicast
Correct Answer:
Unicast

Explanation

The IP address 198.162.12.254 is a unicast address that identifies a single host on

the 198.162.12.0 subnet.
198.162.12.255 is the broadcast address for the subnet. Multicast addresses are in
the range of 224.0.0.0 to 239.255.255.255.
The private IPv4 address ranges are:
• 10.0.0.1 to 10.255.255.254
• 172.16.0.1 to 172.31.255.254
• 192.168.0.1 to 192.168.255.254

References

• 4.8.2 Multicast Facts

q_mutlicast_unicast_02_np6.question.fex
You manage a network that has multiple internal subnets. You connect a workstation
to the 192.168.1.0/24 subnet.
This workstation cannot communicate with any other host on the network. You
run ipconfig /all and see the following:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix. : mydomain.local
Description . . . . . . . : Broadcom network adapter
Physical Address . . . . . : 00-AA-BB-CC-74-EF
DHCP Enabled. . . . . . . : No
Autoconfiguration Enabled . . : Yes
IPv4 Address. . . . . . . : 192.168.2.102(Preferred)
Subnet Mask . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
DNS Servers . . . . . . . : 192.168.2.20

What is the MOST likely cause of the problem?

Answer

Incorrect DNS server address

Correct Answer:
Incorrect IP address

Incorrect default gateway

Incorrect subnet mask

Explanation

In this example, the IP address assigned to the host is on the wrong subnet. The
host address is on the 192.168.2.0/24 subnet, but the other devices are using
addresses on the 192.168.1.0 subnet (the scenario states that you're connecting the
workstation to this subnet).

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_address_np6.question.fex

Question 2:
Correct
You administer a network with Windows Server 2016, UNIX servers, and Windows
10 Professional, Windows 8, and Macintosh clients. A Windows 8 computer user
calls you one day and says that he is unable to access resources on the network.
You type ipconfig on the user's computer and receive the following output:
0 Ethernet adapter:
IP address. . . . . . . . . : 169.254.1.17
Subnet Mask . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . :
You also check your NIC and see that the link light is on.
What might the problem be in this scenario?
Answer

A bad NIC

The user changed their computer's configuration

Correct Answer:
An unavailable DHCP server

A missing default gateway

Explanation

If a Windows 8 client computer is configured to use DHCP and can't locate one to
receive IP addressing information, it assigns itself an IP address from the APIPA
(Automatic Private IP Addressing) range of IP addresses. APIPA addresses include
IP addresses from 169.254.0.0 to 169.254.255.254 and are reserved for this
purpose. A lit link light on your NIC indicates a connection to the network.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_dhcp_np6.question.fex

Question 3:
Correct
You are a network technician for a small consulting firm. One of your users is
complaining that they are unable to connect to the local intranet site.
After some troubleshooting, you've determined that the intranet site can be
connected to by using the IP address but not the hostname.
Which of the following would be the MOST likely reason for this?
Answer
Correct Answer:
Incorrect DNS settings

Incorrect DHCP configuration

Incorrect subnet mask

In this scenario, the best option is to run the ipconfig /flushdns command. This will
remove all entries from the device's DNS resolver cache and force the computer to
update the DNS mappings the next time the user attempts to connect to the intranet
site.
ipconfig /registerdns refreshes all DHCP leases and re-registers DNS names. This
command would not fix this user's issue.
ipconfig /displaydns displays the contents of the DNS resolver cache. This
command would not fix this user's issue.
ipconfig /release clears the current IP configuration. This command would not fix
this user's issue.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_fact_02_np6.question.fex

Question 6:
Correct
You manage a network that has multiple internal subnets. You connect a workstation
to the 192.168.1.0/24 subnet.
This workstation can communicate with some hosts on the private network, but not
with other hosts. You run ipconfig /all and see the following:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . : Broadcom network adapter
Physical Address. . . . . . : 00-AA-BB-CC-74-EF
DHCP Enabled . . . . . . . : No
Autoconfiguration Enabled. . . : Yes
IPv4 Address . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . : 255.255.255.0
Default Gateway. . . . . . . . . : 192.168.2.1
DNS Servers. . . . . . . . . . . : 192.168.2.20

What is the most likely cause of the problem?

Answer

Incorrect subnet mask

Incorrect DNS server address

Incorrect IP address
Correct Answer:
Incorrect default gateway

Explanation

In this example, the default gateway address is incorrect. The default gateway
address must be on the same subnet as the IP address for the host. The host
address is on the 192.168.1.0/24 subnet, but the default gateway address is on the
192.168.2.0 subnet.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_gateway_np6.question.fex

Question 7:
Correct
You are the network administrator for a consulting firm. Your network consists of:
• 40 desktop computers
• Two servers
• Three network switches
• Two network printers
You've been alerted to an issue with two desktop computers that are having
problems communicating with the network. When only one computer is on,
everything is fine. But when both computers are connected, the network connection
is randomly dropped or interrupted.
Which of the following would be the MOST likely cause for this?
Answer
Correct Answer:
Duplicate MAC Addresses

Exhausted DHCP scope

Incorrect default gateway

Rogue DNS server

Explanation

The most likely cause for the issue in this scenario is that both computers have the
same MAC address. This address is unique, so there shouldn't be duplicate
addresses on a network. However, it is possible for two hosts to have the same MAC
address due to spoofing, a mistake during manufacturing, or if users choose a self-
assigned address instead of the vendor-assigned hardware address. If two
computers have the same MAC address, reaching either host will be inconsistent
and can cause other problems as well.
DNS is responsible for translating hostnames to IP addresses. A rogue DNS server
would not cause the issues experienced in this scenario.
Exhausted DHCP scope means that all the addresses within the DHCP scope were
depleted. Consequently, a legitimate user is denied an IP address requested through
DHCP and isn't able to access the network. This would not cause the issues
experienced in this scenario.
The gateway is responsible for routing traffic between networks. This would not
cause the issues experienced in this scenario.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_mac_np6.question.fex

Question 8:
Correct
You manage a network that has multiple internal subnets. You connect a workstation
to the 192.168.1.0/24 subnet.
This workstation can communicate with some hosts on the private network, but not
with other hosts. You run ipconfig /all and see the following:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . : Broadcom network adapter
Physical Address. . . . . . : 00-AA-BB-CC-74-EF
DHCP Enabled . . . . . . . : No
Autoconfiguration Enabled. . . : Yes
IPv4 Address . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway . . . . . . : 192.168.1.1
DNS Servers . . . . . . . : 192.168.1.20
192.168.1.27

What is the MOST likely cause of the problem?

Answer

Incorrect IP address
Correct Answer:
Incorrect subnet mask

Incorrect default gateway

Incorrect DNS server address

Explanation
In this example, the network is using a mask of 255.255.255.0 (24-bits), but the
workstation is configured to use a mask of 255.255.0.0.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_mask_np6.question.fex

Question 9:
Correct
You are a network technician for a small consulting firm. Many users have reported
issues with accessing the network.
After some initial troubleshooting, you discover that many devices have the same IP
address assigned or incorrect IP configurations.
Which of the following would be the MOST likely cause for this?
Answer

Incorrect default gateway

Rogue DNS server

Correct Answer:
Rogue DHCP server

Exhausted DHCP scope

Explanation

In this scenario, a rogue DHCP server would be the most likely cause for the
duplicate and incorrect IP configurations. A rogue DHCP server is an unauthorized
DHCP server. When a rogue DHCP server exists on a network, some hosts will
receive configuration information from the correct DHCP server and others from the
rogue one. This will lead to conflicting and incorrect IP configurations.
Exhausted DHCP scope means that all the addresses within the DHCP scope were
depleted. Consequently, a legitimate user is denied an IP address requested through
DHCP and isn't able to access the network. This would not cause duplicate or
incorrect IP configurations.
The gateway is responsible for routing traffic between networks. This would not
cause duplicate or incorrect IP configurations.
DNS is responsible for translating hostnames to IP addresses. This would not cause
duplicate or incorrect IP configurations.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_rogue_np6.question.fex
Question 10:
Correct
You are a network technician for a small consulting firm. Many users have reported
issues with accessing the network.
After some initial troubleshooting, you discover that devices are not receiving their IP
configurations. You look into the issue and discover that the network is being
targeted by a denial-of-service attack.
Which of the following is your network MOST likely experiencing?
Answer
Correct Answer:
DHCP starvation attack

Rogue DNS server

APIPA

On-path attack

Explanation

The network is most likely experiencing a DHCP starvation attack. This attack
exhausts all addresses in the DHCP scope, which leads to users being unable to
receive their IP configurations. This attack might be a denial-of-service mechanism,
or it may be used together with a rogue server to redirect traffic to a malicious
computer.
DNS is responsible for translating hostnames to IP addresses. A rogue DNS server
would not lead to devices not receiving their IP configurations.
If a host cannot contact the DHCP server, it's assigned an IP address using
Automatic Private IP Addressing (APIPA). This would be a consequence to devices
affected by the DHCP starvation attack, but it would not be the cause.
An on-path attack occurs when a malicious user intercepts traffic between two
devices. This would not lead to devices not receiving their IP configurations.

References

• 4.9.4 IP Configuration Troubleshooting Facts

q_ipconfig_starvation_np6.question.fex

You're troubleshooting an IP addressing issue, and you issue a command to view

the system's TCP/IP configuration. The command you use produces the following
output:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu
1500
inet6 fe80::2a0:83ff:fe30:57a%fxp0 prefixlen 64 scopeid 0x1
inet 192.168.1.235 netmask 0xfffffc00 broadcast
255.255.255.255
ether 00:a0:83:30:05:7a
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
Which of the following operating systems are you working on?
Answer

Windows Server 2019

Correct Answer:
Linux

Windows 10

Windows Server 2016

Explanation

The output shown is from the ifconfig command run on a Linux system. Keep in
mind that while you can still use ifconfig, the ip command has essentially
replaced ifconfig as the Linux tool for configuring network adapters.
The equivalent command on Windows 10, Windows 2019, and Windows Server
2016 is ipconfig.

References

• 4.10.3 Network Communication Troubleshooting Facts

q_trouble_network_comm_ifconfig_np6.question.fex

Question 2:
Correct
You've been called in to troubleshoot a connectivity problem on a newly installed
Windows Server system. The system is operating well and is able to communicate
with other systems on the local network. However, it's unable to access any systems
on other segments of the corporate network.
You suspect that the system's default gateway parameter hasn't been configured or
may be configured incorrectly. Which of the following utilities are you MOST likely to
use to view the system's default gateway information?
Answer

tcpdump
netstat

ifconfig
Correct Answer:
ipconfig

Explanation

Use the ipconfig utility to view the TCP/IP configuration of a Windows Server
system. The information displayed by ipconfig includes default gateway information.
tcpdump is a packet analyzer that runs in a command line utility.
Use the ifconfig command to view the TCP/IP configuration on a Linux, Unix, or
Macintosh system. Keep in mind that while you can still use ifconfig,
the ip command has essentially replaced ifconfig as the Linux tool for configuring
network adapters.
Use the netstat command to view TCP connection statistics.

References

•
4.10.3 Network Communication Troubleshooting Facts
q_trouble_network_comm_ipconfig_01_np6.question.fex

Question 3:
Correct
Examine the following output:
Reply from 64.78.193.84: bytes=32 time=86ms TTL=115
Reply from 64.78.193.84: bytes=32 time=43ms TTL=115
Reply from 64.78.193.84: bytes=32 time=44ms TTL=115
Reply from 64.78.193.84: bytes=32 time=47ms TTL=115
Reply from 64.78.193.84: bytes=32 time=44ms TTL=115
Reply from 64.78.193.84: bytes=32 time=44ms TTL=115
Reply from 64.78.193.84: bytes=32 time=73ms TTL=115
Reply from 64.78.193.84: bytes=32 time=46ms TTL=115
Which of the following utilities produced this output?
Answer

tracert
Correct Answer:
ping

ifconfig

nslookup
Explanation

The output shown was produced by the ping utility. Specifically, the information
output was created using the ping -t command. The -t switch causes packets to be
sent to the remote host continuously until you stop it manually. ping is a useful tool
for testing connectivity between devices on a network. Using the -t switch
with ping can be useful in determining whether the network is congested. If it is,
there will be sporadic failures in the ping stream.
tracert is similar to ping in that it tests connectivity between two hosts on a network.
The difference is that tracert reports information on all intermediate devices between
the host system and the target system. ping, on the other hand, doesn't report
information on intermediate devices.
nslookup is a tool provided on Linux, Unix, and Windows systems that allows
manual name resolution requests to be made to a DNS server. This is useful when
you troubleshoot name resolution problems.
ifconfig is a tool for Unix, Linux, and Macintosh systems that's used to view the
configuration of network interfaces, including TCP/IP network settings.

References

•4.10.3 Network Communication Troubleshooting Facts

q_trouble_network_comm_ping_02_np6.question.fex

Question 4:
Correct

Which TCP/IP utility gives you the following output?

Answer

ifconfig
Correct Answer:
ping

ipconfig

arp -a

Explanation

The output of the ping command shows you the results of four echo request/reply
contacts with a destination host.
The arp -a command shows the current entries in a computer's ARP cache.
Use the ifconfig command to view the TCP/IP configuration on a Linux, Unix, or
Macintosh system. Keep in mind that while you can still use ifconfig,
the ip command has essentially replaced ifconfig as the Linux tool for configuring
network adapters.
Use the ipconfig utility to view the TCP/IP configuration of a Windows Server
system.

References

• 4.10.3 Network Communication Troubleshooting Facts

q_trouble_network_comm_ping_03_np6.question.fex

Question 5:
Correct
While working on a Linux server, you're unable to connect to your Windows Server
system across the internet. You're able to ping the default gateway on your own
network, so you suspect that the problem lies outside of the local network.
Which utility would you use to track the route a packet takes as it crosses the
network?
Answer
Correct Answer:
traceroute

ipconfig

ifconfig

tracert

Explanation

traceroute is a Linux utility that allows you to track a packet's route as it traverses
the network. The traceroute utility is used on Linux systems, while tracert is used
on Windows systems.
ipconfig and ifconfig are utilities used to obtain TCP/IP configuration on Windows
and Linux systems, respectively.

References

•
4.10.3 Network Communication Troubleshooting Facts
q_trouble_network_comm_traceroute_np6.question.fex

Question 6:
Correct
Which TCP/IP utility gives you the following output?
Interface: 192.168.4.101 on Interface 0x3
Internet Address Physical Address Type
192.168.1.23 00-d1-b6-b7-c2-af dynamic
Answer
Correct Answer:
arp

ipconfig

tracert

nslookup

Explanation

This output is displayed when you use the arp -a command to look at the ARP
cache.
Use the nslookup utility to perform manual DNS lookups on Windows.
Use ipconfig to view network configuration information on Windows systems.
The tracert utility allows you to track a packet's route as it traverses the network.

References

•
4.10.4 Use arp and netstat
•
4.10.5 arp and netstat Facts
•
14.3.1 Command Line Troubleshooting Utilities
•
14.3.2 Command Line Troubleshooting Utility Facts
q_arp_netstat_arp_01_np6.question.fex

Question 7:
Correct
Which of the following tools would you use to view the MAC addresses associated
with IP addresses that the local workstation has contacted recently?
Answer

nbtstat
Correct Answer:
arp

netstat

arping
Explanation

Use the arp command to view the MAC addresses associated with IP addresses that
the local workstation has contacted recently. When a workstation uses arp to find an
IP address's MAC address, it places that information in its ARP table.
Use the arping command to send an ARP request to a specified IP
address. arping works much like ping in that the host with the specified IP address
responds. netstat shows IP-related statistics (like incoming and outgoing
connections) and active sessions, ports, and sockets. nbtstat displays the NetBIOS
name tables for both the local and remote computers and the NetBIOS name cache.

References

• 4.10.5 arp and netstat Facts

q_arp_netstat_arp_02_np6.question.fex

Question 8:
Correct

Which TCP/IP utility gives you the following output?

Answer

netstat -a

netstat
Correct Answer:
netstat -r

netstat -s

Explanation

netstat -r shows you the computer's routing table.

netstat -s displays network activity statistics for TCP, UDP, and IP.
netstat -a shows detailed information for active connections.
netstat shows the active connections.

References

• 4.10.5 arp and netstat Facts

q_arp_netstat_netstat-r_np6.question.fex

Question 9:
Correct
Your computer is sharing information with a remote computer using the TCP/IP
protocol. Suddenly, the connection stops working and appears to hang. Which
command can you use to check the connection?
Answer

ipconfig

ping

arp
Correct Answer:
netstat

Explanation

Use the netstat command to check the status of a TCP connection.

ping sends an ICMP echo request/reply packet to a remote host.
Hosts use arp to discover a device's MAC address from its IP address.
Use ipconfig to view network configuration information on Windows systems.

References

• 4.10.5 arp and netstat Facts

q_arp_netstat_netstat_01_np6.question.fex

Question 10:
Correct
Examine the following output:
Active Connections
Proto Local Address Foreign Address State
TCP SERVER1:1036 localhost:4832 TIME_WAIT
TCP SERVER1:4798 localhost:1032 TIME_WAIT
TCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAIT
TCP SERVER1:2150 cpe-66-67-225-118.roc.res.rr.com:14100 ESTABLISHED
TCP SERVER1:268 C872c-032.cpe.net.cale.rers.com:46360 ESTABLISHED
TCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net:23135 ESTABLISHED
Which of the following utilities produced this output?
Answer

dig
Correct Answer:
netstat

ifconfig

nslookup

Explanation

The output shown is produced by the netstat command. netstat reports the open
TCP/IP ports on the local system, and it also identifies the protocol and remote host
connected to that port. This information can be very useful when you're looking for
security weaknesses, as a TCP/IP port that's open to traffic represents an
unnecessary security risk.
ifconfig is a tool used on Unix, Linux, and Macintosh systems to view the
configuration of network interfaces, including TCP/IP network settings.
The dig command allows you to perform manual DNS lookups from a Linux or Unix
system. This can be very useful when you troubleshoot name resolution issues.
In addition to Linux and Unix systems, nslookup allows you to perform manual DNS
lookups from a Windows system.

References

• 4.10.5 arp and netstat Facts

q_arp_netstat_netstat_02_np6.question.fex
You are troubleshooting a network connectivity issue on a Unix system. You're able
to connect to remote systems by using their IP address, but you're unable to connect
using the hostname. You check the TCP/IP configuration and notice that a DNS
server IP address is configured.
You decide to run some manual resolution queries to ensure that the communication
between the Unix system and the DNS server are working correctly. Which utilities
can you use to do this? (Select two.)
Answer

traceroute
Correct Answer:
dig
Correct Answer:
nslookup

tracert

arp

Explanation

The dig and nslookup commands allow you to perform manual DNS lookups from a
Linux or Unix system. This can be very useful when you're troubleshooting name
resolution issues.
Use tracert and traceroute to track the route that a packet takes as it crosses a
network. You wouldn't typically use these commands to troubleshoot a name
resolution problem, though they may be useful if you're unable to connect to the DNS
server.
The arp command displays a network host's MAC address.

References

• 4.11.2 DNS Troubleshooting Facts

q_trouble_dns_connect_np6.question.fex

Question 2:
Correct
Consider the following output.
;; res options: init recurs defnam dnsrch
;;got answer:
;;->>HEADER<<-opcode:QUERY, status; NOERROR,id:4
;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2,
ADDITIONAL:0
;;QUERY SECTION:
;; westsim111.com, type = A, class = IN
;;ANSWER SECTION:
westsim111.com. 7h33m IN A 76.141.43.129
;;AUTHORITY SECTION:
westsim111.com. 7h33m IN NS dns1.deriatct111.com.
westsim111.com. 7h33m IN NS dns2.deriatct222.com.
;;Total query time: 78 msec
;;FROM: localhost.localdomain to SERVER: default --
202.64.49.150
;;WHEN: Tue Feb 16 23:21:24 2005
;;MSG SIZE sent: 30 rcvd: 103
Which of the following utilities produced this output?
Answer

ping

nbtstat
Correct Answer:
dig

nslookup

Explanation

The output shown is from the dig command that was run on a Linux system.
Although nslookup and dig provide some of the same information, you can tell that
this output came from dig because this command produces significantly more detail
in its default usage.
Use nbtstat to view information on NetBIOS over TCP/IP (NetBT) name resolutions.
Use ping to test connectivity between network systems.

References

• 4.11.2 DNS Troubleshooting Facts

q_trouble_dns_dig_01_np6.question.fex

Question 3:
Correct
Consider the following output from a dig command run on a Linux system.
; <<>> DiG 8.2 <<>> westsim111.com
;;res options:init recurs defnam dnsrch
;;got answer:
;;->>HEADER<<-opcode:QUERY, status: NOERROR, id:4
;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2,
ADDITIONAL:0
;;QUERY SECTION:
;; westsim111.com, type = A, class = IN

;;ANSWER SECTION:
westsim111.com. 7h33m IN A 76.141.43.129
;;AUTHORITY SECTION:
westsim111.com. 7h33m IN NS dns1.deriatct111.com.
westsim111.com. 7h33m IN NS dns2.deriatct222.com.
;;Total query time: 78 msec
;;FROM: localhost.localdomain to SERVER:default --
202.64.49.150
;;WHEN: Tue Feb 16 23:21:24 2005
;;MSG SIZE sent: 30 rcvd:103
What is the IP address of the DNS server that performed this name resolution?
Answer

16.23.21.24
Correct Answer:
202.64.49.150

192.168.1.100

76.141.43.129

Explanation

When you use the dig command to perform a manual DNS lookup, a range of
information is provided to you. The IP address of the DNS server that performed the
name resolution is shown at the bottom area of the output on the end of
the ;;FROM line.
The IP address shown in the answer section denotes the resolved IP address for the
domain or host that the resolution was requested for. In this case, that address is
76.141.43.129.
The other two answers are invalid.

References

• 4.11.2 DNS Troubleshooting Facts

q_trouble_dns_dig_02_np6.question.fex

Question 4:
Correct
Which of the following can you append to the end of the dig command to run a query
for all the records in the zone?
Answer

-a
Correct Answer:
-axfr

tracert

netstat

Explanation

Use nslookup to troubleshoot name resolution problems. Because the ping test was
successful, you know that both the client and the server can communicate using
TCP/IP with IP addresses. This tells you that the problem is related to name
resolution.
Use tracert to track the route that a packet takes as it crosses a network. You
wouldn't typically use these commands to troubleshoot a name resolution problem,
though they may be useful if you're unable to connect to the DNS server.
The arp command displays a network host's MAC address.
netstat is used to view protocol connections that have been established by the
system as well as which incoming TCP/IP ports are in use by the system.

References

•
4.11.2 DNS Troubleshooting Facts
q_trouble_dns_nslookup_01_np6.question.fex

Question 8:
Correct
Examine the following output:
Server: to.xct.mirrorxhq.net
Address: 209.53.4.130
Name: westxsim.com
Address: 64.78.193.84
Which of the following utilities produced this output?
Answer

tracert

netstat

ipconfig
Correct Answer:
nslookup
Explanation

The output is from the nslookup command on a Windows Server

system. nslookup is a tool that allows you to send manual DNS resolution requests
to a DNS server. The output displays the IP address and hostname of the DNS
server that performed the resolution and the IP address and hostname of the target
specified for resolution. nslookup can be a useful tool when troubleshooting DNS
name resolution problems.
The ipconfig utility is used on a Windows system to view the TCP/IP configuration of
network interfaces.
netstat is used to view protocol connections that have been established by the
system as well as which incoming TCP/IP ports are in use by the system.
tracert is a tool used to view information on the route a packet takes as it traverses
the network to a remote host.

References

• 4.11.2 DNS Troubleshooting Facts

q_trouble_dns_nslookup_02_np6.question.fex

Question 9:
Correct
You are using Linux and need to perform a reverse lookup of the IP address
10.0.0.3. Which command would you use to accomplish this?
Answer

arp 10.0.0.3

nslookup 10.0.0.3
Correct Answer:
dig -x 10.0.0.3

nbtstat -a 10.0.0.3

Explanation

To perform a reverse lookup of the IP address 10.0.0.3 on Linux use the dig -x
10.0.0.3 commands.
The ipconfig command is used to perform a forward or reverse DNS lookup.
The arp 10.0.0.3 command displays the MAC address of the network host with an IP
address of 10.0.0.3.
The nbtstat -a 10.0.0.3 command displays the NETBIOS name of the host assigned
an IP address of 10.0.0.3.

References
• 4.11.2 DNS Troubleshooting Facts
q_trouble_dns_reverse_np6.question.fex

Question 10:
Correct
Which of the following commands should you use to check the route a packet takes
between a workstation and the DNS server?
Answer

dig

ping

nslookup
Correct Answer:
tracert

Explanation

The tracert command is used to test the route between a workstation and the DNS
server. Running this command shows you each stop, or hop, a packet takes to reach
its destination.
ping is used to test the connectivity between two devices, but it does not show the
route the packet will take.
dig is used to query a host. Dig does not show the route a packet will take.
nslookup queries a host's IP address. It does not show the route a packet will take.

References

• 4.11.2 DNS Troubleshooting Facts

q_trouble_dns_tracert_np6.question.fex
Which of the following is true about half-duplex mode?
Answer
Correct Answer:
Collision detection is turned on.

It requires switches with dedicated switch ports.

The device can send and receive at the same time.

Collision detection is turned off.

Explanation

Half-duplex mode requires that collision detection be turned on.

Full duplex mode requires that collision detection is turned off, that the device can
send and receive at the same time, and that there are dedicated switch ports.

References

• 5.1.2 Ethernet Facts

q_ethernet_half_duplex_np6.question.fex

Question 2:
Correct
Which of the following physical topologies are used with Ethernet networks? (Select
two.)
Answer

Token
Correct Answer:
Bus

Ring
Correct Answer:
Star

Mesh

Explanation

Ethernet networks use either a physical bus or physical star topology. Hubs can also
be cascaded to form a tree topology.

References
• 5.1.2 Ethernet Facts
q_ethernet_topology_np6.question.fex

Question 3:
Correct
Which Gigabit Ethernet standard can support long network segments up to a
maximum of 5 km when used with single-mode fiber optic cable?
Answer

1000BaseT

1000BaseCX
Correct Answer:
1000BaseLX

1000BaseSX

Explanation

1000BaseLX supports segment lengths of up to 5 km when used with single-mode

fiber optic cable. This maximum segment length is cut to 550 m when multimode
fiber optic cable is used.
1000BaseSX supports segment lengths of only 550 meters. 1000BaseCX uses
copper wire and supports segment lengths of only 25 meters. 1000BaseT uses
twisted-pair cables.

References

• 5.1.4 Ethernet Specifications Facts

q_ethernet_spec_1000baselx_np6.question.fex

Question 4:
Correct
Which Gigabit Ethernet standard uses multimode fiber optic cabling and supports
network segments up to a maximum of 550 meters long?
Answer
Correct Answer:
1000Base-SX

1000Base-CX

1000Base-T

1000Base-ZX
Explanation

The 1000Base-SX standard uses multimode fiber optic cable with a maximum
segment length of 550 meters. However, to implement segments this long, you must
use 50-micron 500MHz/km multimode fiber optic cabling. Other types of cabling will
shorten the maximum segment length. 1000Base-FX also supports lengths up to 550
meters using multimode cabling. 1000Base-FX supports distances up to 10
kilometers using single-mode cabling.
1000Base-ZX has a maximum segment length of up to 100 km. 1000Base-CX and
1000BaseT use copper cabling instead of fiber optic.

References

• 5.1.4 Ethernet Specifications Facts

q_ethernet_spec_1000basesx_np6.question.fex

Question 5:
Correct
Which type of cabling do Ethernet 100BaseFX networks use?
Answer

Unshielded twisted pair

Shielded twisted pair

Coaxial
Correct Answer:
Fiber optic

Explanation

Ethernet 100BaseFX networks use fiber optic cabling.

References

• 5.1.4 Ethernet Specifications Facts

q_ethernet_spec_100basefx_01_np6.question.fex

Question 6:
Correct
Your network follows the 100Base-FX specifications for Fast Ethernet and uses half-
duplex multimode cable. What is the maximum cable segment length allowed?
Answer

100 meters
Correct Answer:
412 meters

550 meters

1,000 meters

Explanation

100Base-FX half-duplex multimode cable has a maximum segment length of 412

meters.
1000Base-SX and 1000Base-LX support multimode cable up to 550 meters.
10Base-FL supports fiber optic cable between 1,000 and 2,000 meters.

References

• 5.1.4 Ethernet Specifications Facts

q_ethernet_spec_100basefx_02_np6.question.fex

Question 7:
Correct
Your network follows the 100Base-TX specifications for Fast Ethernet. What is the
maximum cable segment length allowed?
Answer

q_ethernet_spec_fiber_03_np6.question.fex

Question 10:
Correct
You would like to implement 10 Gbps Ethernet over a distance of 1 kilometer or
greater. Which of the following would be the minimum requirement for this
implementation? (Select two.)
Answer

10GBaseSR standards

Multimode fiber
Correct Answer:
Single-mode fiber
Correct Answer:
10GBaseLR standards

10GBaseER standards

Explanation

For 10 Gbps at distances up to 10 kilometers, use 10GBaseLR with single-mode

fiber.
Multimode fiber is cheaper, but it has a shorter maximum distance than single-mode
fiber. 10GBaseSR uses multi-mode fiber at distances up to 300 meters. 10GBaseER
supports distances up to 40 kilometers using single-mode fiber.

References
• 5.1.4 Ethernet Specifications Facts
q_ethernet_spec_fiber_04_np6.question.fex

You want to create a loopback plug using a single RJ45 connector. How should you
connect the wires in the connector?
Answer
Correct Answer:
Connect pin 1 to pin 3 and pin 2 to pin 6.

Connect pin 1 to pin 3 and pin 2 to pin 4.

Connect pin 1 to pin 2 and pin 3 to pin 3.

Connect pin 1 to pin 5 and pin 2 to pin 6.

Connect pin 1 to pin 8 and pin 2 to pin 7.

Explanation

To create a loopback plug or a crossover cable, connect pin 1 (Tx+) to pin 3 (Rx+)
and pin 2 (Tx-) to pin 6 (Rx-).
Connecting each pin to the opposite pin (1 to 8, 2 to 7, and so on) creates a rollover
cable.

References

• 5.2.2 Device Connection Facts

q_connect_devices_crossover_01_np6.question.fex

Question 2:
Correct
You need to connect two switches using their uplink ports. The switches do not
support auto-MDI.
Which type of cable should you use?
Answer
Correct Answer:
Crossover

Rollover

Straight-through
Loopback

Explanation

q_connect_devices_rollover_01_np6.question.fex

Question 6:
Correct
Which of the following standards does a rollover cable typically use?
Answer

RG58
Correct Answer:
RS232

RJ11

RG6

Explanation

A rollover cable typically has a serial connector on one end and an RJ45 connector
on the other end. RS232 is the standard for serial communications.
RJ11 connectors are used for analog telephone lines. RG6 and RG58 are coaxial
cable standards.

References

• 5.2.2 Device Connection Facts

q_connect_devices_rollover_02_np6.question.fex

Question 7:
Correct
You have purchased a new router that you need to configure. You need to connect a
workstation to the router's console port to complete the configuration tasks.
Which type of cable would you most likely use?
Answer

Straight-through
RG6

Crossover
Correct Answer:
Rollover

Explanation

Use a rollover cable to connect a workstation to the console port on a router or

switch. The rollover cable has an RJ45 connector on one end to connect to the
console port. The other end has a serial connector to connect to the workstation's
serial port. You then run a terminal emulation program on the workstation to connect
to the console on the router or switch in order to perform configuration and
management tasks.
Use a straight-through or crossover Ethernet cable to connect devices using the
Ethernet RJ45 ports. An RG6 cable is a coaxial cable.

References

• 5.2.2 Device Connection Facts

q_connect_devices_rollover_03_np6.question.fex

Question 8:
Correct
You want to create a rollover cable that has an RJ45 connector on both ends. How
should you connect the wires within the connectors?
Answer

Connect each pin on one end to the same pin on the other end (pin 1 to pin 1, pin 2
to pin 2, etc.).
Correct Answer:
Connect pin 1 to pin 8, pin 2 to pin 7, pin 3 to pin 6, and pin 4 to pin 5.

Use the T568A standard on one end and the T568B standard on the other end.

Connect pin 1 to pin 3 and pin 2 to pin 6.

Explanation

When terminated with an RJ45 connector on both ends, the wires within the
connectors are rolled over to the opposite connectors as follows:
• Pin 1 connects to pin 8.
• Pin 2 connects to pin 7.
• Pin 3 connects to pin 6.
• Pin 4 connects to pin 5.
A crossover cable uses the T568A standard on one end and the T568B standard on
the other end. The crossover cable connects pin 1 to pin 3 and pin 2 to pin 6.
Connecting each pin to the same pin on the other end creates a straight-through
cable.

References

• 5.2.2 Device Connection Facts

q_connect_devices_rollover_04_np6.question.fex

Question 9:
Correct
You need to connect a workstation to a switch using a regular port on the switch (not
an uplink port). The switch does not support auto-MDI.
Which type of cable should you use?
Answer

Loopback
Correct Answer:
Straight-through

Rollover

Crossover

Explanation

Use a straight-through cable to connect a workstation or router to a regular switch

port.
Use a crossover cable to connect a workstation to an uplink port. Use a rollover
cable to connect a workstation to a switch's console port. Use a loopback plug to
allow a workstation to communicate with itself through its own network adapter.

References

• 5.2.2 Device Connection Facts

q_connect_devices_straight_01_np6.question.fex

Question 10:
Correct
Which of the following connections would you use a straight-through cable for?
Answer

Hub to hub
Router to the uplink port on a hub
Correct Answer:
Router to a regular port on a switch

Workstation to workstation

Explanation

Use a straight-through cable when connecting the following devices:

• Workstation to a regular port on a hub or switch.
• Router to a regular port on a hub or switch.
• Regular port on a hub or switch to an uplink port on a hub or switch.

References

• 5.2.2 Device Connection Facts

q_connect_devices_straight_02_np6.question.fex
You have a network that's connected using a physical bus topology. One of the
cables that connects a workstation to the bus breaks.
Which of the following BEST describes the effect that this will have on network
communications?
Answer

All devices except the device connected with the drop cable will be able to
communicate.

Devices on one side of the break will be able to communicate with each other, while
devices on the other side will not be able to communicate.

All devices will be able to communicate.

Correct Answer:
No devices will be able to communicate.

Only devices on one side of the break will be able to communicate with each other,
while only devices on the other side of the break will be able to communicate with
each other.

Explanation

A break in the network bus means that the end of the network bus is no longer
terminated. For this reason, a break in the bus typically means that no devices can
communicate. Identifying the location of the break is difficult on a true bus network.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_bus_np6.question.fex

Question 2:
Correct
You have just connected four new computer systems to an Ethernet switch using
spare patch cables. After the installation, only three systems are able to access the
network. You verify all client network settings and replace the network card in the
failed system. The client is still unable to access the network.
Which of the following might you suspect is the real cause of the problem?
Answer

Incorrect LAN protocol

Incorrect routing table

Failed switch
Correct Answer:
Failed patch cable

Faulty IP stack

Explanation

Bent and damaged patch cables prevent client systems from accessing the network.
In this scenario, a faulty patch cable is the most likely cause of the connection
failure. The easiest way to test this is to simply swap out the cable and try a known
good UTP patch cable.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_cable_01_np6.question.fex

Question 3:
Correct
You are moving a client to a new location within an Ethernet network. Previous to the
move, the client system did not have difficulty accessing the network.
During the relocation, you attach patch cables from the client system to the wall jack
and from the patch panel to the switch. Once connected, you do not get a link light
on the network card or the switch. You swap out the cable running between the
patch panel and the switch with a known good one, but you still cannot connect.
Which of the following might you suspect is the problem?
Answer

Failed switch

Incorrect duplex settings

Server software configuration error

Failed network card

Faulty termination
Correct Answer:
Failed patch cable between the client system and the wall jack

Explanation
Because the client system previously worked in a different location, the issue is not
likely related to the client system. The NIC and switch LEDs' failure to light indicates
that there isn't an end-to-end connection between the client and the switch. This
means that either the patch cable between the wall jack and the client is faulty or the
cable between the patch panel and the switch is faulty. The cable connecting the
switch and the patch panel was verified, leaving the cable between the wall jack and
the client system.
It is unlikely that the issue is a failed network card, as the system was functioning in
a different location, eliminating the possibility of hardware or software on the client
system being the problem. The failure is limited to a connection issue between a
single client and a switch. If the switch failed, all clients connected to that switch
would not be able to connect. Incorrect duplex settings would not prevent NIC and
switch LEDs from lighting.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_cable_02_np6.question.fex

Question 4:
Correct
You have a network that's connected using a full physical mesh topology. The link
between Device A and Device B is broken.
Which of the following BEST describes the effect that this will have on network
communications?
Answer
Correct Answer:
Device A will be able to communicate with all other devices.

Device A will be able to communicate with any device except for Device B.

Device A will not be able to communicate with any other device.

No devices will be able to communicate with any other device.

Explanation

With a mesh topology, a break in a single link has no effect on communications.

Data can be routed to the destination device by taking a different (sometimes longer)
path through the mesh topology.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_mesh_np6.question.fex
Question 5:
Correct
A user from the sales department calls to report that he is experiencing problems
connecting to the sales file server. All users in the sales department connect to this
server through a single Ethernet switch. No other users have reported problems
connecting to the sales server.
Which of the following troubleshooting actions are you MOST likely to perform first?
Answer

Replace the Ethernet switch in the sales department.

Replace the network card in the sales server.

Correct Answer:
Replace the network card in the user's computer.

Reinstall the network card drivers on the sales server.

Explanation

In this scenario, you are most likely to replace the network card in the user's
computer.
As there is only one user experiencing the problem, you are unlikely to replace the
network card in the server or replace the Ethernet switch. For the same reason, you
are also unlikely to replace the network card drivers on the server. If more than one
user were experiencing the problem, any of these options could be a valid
troubleshooting step.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_nic_np6.question.fex

Question 6:
Correct
You have a network that's connected using a physical star topology. One of the drop
cables connecting a workstation has been removed.
Which of the following BEST describes the effect that this will have on network
communications?
Answer

All devices will be able to communicate.

Only devices on one side of the missing cable will be able to communicate with each
other, while only devices on the other side of the missing cable will be able to
communicate with each other.

No devices will be able to communicate.

Correct Answer:
All devices except the device connected with the drop cable will be able to
communicate.

Devices on one side of the missing cable will be able to communicate with each
other, while devices on the other side of the missing cable will not be able to
communicate.

Explanation

A cable break in a star topology means that the device connected to the central
device (hub or switch) through that cable can no longer communicate on the
network. All other hosts will be able to communicate with all other devices.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_star_01_np6.question.fex

Question 7:
Correct
You are implementing a SOHO network for a local business. The ISP has already
installed and connected a cable modem for the business.
The business has four computers that need to communicate with each other and the
internet. The ISP's cable modem has only one RJ45 port. You need to set up the
network within the following parameters:
• You must spend as little money as possible.
• You must not purchase unnecessary equipment.
• Computers need to have a gigabit connection to the network.
• New devices should not require management or configuration.
You examine each computer and notice that only one of the four computers has a
wireless NIC. They all have Ethernet NICs.
What should you purchase?
Answer

A wireless AP and three new wireless NICs.

A new cable modem with a built-in switch and CAT 6a cabling.

A managed switch and CAT 6 cabling.

A hub and CAT 5e cabling.
Correct Answer:
An unmanaged switch and CAT 5e cabling.

Explanation

You should purchase an unmanaged switch and CAT 5e cabling. Switches offer
guaranteed bandwidth to each switch port and full-duplex communication.
Unmanaged switches are autonomous in their function, requiring no port
management or configuration. CAT 5e cabling supports transfer speeds up to 1,000
Gbps.
Purchasing a new cable modem with a built-in switch would be more expensive than
an unmanaged switch. Additionally, CAT 6a cabling is unnecessary for this type of
network. Because all of the computers already have wired NICs, purchasing a
wireless AP and three new wireless NICs would introduce new costs. The wireless
AP would also require additional management and configuration. Hubs suffer from
collisions, so only half-duplex communication is possible. This also wouldn't support
1,000 Gbps speeds. A small business with four computers doesn't need the
additional features that a managed switch provides.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_star_02_np6.question.fex

Question 8:
Correct
Angela is the network administrator for a rapidly growing company with a 100BaseT
network. Users have recently complained about slow file transfers. While checking
network traffic, Angela discovers a high number of collisions.
Which connectivity device would BEST reduce the number of collisions and allow
future growth?
Answer

Router

Hub
Correct Answer:
Switch

Bridge

Explanation
A switch would be the best choice in this situation. A bridge would segment traffic
and reduce collisions, but it would be harder to maintain and harder to add new
bridges as the network grows. A router would also allow growth and reduce
collisions, but switches can provide those benefits at a lower cost per port and offer
more administration options. A hub is not a good choice in this scenario.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_swith_01_np6.question.fex

Question 9:
Correct
During a network infrastructure upgrade, you replaced two 10 Mbps hubs with
switches and upgraded from a Category 3 UTP cable to a Category 5e. During the
process, you accidentally cut the Cat 5e patch cable that stretches from the network
printer to the upgraded switch.
What is the impact on your network?
Answer

All network nodes, including the printer, will be available.

Correct Answer:
All network nodes except the printer will be available.

All network nodes authenticated by the same server as the printer will be
unavailable.

All network nodes connected to the switch will be unavailable.

All network nodes on the same subnet as the printer will be unavailable.

Explanation

UTP cable and switches are associated with a star network topology. In a star
topology, each device is attached to the network using its own patch cable. If a cable
were to fail for any reason, only the device connected by that cable would be
unavailable.

References

• 5.3.2 Physical Network Topology Troubleshooting Facts

q_trouble_topology_swith_02_np6.question.fex

Question 10:
Correct
Upon conducting a visual inspection of the server room, you see that a switch
displays LED collision lights that are continually lit. You check the LED on the
corresponding workstation and see that it is flashing rapidly even though it is not
sending or receiving network traffic at that time.
What is the cause of the network collisions?
Answer

Adapter controller card failure

Correct Answer:
Faulty network card

Incorrect duplex settings

Faulty switch

Explanation

Sometimes when a NIC fails, it doesn't just stop working, but it begins to flood the
network with transmissions. This is called jabbering. A single network card can slow
down an entire network by continually transmitting signals. You can identify a
jabbering network card by slower than normal speeds, high occurrences of collisions
displayed on the hub or switch, and LEDs on the network card, indicating a high level
of transmissions even though a user is not accessing the network.

References

• 5.3.4 Link Status Troubleshooting Facts

q_trouble_link_led_np6.question.fex
3.1.3 Connect to an Ethernet Network

Lab Report
Time Spent: 01:33

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Connect the Ethernet cable connected to computer

 Connect the Ethernet cable to the wall outlet

EXPLANATION

Complete this lab as follows:

1. Access the back view of the computer in Office 1.

a. Under Office 1, select Hardware.
b. Above the computer, select Back to switch to the back view of the computer.
2. Connect the RJ45 cable to the computer and the wall plate.
a. Under Shelf, expand Cables.
b. Select the Cat6a Cable, RJ45 cable.
c. From the Selected Component window:
Drag an RJ45 Shielded Connector to the Ethernet port on the computer.
Drag the other RJ45 Shielded Connector to the Ethernet port on the wall outlet.

3. Test the connection to the internet.

a. On the computer monitor, select Click to view Windows 10 to view the running operating system.
b. In the notification area, right-click the Network icon and select Open Network & Internet settings.
The diagram should indicate an active connection to the network and the internet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.1.6 Connect a Cable Modem

Lab Report
Time Spent: 01:52

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Connect the cable modem to the internet using the RG-6 cable

 Connect the computer to the cable modem using the Ethernet cable

 Plug in the cable modem

 Confirm that the computer is properly connected to the internet

EXPLANATION

Complete this lab as follows:

1. Add the cable modem to the workspace.

a. Under Shelf, expand Routers.
b. Drag the Cable Modem/Router from the shelf to the workspace.
c. Select Back to switch to the back view of the cable modem.
2. Connect the modem to the WAN connection.
a. Under Shelf, expand the Cables category.
b. Select the Coaxial Cable, RG-6 cable.
c. From the Selected Component pane:
Drag a Coaxial Type F connector to the applicable port on the cable modem.
Drag the other Coaxial Type F connector to the applicable port on the wall plate.

3. Connect the computer to the cable modem.

a. Over the computer, select Back to switch to the back view of the computer.
b. Under Shelf, select the Cat6a Cable, RJ45 cable.
c. From the Selected Component pane:
Drag an RJ45 Shielded Connector to the Ethernet port on the cable modem.
Drag the other RJ45 Shielded Connector to the Ethernet port on the computer (not the Ethernet
card in the slot).

4. Provide power to the modem.

a. Under Shelf, select the Power Adapter, AC to DC.
b. From the Selected Component pane:
Drag the DC Power Connector to the port on the cable modem.
Drag the AC Power Adapter end to the power outlet.

5. Verify that the computer is connected to the internet.

a. On the monitor, select Click to view Windows 10.
b. From the notification area, right-click the Network icon and select Open Network & Internet settings.
The diagram should indicate an active connection to the home network and the internet.
Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.2.3 Connect Fiber Optic Cables

Lab Report
Time Spent: 01:41

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Connect the LC connector to the SFP module on the switch

 Connect the ST A connector to the Tx port on the computer

 Connect the ST B connector to the Rx port on the computer

 Disconnect the Ethernet cable from the CorpiSCSI server Show Details

EXPLANATION

To determine which network components to use, examine the ports on the switch and the CorpiSCSI server.

The SFP module installed in the switch uses LC connectors.

The fiber optic NIC installed in the CorpiSCSI server uses ST connectors.

The ST to LC fiber cable is the only cable that can be used to connect the switch and the server.

LC connectors have two connectors linked together. LC connectors can only be inserted one way.

ST connectors twist on using a BNC connector. An ST cable has two color-coded ST connectors. They have
one for transmit (Tx) and one for receive (Rx).

Complete this lab as follows:

1. Connect the fiber ST to LC cable to the SFP port.

a. Under Shelf, expand Cables.
b. Drag the Cable, Fiber, ST to LC cable to the SFP 1 LC port on the switch.
c. In the Select Connector window, select the Connector, Fiber, Duplex LC, Multi-mode, Male.
2. Connect the fiber ST to LC cable to the TX and RX ports.
a. Above the rack, select Back to switch to the back view.
b. From the Selected Component pane:
Drag the ST Connector (A) to the TX port on the CorpiSCSI server (the bottom server).
Drag the ST Connector (B) to the RX port on the CorpiSCSI server.

3. Disconnect the Cat6a RJ45 cable from the CorpiSCSI server and switch.
a. Drag the RJ45 connector from the back of the server to the Shelf.
b. Above the rack, select Front to view the front of the rack.
c. Drag the highlighted RJ45 connector from the switch to the Shelf.
4. Verify that the CorpiSCSI server is connected to the network.
a. On the CorpiSCSI's monitor, select Click to view Windows Server 2019.
b. Right-click Start and select Settings.
c. Select Network & Internet.
d. Verify that Ethernet 3 is connected to CorpNet.local.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.3.6 Connect Patch Panel Cables 1

Lab Report
Time Spent: 03:40

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 In the Networking Closet, connect an Ethernet twisted-pair cable between the Off 1 port on the
patch panel and port 3 on the switch

 In Office 1, connect an Ethernet twisted-pair cable between the workstation and the wall outlet

 In Office 1, configure the workstation to obtain IP and DNS addresses automatically Show
Details

EXPLANATION

Complete this lab as follows:

1. From the Networking Closet, connect the patch panel and switch.
a. Under Shelf, expand Cables.
b. Select the Cat6a Cable, RJ45 cable.
c. From the Selected Component pane:
Drag an RJ45 Shielded Connector to the Off 1 (Office 1) port on the patch panel.
Drag the other RJ45 Shielded Connector to port 3 on the Cisco switch (top row, third port from the
left).

2. Connect the Office1 workstation to the local area network.

a. From the top left, select Floor 1 Overview.
b. In Office 1, select Hardware.
c. Above the computer, select Back to switch to the back view of the computer.
d. Under Shelf, expand Cables.
e. Select Cat6a Cable, RJ45.
f. From the Selected Component pane:
Drag an RJ45 Shielded Connector to the Ethernet port on the computer.
Drag the other RJ45 Shielded Connector to the open Ethernet port on the wall outlet.

3. Configure the workstation to obtain IP and DNS addresses automatically from the server on the network.
a. On the Office1 monitor, select Click to view Windows 10.
b. From the Windows taskbar, right-click Start and then select Settings.
c. Select Network & Internet.
The Settings windows should indicate there is no connection to the internet.
d. Select Ethernet and then select Change adapter options.
e. Right-click Ethernet and then select Properties.
f. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
g. Select Obtain an IP address automatically.
h. Select Obtain DNS server address automatically.
i. Select OK.
j. Select Close.
k. Close the Network connections window.
l. Select Status.
The Settings window should now indicate there is an active connection to the local network and the
internet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.3.7 Connect Patch Panel Cables 2

Lab Report
Time Spent: 02:50

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 In the Networking Closet, connect a patch cable between the Exec 1 port on the patch panel and
port 1 on the switch

 In the Networking Closet, connect a patch cable between the support port on the patch panel and
port 6 on the switch

 In the Networking Closet, connect a patch cable between the lobby port on the patch panel and
port 8 on the switch

EXPLANATION

While completing this lab, use the following port information.

Patch Panel Port Cisco Switch Port

Exec 1 Port 1

Supp Port 6

Lobby Port 8

Complete this lab as follows:

1. From the Networking Closet, attach an Ethernet cable from the patch panel to the switch port.
a. Under Shelf, expand Cables.
b. Select the Cat6a Cable, RJ45.
c. From the Selected Component pane:
Drag an RJ45 Shielded Connector to the Exec 1 port on the patch panel.
Drag the other RJ45 Shielded Connector to the correct port on the Cisco switch (top row).

2. Repeat steps 1b-1c for the Supp and Lobby ports.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.5.3 Select and Install a Network Adapter

Lab Report
Time Spent: 00:58

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Install the 1000BaseTX network adapter on the Exec workstation

 Connect the Exec workstation to the network using a Cat6a cable

 Verify that the Exec workstation can communicate with the internet using the new NIC Show
Details

EXPLANATION

Complete this lab as follows:

1. Insert the PCI adapter into the motherboard.

a. Above the computer, select Motherboard to switch to the motherboard view of the computer.
b. Under Shelf, expand Network Adapters.
c. Drag the Network Adapter, Ethernet 10/100/1000BaseTX, PCIe card to a free PCIe slot on the
computer's motherboard.

2. Move the Ethernet cable from the computer's built-in network adapter to the new PCIe network card.
a. Above the computer, select Back to switch to the back view of the computer.
b. Drag the Ethernet cable from the built-in port to the port on the PCIe network adapter.
3. Confirm that the computer is connected to the local network and the internet.
a. Above the computer, select Front to switch to the front view of the computer.
b. Select the power button on the computer case to turn on the computer.
Wait for the operating system to load.
c. Right-click Start and then select Windows PowerShell (Admin).
d. From the PowerShell prompt, type ping 192.168.0.10 and then press Enter to test connectivity to the
local network server.
e. From the PowerShell prompt, type ping 198.28.2.254 and then press Enter to test connectivity to the
internet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.5.4 Connect a Media Converter

Lab Report
Time Spent: 05:34

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Add the media converter to the basement Workspace

 Move the Ethernet cable from the wall outlet to the media converter's Ethernet port

 Connect the SC to LC fiber cable to the media converter's LC port

 Connect the SC to LC cable to ports 23 and 24 on the fiber patch panel Show Details

 Plug in the media converter

EXPLANATION

Complete this lab as follows:

1. Add the media converter to the rack.

a. Under Shelf, expand Networking Devices.
b. Drag the Media Converter to the bottom shelf of the rack in the Workspace.
2. Connect the SC to LC fiber cable to the media converter.
a. Above the rack, select Back to switch to the back view of the rack.
b. Drag the Ethernet cable from the left wall outlet to the Ethernet port on the media converter.
c. Under Shelf, expand Cables.
d. Select the Cable, Fiber, SC to LC cable.
e. From the Selected Component pane, drag the Connector, Fiber Duplex LC male connector to the media
converter.
3. Connect the SC to LC cables to the patch panel.
a. Above the rack, select Front to switch to the front view of the rack.
b. From the Selected Component pane:
Drag the Fiber Optic SC Connector (A) to port 23 on the fiber patch panel.
Drag the Fiber Optic SC Connector (B) to port 24 on the fiber patch panel.

4. Attach the power adapter to the media converter and plug it into the wall outlet.
a. From the Shelf, drag the Power Adapter, AC to DC to the DC power port on the media converter.
b. From the Select Connector pane, select DC Power Connector.
c. Above the rack, select Back to switch to the back view of the rack.
d. From the Selected Component pane, drag the AC Power Adapter connector to an open outlet on the
rack UPS.
The lights on the media converter should turn on.
5. Navigate to any workstation on Floor 1 to confirm internet connectivity.
a. From the top left, select Building A.
b. Under Building A, select Floor 1.
c. Select a workstation (such as Office1).
d. From the notification area, right-click the Network icon and select Open Network & Internet settings.
e. Verify that the workstation has internet connectivity.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.6.3 Install a Hub

Lab Report
Time Spent: 03:29

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Place the hub on the bench

 Connect the cable modem to the hub

 Use a Cat5e cable to connect both computers to the hub Show Details

 Provide power to the hub

 Confirm that the two computers are properly connected to the internet Show Details

EXPLANATION

Complete this lab as follows:

1. Place the hub in the workspace.

a. Under Shelf, expand Networking Devices.
b. Drag Hub, 1000BaseTX Ethernet1 to the workspace.
2. Connect the Home-PC computer to the hub.
a. Above the hub, select Back to switch to the back view of the hub.
b. Above Home-PC computer, select Back to switch to the back view of the Home-PC computer.
c. Select the Cat5e cable connected to the motherboard's NIC and drag the connector to an Ethernet
port on the hub.
d. Under Shelf, expand Cables.
e. Select Cat5e Cable, RJ45.
f. In the Selected Component pane:
Drag an RJ45 Connector to the Ethernet port on the back of Home-PC.
Drag the other RJ45 Connector to an Ethernet port on the hub.

3. Provide power to the hub.

a. Under Shelf, select Power Adapter, AC to DC.
b. In the Selected Component pane:
Drag the DC Power Connector to the port on the hub.
Drag the AC power adapter to an empty outlet on the wall or surge protector.

4. Confirm that Home-PC is properly connected to the network and internet.

a. On Home-PC, select Click to view Windows 10.
b. Right-click Start and then select Settings.
c. The diagram should indicate an active connection to the home network and the internet.
5. Connect the Home-PC2 computer to the hub.
a. From the top left, select Bench.
b. Above the Home-PC2 computer, select Back to switch to the back view of the Home-PC2.
c. From the Shelf, select Cat5e Cable,RJ45.
d. In the Selected Component pane:
Drag an RJ45 Connector to the Ethernet port on the back of Home-PC2.
Drag the other RJ45 Connector to an Ethernet port on the hub.

6. Confirm that Home-PC2 is properly connected to the network and internet.

a. On Home-PC2, select Click to view Windows 10.
b. Right-click Start and then select Settings.
c. Select Network & Internet.
d. The diagram should indicate an active connection to the home network and the internet.

You can also switch the hub to the front view to use the link lights to verify connectivity to the hub.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.6.4 Install a Switch

Lab Report
Time Spent: 04:17

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Place the managed switch on the bench

 Connect the cable modem to the managed switch

 Use Cat5e cables to connect both computers to the managed switch Show Details

 Provide power to the managed switch

 Confirm that the two computers are properly connected to the local network and the
internet Show Details

EXPLANATION

Complete this lab as follows:

1. Add the managed switch and provided power to the switch.

a. Under the Shelf, expand Networking Devices.
b. Drag Managed Switch to the workspace, preferably next to the existing hub.
c. Above the managed switch, select Back to switch to the back view of the managed switch.
d. Above the hub, select Back to switch to the back view of the hub.
e. Select the DC Power Connector on the hub and drag it to the power port on the switch.
2. Move the Ethernet cables from the hub to the switch.
a. Drag an RJ45 Connector cable from the hub to an open Ethernet port on the switch to connect Home-
PC, Home-PC2, and the cable modem to the switch.
b. Repeat step 2a for each RJ45 connection on the hub.
3. Confirm that the Home-PC and Home-PC2 computers have active connections to the internet.
a. On the Home-PC monitor, select Click to view Windows 10 to view the running operating system.
b. Right-click Start and then select Settings.
c. Select Network & Internet.
The diagram should indicate an active connection to the home network and the internet.
d. From the top navigation menu, select Bench.
e. On the Home-PC2 monitor, select Click to view Windows 10.
f. Right-click Start and then select Settings.
g. Select Network & Internet.
The diagram should indicate an active connection to the home network and the internet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
3.6.7 Configure a Home Router

Lab Report
Time Spent: 02:18

Score: 7/7 (100%) Pass Passing Score: 7/7 (100%)

TASK SUMMARY

Required Actions & Questions

 Place the Ethernet router with the firewall on the Bench and provide power Show Details

 Q1: To which device is the cable in the switch's port 1 connected?

 Q2: To which device is the cable in the switch's port 3 connected?

 Q3: To which device is the cable in the switch's port 4 connected?

 Connect the computers to the Ethernet router with Cat5e cables Show Details

 Connect the Ethernet router to the RJ45 jack on the wall plate using a Cat5e cable

 Confirm that the computers are properly connected to the internet Show Details

EXPLANATION

Complete this lab as follows:

1. Place the router in the Workspace and provide power.

a. Under Shelf, expand Routers.
b. Drag Router, Ethernet w/Firewall to the Workspace.
For convenience, place the router to the left of the existing cable modem.
c. Above the router, cable modem, and switch, select Back to view the back of each device.
d. Drag the DC Power Connector from the switch to the power port on the new router.
2. Determine where the cables plugged into the switch are currently connected.
a. Above the Home-PC computer, select Back.
b. Above the Home-PC2 computer, select Back.
c. From the upper right, select Exhibits.
d. On the switch, select the cable plugged into port 1.
e. From the top right, select Answer Questions.
f. Answer Question 1.
g. On the switch, select the cable plugged into port 3.
h. Answer Question 2.
i. On the switch, select the cable plugged into port 4.
j. Answer Question 3.
k. Minimize the Lab Questions dialog and close the Exhibits window.
3. Move all the Ethernet cables to their new locations.
a. From the switch, drag one of the Ethernet cables to an open LAN port on the new router.
b. Repeat step 3a for the remaining two Ethernet cables still in the switch.
c. Drag the Ethernet cable from the Cable Modem to an open Ethernet port on the wall plate.
4. Confirm that the computer is properly connected to the network and internet.
a. On the Home-PC monitor, select Click to view Windows 10 to view the running operating system.
b. In the notification area, right-click the Network icon and select Open Network & Internet settings.
The diagram should indicate an active connection to the home network and the internet.
5. Confirm the connection for Home-PC2.
a. From the top left, select Bench to return to the bench view.
b. On Home-PC2, select Click to view Windows 10 to view the running operating system.
c. Right-click Start and then select Settings.
d. Select Network & Internet.
e. The diagram should indicate an active connection to the home network and the internet.
6. Score the lab.
a. From the top right, select Answer Questions.
b. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
10.2.4 Connect to a DSL Network

Lab Report
Time Spent: 02:47

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Install the DSL router Show Details

 Connect the computer to the DSL router

 Add a filter between the phone and the phone cable connected to the outlet

EXPLANATION
Complete this lab as follows:

1. Install the DSL router and provide power.

a. Under Shelf, expand Routers.
b. Drag Router, DSL Ethernet to the Workspace area.
Place the router next to the outlets.
c. Above the router, select Back.
d. Under Shelf, expand Cables.
e. Select the Power Adapter.
f. From the Selected Component pane:
Drag the DC Power Connector to the port on the DSL router.
Drag the AC Power Adapter to the wall outlet.

2. Connect the DSL router to the phone line.

a. Under Shelf, select UTP Cable, 2-pair, RJ-11.
b. From the Selected Component pane:
Drag an RJ-11 Connector to the RJ11 port on the router.
Drag the other RJ-11 Connector to a phone port on the wall outlets.

3. Connect the computer to the DSL router.

a. Above the computer, select Back.
b. Under Shelf, select Cat6a Cable, RJ45.
c. From the Selected Component pane:
Drag an RJ45 Shielded Connector to the network port on the computer.
Drag the other unconnected RJ45 Shielded Connector to a network port on the DSL router.

4. When implementing DSL, install a filter between the phone port and each phone.
a. Above the phone, select Back.
b. Under Shelf, expand Filters.
c. Drag the DSL Filter to the phone port.
d. Under Shelf, expand Cables.
e. Select UTP Cable, 2-pair, RJ-11.
f. From the Selected Component pane:
Drag an RJ-11 Connector to the RJ11 port on the filter.
Drag the unconnected RJ-11 Connector to the phone port on the wall outlet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
10.4.3 Configure a Remote Access VPN

Lab Report
Time Spent: 05:54

Score: 6/6 (100%) Pass Passing Score: 6/6 (100%)

TASK SUMMARY

Required Actions

 Create a new certificate authority certificate Show Details

 Create a new server certificate named CorpNet

 Configure the VPN server Show Details

 Configure the firewall rules Show Details

 Set the OpenVPN server to Remote Access (User Auth)

 Configure the following standard VPN users Show Details

EXPLANATION
While completing this lab, use the following information:

Create and configure the following standard remote VPN users:

Username Password Full Name

blindley L3tM31nNow Brian Lindley

jphillips L3tM31nToo Jacob Phillips

Complete this lab as follows:

1. Sign in to the pfSense management console.

a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (zero).
c. Select SIGN IN or press Enter.
2. Start the VPN wizard and select the authentication backend type.
a. From the pfSense menu bar, select VPN > OpenVPN.
b. From the breadcrumb, select Wizards.
c. Under Select an Authentication Backend Type, make sure Local User Access is selected.
d. Select Next.
3. Create a new certificate authority certificate.
a. For Descriptive Name, enter CorpNet-CA.
b. For Country Code, enter GB.
c. For State, enter Cambridgeshire.
d. For City, enter Woodwalton.
e. For Organization, enter CorpNet.
f. Select Add new CA.
4. Create a new server certificate.
a. For Descriptive Name, enter CorpNet.
b. Verify that all of the previous changes (Country Code, State/Providence, and City) are the same.
3. Use all other default settings.
d. Select Create new Certificate.
5. Configure the VPN server.
a. Under General OpenVPN Server Information:
Use the Interface drop-down menu to select WAN.
Verify that the Protocol is set to UDP on IPv4 only.
For Description, enter CorpNet-VPN.
b. Under Tunnel Settings:
For Tunnel Network, enter 198.28.20.0/24.
For Local Network, enter 198.28.56.18/24.
For Concurrent Connections, enter 4.
c. Under Client Settings, in DNS Server1, enter 198.28.56.1.
d. Select Next.
6. Configure the firewall rules.
a. Under Traffic from clients to server, select Firewall Rule.
b. Under Traffic from clients through VPN, select OpenVPN rule.
c. Select Next.
d. Select Finish.
7. Set the OpenVPN server just created to Remote Access (User Auth).
a. For the WAN interface, select the Edit Server icon (pencil).
b. For Server mode, use the drop-down and select Remote Access (User Auth).
c. Scroll to the bottom and select Save.
8. Configure the following Standard VPN users.
a. From the pfSense menu bar, select System > User Manager.
b. Select Add.
c. Configure the User Properties as follows:
Username: Username
Password: Password
Full name: Fullname
d. Scroll to the bottom and select Save.
e. Repeat steps 8b-8d to create the remaining VPN users.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
10.4.5 Configure a VPN Connection iPad

Lab Report
Time Spent: 03:02

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Add an L2TP VPN Connection Show Details

 Turn on and connect the VPN

EXPLANATION
Complete this lab as follows:

1. Verify your connection to the Home-Wireless network.

a. Select Settings.
b. Select Wi-Fi.
c. Verify that you are connected to the Home-Wireless network.
2. Configure the IPSec VPN.
a. From the left menu, select General.
b. Scroll down and select VPN.
c. Select Add VPN Configuration.
d. Make sure L2TP is selected.
e. Configure the VPN connection as follows:
Description: CorpNetVPN
Server: 198.28.56.22
Account: mbrown
Secret: 1a!2b@3c#4d$
f. Select Save.
3. Turn on the VPN.
a. Under VPN Configuration, for Not Connected, slide the button to ON.
b. Enter L3tM31nN0w (0 = zero) as the password.
c. Select OK.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
11.3.6 Configure Logging on pfSense

Lab Report
Time Spent: 05:04

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions & Questions

 Q1: What is the maximum number of logs that can be displayed?

 General settings Show Details

 Enable remote logging

 Configure remote logging Show Details

 Q2: What is the maximum number of logs that can be displayed after configuring the system log
settings?

EXPLANATION
Complete this lab as follows:

1. Sign in to the pfSense Management console.

a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (zero).
c. Select SIGN IN or press Enter.
2. Access the system log settings.
a. From the pfSense menu bar, select Status > System Logs.
b. From the top right, select Answer Questions.
c. Answer Question 1.
3. Configure the general logging options.
a. Under the Status breadcrumb, select Settings.
b. Set the GUI Log Entries field to 25 to show only 25 logs at a time in the GUI.
c. Set the Log file size field to 250000 bytes (250 KB) to set the maximum size of each log file.
4. Configure remote logging.
a. Scroll to the bottom and, under Remote Logging Options, select Enable Remote Logging.
b. Make sure the options are set as follows:
Source address: Default (any)
IP protocol: IPv4
Remote log servers: 192.168.0.10
c. For Remote Syslog Contents, select the following:
System Events
Firewall Events
d. Select Save.
5. View the results of the changes made to the number of logs shown.
a. Under the Status breadcrumb, select System.
b. Answer Question 2.
c. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
11.3.8 Auditing Device Logs on a Cisco Switch

Lab Report
Time Spent: 02:32

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Enable Logging and the Syslog Aggregator Show Details

 Set RAM Memory Logging to Emergency, Alert, and Critical

 Set Flash Memory Logging to Emergency and Alert

 Copy the running configuration file to the startup configuration file

EXPLANATION
Complete this lab as follows:

1. Access the Log Settings for the switch.

a. From the left menu, expand and select Administration > System Log > Log Settings.
2. Enable Logging and the Syslog Aggregator.
a. For Logging, select Enable.
b. For Syslog Aggregator, select Enable.
3. Configure RAM and Flash Memory Logging.
a. Under RAM Memory Logging:
Select Emergency, Alert, and Critical.
Clear Error, Warning, Notice, Informational, and Debug.
b. Under Flash Memory Logging:
Mark Emergency and Alert.
Clear Critical, Error, Warning, Notice, Informational, and Debug.
c. Select Apply.
4. Copy the running configuration file to the startup configuration file.
a. From the top menu bar, select Save.
b. Under Copy/Save Configuration, select Apply.
c. Select OK.
d. Select Done.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
11.6.9 Configure NIC Teaming

Lab Report
Time Spent: 06:36

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions & Questions

 Connect the 4 port NIC to the switch Show Details

 Create the NIC team Show Details

 Q1: What is the connection speed of Ethernet 3, 4, 5, or 6?

 Configure the External network to use NetTeam Show Details

 Q2: What is the connection speed of NetTeam?

EXPLANATION

Complete this lab as follows:

1. Move the network cable from the onboard adapter in the CorpServer to the 4-port NIC in CorpServer.
a. Above the rack, select Back to switch to the back view of the rack.
b. Drag the network cable from the onboard network adapter on CorpServer (the 1U server) to a free port
on the 4-port NIC in CorpServer.
c. Above the rack, select Front to switch to the front view of the rack.
d. Move the other end of the network cable to port 22 on the switch.
2. Connect network cables from the 4-port NIC on CorpServer, to the switch ports 19, 20, and 21.
a. Under Shelf, expand Cables.
b. Select Cat6a Cable, RJ45.
c. From the Selected Component pane, drag an unconnected RJ45 cable to port 19, 20, or 21.
d. Repeat steps 2b-2c for two more cables. Use a port not previously used.
e. Above the rack, select Back.
f. From Partial Connections:
Drag a cable to an open port on the 4-port NIC in CorpServer.
Repeat the previous step until there are no more cables in Partial Connections.

3. Configure the adapter ports as members of a NIC team.

a. On the CorpServer monitor, select Click to view Windows Server 2019.
b. From Server Manager, select Local Server from the menu on the left.
c. Next to NIC Teaming, select Disabled to enable and configure NIC Teaming.
d. From the Teams panel, use the Tasks drop-down list to select New Team.
e. In the Team name field, type NetTeam.
f. Select adapters Ethernet 3 through Ethernet 6 to be included in the team.
g. From the top right, select Answer Questions.
h. Answer Question 1.
i. Minimize the Lab Questions window.
j. From the NIC Teaming window, expand Additional Properties.
k. Configure the additional properties as follows:
Teaming mode: LACP
Load balancing mode: Address Hash
Standby adapter: None (all adapters Active)
l. Select OK to close the NIC Teaming dialog.
m. Close the NIC Teaming window.
4. Configure the Hyper-V Virtual Switch Manager to use the new NIC team for the External network.
a. From Server Manager's menu bar, select Tools > Hyper-V Manager.
b. Right-click CORPSERVER and then select Virtual Switch Manager.
c. Under Virtual Switches, select the External switch for configuration options.
d. Under Connection type, use the External network drop-down to select the Microsoft Network Adapter
Multiplexor Driver.
e. Select OK.
5. Verify the status of the team and your network connection using the Network and Sharing Center.
a. From the system tray, right-click on the network icon and then select Open Network and Sharing
Center.
b. Verify that the vEthernet (External) NIC has an internet connection. Also notice that the network icon in
the system tray shows that the server is connected.
c. To check the connection speed in the Network and Sharing Center, select NetTeam connection on the
right.
d. At the top right, select Answer Questions.
e. Answer Question 2.
f. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
11.7.6 Back Up Files with File History

Lab Report
Time Spent: 02:08

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Save the backup to the Backup (E:) volume

 Back up files daily

 Keep backup files for 6 months

 Back up the entire Data (D:) volume

 Make a backup now

EXPLANATION

Complete this lab as follows:

1. Access the File History Backup options.

a. Right-click Start and then select Settings.
b. Select Update & Security.
c. From the left pane, select Backup.
2. Configure and run a File History Backup plan.
a. From the right pane, select Add a drive.
b. Select Backup (E:).
c. Under Automatically back up my files, slide the switch to On.
d. Select More options.
e. Under Back up my files, use the drop-down menu to select Daily.
f. Under Keep my backups, use the drop-down menu to select 6 months.
g. Under Back up these folders, select Add a folder.
h. Double-click the Data (D:) volume and then select Choose this folder.
i. Select Back up now.
j. Wait for the backup to complete.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
11.7.8 Recover a File from File History

Lab Report
Time Spent: 03:20

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Restore the March 16th at 11:15 AM version of June2020_Issue.jpg

 Restore the March 16th at 12:15 PM version of coverart.jpg

EXPLANATION
Complete this lab as follows:

1. Access the File History options using the Settings app.

a. Right-click Start and then select Settings.
b. Select Update & Security.
c. From the left pane, select Backup.
d. Make sure Automatically back up my files is set to On.
e. Select More options.
f. Scroll to the bottom of the Backup options dialog and select Restore files from a current backup.
g. Maximize the window for better viewing.
2. Restore the June2022_Issue.jpg file.
a. From the bottom of the File History dialog, select the Previous version button (left arrow) to navigate
to the backups captured on Wednesday, March 16, 2022 11:15 AM.
b. Double-click Pictures.
c. Double-click Layouts.
d. Select the June2022_Issue.jpg file.
e. Select the green Restore to original location arrow located at the bottom center.
f. Select Replace the file in the destination.
(The Layouts folder where the file was restored should open.)
g. From the Layouts folder, right-click the June2022_Issue.jpg file and then select Properties.
h. Verify that the file is 115.44 MB in size and was last modified on March 16, 2022 at 11:15:12 AM.
i. Select OK.
j. Close the Layouts window.
3. Restore the coverart.jpg file.
a. In the top left of the File History dialog, select the up arrow to navigate to the Home\Pictures folder.
b. Select the Previous version button at the bottom to navigate to the backups captured on Wednesday,
March 16, 2022 12:15 PM.
c. Double-click Images.
d. Select the coverart.jpg file.
e. Select the green Restore to original location arrow located at the bottom center.
f. Select Replace the file in the destination.
g. Right-click the coverart.jpg file and select Properties.
h. Verify that the file is 1.09 MB in size and was last modified on March 16, 2022 at 12:15:12 PM
i. Select OK.
Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
11.8.3 Allow Remote Desktop Connections

Lab Report
Time Spent: 01:43

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Allow Remote Desktop connections

 Allow Tom Plask to connect using Remote Desktop

 Open the firewall port for Remote Desktop

EXPLANATION
Complete this lab as follows:

1. Configure Office1 to allows connections from Remote Desktop.

a. Right-click Start and select Settings.
b. Maximize the window for better viewing.
c. Select System.
d. From the left pane, select Remote Desktop.
e. Under Enable Remote Desktop, slide the button to the right to enable remote desktop.
f. Select Confirm.
2. Add Tom Plask to the users that will be able to connect to Office1 using a Remote Desktop connection.
a. Under User accounts, click Select users that can remotely access this PC.
b. Select Add.
c. Enter Tom Plask.
d. Select OK to add the user.
e. Select OK to close the dialog.
3. Verify that the firewall ports for Remote Desktop are opened appropriately.
a. From the Settings app, select Home (upper left).
b. Select Update & Security.
c. Select Windows Security.
d. Select Firewall & network protection.
e. Select Allow an app through firewall.
f. Scroll down and verify that Remote Desktop is marked (to open the port).
(The corresponding port is opened or closed automatically when you enable or disable the service in
the system properties).
g. Select Cancel.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
12.3.3 Implement Physical Security

Lab Report
Time Spent: 00:51

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Install the IP security cameras Show Details

 Install the smart card key readers Show Details

 Install the Restricted Access sign on the networking closet door

 Install the visitor log on the lobby desk

EXPLANATION
Complete this lab as follows:

1. Install the IP security cameras:

a. From the Shelf, expand CCTV Cameras.
b. Drag an IP Security Camera from the shelf to the highlighted circle inside the networking closet.
c. Drag an IP Security Camera from the shelf to the highlighted circle just outside the networking closet.
2. Install the smart card key readers:
a. From the Shelf, expand Door Locks.
b. Drag a smart card reader from the shelf to the highlighted location outside the building's front door.
c. Drag a smart card reader from the shelf to the highlighted location outside the networking closet's
door.
3. Install the Restricted Access sign:
a. From the Shelf, expand Restricted Access Signs.
b. Drag the Restricted Access sign from the shelf to the networking closet door.
4. Install the visitor log:
a. From the Shelf, expand Visitor Logs.
b. Drag the visitor log from the shelf to the lobby desk.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
12.4.5 Respond to Social Engineering Exploits

Lab Report
Time Spent: 02:00

Score: 8/8 (100%) Pass Passing Score: 8/8 (100%)

TASK SUMMARY

Required Actions

 Delete the Microsoft Windows Update Center phishing email

 Delete the Jim Haws malicious attachment email

 Delete the Executive Recruiting whaling email

 Delete the Riverdale Estates HOA Online Banking phishing email

 Delete the Grandma White forwarded email hoax

 Delete the Daisy Knudsen spear phishing email

 Delete the Rachelle Hancock malicious attachment email

 Delete the Grandma White forwarded email hoax

EXPLANATION
Complete this lab as follows:

1. Read each email and determine whether the email is legitimate.

2. Delete any emails that are attempts at social engineering.
3. Keep all emails that are safe.
4. The following table list a summary of the results:

Email Diagnosis Action Description

Microsoft
Windows
Notice the various spelling errors and that the
Update Center Phishing Delete
link does not direct you to a Microsoft website.
New Service
Pack

This email appears to be from a colleague.

Jim Haws
Malicious However, why would he fail to respond to your
Re: Lunch Delete
Attachment lunch question and send you a random
Today?
attachment in return?

Whaling uses tailored information to attack

Executive
executives. Clicking the link could install malware
Recruiting Whaling Delete
that would capture sensitive company
Executive Jobs
information.
While this email has an embedded link, it is
Human digitally signed, so you know it actually comes
Resources Safe Keep from your Human Resources department. In
Ethics Video addition, if you hover over the link, you see that
it is a secure link to the corporate web server.

This is a carefully crafted attempt to get your

Riverdale
bank account information. Hover over the link
Estates HOA
Phishing Delete and notice that it does not direct you to your
Payment
credit union website, but to an unknown IP
Pending
address instead.

Grandma White
FW: FW: FW: Any email that asks you to forward it to everyone
Hoax Delete
Virus Attack you know is probably a hoax.
Warning

While this email appears to come from a

colleague, notice that the link points to an
Daisy Knudsen
Spear executable file from a Russian domain name.
Web Site Delete
Phishing This probably is not a message a real colleague
Update
would send. This file will likely infect the
computer with malware.

Rachelle Emails with attachments from random people

Malicious
Hancock Delete who address you as "Dear Friend" are probably
Attachment
Wow!! not safe.

Any email that asks you to forward it to everyone

Grandma White you know is probably a hoax, even if the contents
Free Airline Hoax Delete promise you a prize. In addition, there is no way
Tickets to know how many people the email has been
forwarded to.

Human While this email appears very urgent, it doesn't

Resources ask you to click on anything or run any
IMPORTANT Safe Keep attachments. It does inform you that you need to
NOTICE-Action go a website that you should already know and
Required make sure your courses are complete.

Activities
Committee This email doesn't ask you to click on anything or
Safe Keep
Pumpkin run any attachments.
Contest

Bob Averez This email doesn't ask you to click on anything or

Safe Keep
Presentation run any attachments.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
6.1.7 Configure a Host Firewall

Lab Report
Time Spent: 08:07

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Install the fastest router Show Details

 Configure the Windows Firewall on Dorm-PC Show Details

 Configure the Windows Firewall on Dorm-PC2 Show Details

EXPLANATION
Complete this lab as follows:

On Dorm-PC:

1. Add the fastest router to the workspace and provide power.

a. Under Shelf, expand Routers.
b. Drag Router, 100/1000BaseTX Ethernet to the Workspace.
For convenience, place the router to the left of the wall plate.
c. Above the router, select Back to switch to the back view of the router.
d. Under Shelf, expand Cables and then select Power Adapter, AC to DC.
e. From the Selected Component pane:
Drag the DC Power Connector to the power port on the back of the router.
Drag the AC Power Adapter to the surge protector.

2. Connect the Dorm-PC to the router and internet.

a. Drag the Ethernet cable currently connected to the wall plate (the other end is connected to Dorm-PC)
to a LAN port on the router.
b. Under Shelf, select Cat5e Cable, RJ45.
c. From the Selected Component pane:
Drag an RJ45 Connector to the WAN port on the router.
Drag the unconnected RJ45 Connector to the Ethernet port on the wall plate.
d. (Optional) Above the router, select Front to verify power and network activity lights.
3. Establish a connection to the internet.
a. On the Dorm-PC monitor, select Click to view Windows 10.
b. Right-click Start and select Windows PowerShell (Admin).
c. At the PowerShell prompt, type IPconfig /renew and press Enter to request new TCP/IP information
from the router.
d. In the notification area of the taskbar, right-click the Network icon and select Open Network and
Internet settings. The network information map should indicate an active connection to the Firewall
Network and the internet.
4. From Dorm-PC, turn on the applicable Windows Firewalls.
a. In Network and Internet, in the right pane, scroll down and select Windows Firewall.
b. From the right pane, under Private network, select Turn on.
c. From the right pane, under Public network, select Turn on.
5. Allow a program through the firewall on Dorm-PC.
a. From the Windows Security window, select Allow an app through firewall.
b. Select Change settings.
c. Select Allow another app to configure an exception for an uncommon program.
d. In the Add an app dialog, select SuperBlast from the list.
e. Select Add.
f. For the SuperBlast program, make sure the check mark for the Public profile is not selected.
g. Select OK.

On Dorm-PC2:

1. Connect Dorm-PC2 to the router.

a. From the top left, select Bench to return to the bench view.
b. Above the Dorm-PC2 computer, select Back.
c. Under Shelf, expand Cables.
d. Select a Cat5e Cable, RJ45.
e. From the Selected Component pane:
Drag an RJ45 Connector to the LAN port on the Dorm-PC2 computer.
Drag the unconnected RJ45 Connector to an open LAN port on the router.

2. For Dorm-PC2, request new TCP/IP information from the router.

a. On the Dorm-PC2 monitor, select Click to view Windows 10.
b. Right-click Start and then select Windows PowerShell (Admin).
c. At the PowerShell prompt, type IPconfig.
Notice the connection to the 192.168.0.0 network.
d. In the notification area of the taskbar, right-click the Network icon and select Open Network and
Internet settings.
The network information map should indicate an active connection to the Firewall Network and the
internet.
3. From Dorm-PC2, turn on the applicable Windows Firewalls.
a. In Network and Internet, in the right pane, scroll down and select Windows Firewall.
b. From the right pane, under Private network, select Turn on.
c. From the right pane, under Public network, select Turn on.
4. Allow the SuperBlast program through the firewall.
a. From the Windows Security window, select Allow an app through firewall.
b. Select Change settings.
c. Select Allow another app to configure an exception for an uncommon program.
d. In the Add an app dialog, select SuperBlast from the list.
e. Select Add.
f. For the SuperBlast program, make sure the check mark for the Public profile is not selected.
g. Select OK.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
6.2.5 Configure Network Security Appliance Access

Lab Report
Time Spent: 03:36

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Change the password for the admin account to P@ssw0rd

 Create and configure a new pfSense user Show Details

 Set a 20-minute session timeout for pfSense

 Enable anti-lockout for HTTP

EXPLANATION
Complete this lab as follows:

1. Access the pfSense management console.

a. From the taskbar, select Google Chrome.
b. Maximize the window for better viewing.
c. In the Google Chrome address bar, enter 198.28.56.22 and then press Enter.
d. Enter the pfSense sign-in information as follows:
Username: admin
Password: pfsense
e. Select SIGN IN.
2. Change the password for the default (admin) account.
a. From the pfSense menu bar, select System > User Manager.
b. For the admin account, under Actions, select the Edit user icon (pencil).
c. For Password, change to P@ssw0rd (0 = zero).
d. Enter P@ssw0rd in the Confirm Password field.
e. Scroll to the bottom and select Save.
3. Create and configure a new pfSense user.
a. Select Add.
b. Enter lyoung as the username.
c. Enter C@nyouGuess!t in the Password field.
d. Enter C@nyouGuess!t in the Confirm Password field.
e. Enter Liam Young in Full Name field.
f. For Group membership, select admins and then select Move to "Member of" list.
g. Scroll to the bottom and select Save.
4. Set a session timeout for pfSense.
a. Under the System breadcrumb, select Settings.
b. For Session timeout, enter 20.
c. Select Save.
5. Disable the webConfigurator anti-lockout rule for HTTP.
a. From the pfSense menu bar, select System > Advanced.
b. Under webConfigurator, for Protocol, select HTTP.
c. Scroll down and select Anti-lockout to disable the webConfigurator anti-lockout rule.
d. Scroll to the bottom and select Save.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
6.2.6 Configure a Security Appliance

Lab Report
Time Spent: 01:44

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Configure DNS servers Show Details

 Configure WAN settings Show Details

 Add and configure a new gateway Show Details

EXPLANATION
Complete this lab as follows:

1. Access the pfSense management console.

a. Sign in using the following case-sensitive information:
Username: admin
Password: P@ssw0rd (zero).
b. Select SIGN IN or press Enter.
2. Configure the DNS servers.
a. From the pfSense menu bar, select System > General Setup.
b. Under DNS Server Settings, configure the primary DNS server.
Address: 163.128.78.93
Hostname: DNS1
Gateway: None
c. Select Add DNS Server to add a secondary DNS server and then configure it.
Address: 163.128.80.93
Hostname: DNS2
Gateway: None
d. Scroll to the bottom and select Save.
3. Configure the WAN settings.
a. From pfSense menu bar, select Interfaces > WAN.
b. Under General Configuration, select Enable interface.
c. Use the IPv4 Configuration Type drop-down to select Static IPv4.
d. Under Static IPv4 Configuration, in the IPv4 Address field, use 65.86.24.136
e. Use the IPv4 Address subnet drop-down to select 8.
f. Under Static IPv4 Configuration, select Add a new gateway.
g. Configure the gateway settings as follows:
Default: select Default gateway
Gateway name: WANGateway
Gateway IPv4: 65.86.1.1
h. Select Add.
i. Scroll to the bottom and select Save.
j. Select Apply Changes.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
6.2.8 Configure a Perimeter Firewall

Lab Report
Time Spent: 04:24

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Create and configure a firewall rule to pass HTTP traffic from the internet to the web
server Show Details

 Create and configure a firewall rule to pass HTTPS traffic from the internet to the web
server Show Details

 Create and configure a firewall rule to pass all traffic from the LAN network to the screened subnet
(DMZ) network Show Details

EXPLANATION
Complete this lab as follows:

1. Sign in to the pfSense management console.

a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (zero).
c. Select SIGN IN or press Enter.
2. Create and configure a firewall rule to pass HTTP traffic from the internet to the web server.
a. From the pfSense menu bar, select Firewall > Rules.
b. Under the Firewall breadcrumb, select DMZ.
c. Select Add (either one).
d. Make sure Action is set to Pass.
e. Under Source, use the drop-down menu to select WAN net.
f. Select Display Advanced.
g. For Source Port Range, use the From drop-down menu to select HTTP (80).
h. Under Destination, use the Destination drop-down menu to select Single host or alias.
i. In the Destination Address field, enter 172.16.1.5
j. Using the Destination Port Range drop-down menu, select HTTP (80).
k. Under Extra Options, in the Description field, enter HTTP to DMZ from WAN.
l. Select Save.
m. Select Apply Changes.
3. Create and configure a firewall rule to pass HTTPS traffic from the internet to the web server.
a. For the rule just created, select the Copy icon (two files).
b. Under Source, select Display Advanced.
c. Change the Source Port Range to HTTPS (443).
d. Under Destination, change the Destination Port Range to HTTPS (443).
e. Under Extra Options, change the Description field to HTTPS to DMZ from WAN
f. Select Save.
g. Select Apply Changes.
4. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network.
a. Select Add (either one).
b. Make sure Action is set to Pass.
c. For Interface, use the drop-down menu to select LAN.
d. For Protocol, use the drop-down menu to select Any.
e. Under Source, use the drop-down menu to select LAN net.
f. Under Destination, use the drop-down menu to select DMZ net.
g. Under Extra Options, in the Description field, enter LAN to DMZ Any.
h. Select Save.
i. Select Apply Changes.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
6.3.4 Configure a Screened Subnet (DMZ)

Lab Report
Time Spent: 05:08

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Configure an interface for the DMZ Show Details

 Add a firewall rule to the DMZ interface Show Details

 Configure pfSense's DHCP server for the DMZ interface Show Details

EXPLANATION
Complete this lab as follows:

1. Sign into the pfSense management console.

a. Enter admin in the Username field.
b. In the Password field, enter P@ssw0rd (0 = zero).
c. Select SIGN IN or press Enter.
2. Configure an interface for the DMZ.
a. From the pfSense menu bar, select Interfaces > Assignments.
b. Select Add.
c. Select OPT1.
d. Select Enable interface.
e. Change the Description field to DMZ
f. Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4.
g. Under Static IPv4 Configuration, change the IPv4 Address field. to 172.16.1.1
h. Use the Subnet mask drop-down menu to select 16.
i. Select Save.
j. Select Apply Changes.
k. (Optional) Verify the change as follows:
From the menu bar, select pfsense COMMUNITY EDITION.
Under Interfaces, verify that the DMZ is shown with the correct IP address.

3. Add a firewall rule to the DMZ interface that allows all traffic from the DMZ.
a. From the pfSense menu bar, select Firewall > Rules.
b. Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.)
c. Select Add (either one).
d. For the Action field, make sure Pass is selected.
e. For the Interface field, make sure DMZ is selected.
f. For the Protocol, use the drop-down menu to select Any.
g. Under Source, use the drop-down menu to select DMZ net.
h. Under Destination, make sure it is configured for any.
i. Under Extra Options, enter Allow DMZ to any rule as the description.
j. Scroll to the bottom and select Save.
k. Select Apply Changes.
4. Configure pfSense's DHCP server for the DMZ interface.
a. From the menu bar, select Services > DHCP Server.
b. Under the Services breadcrumb, select DMZ.
c. Select Enable to enable DHCP server on the DMZ interface.
d. Configure the Range field as follows:
From: 172.16.1.100
To: 172.16.1.200
e. Scroll to the bottom and select Save.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
6.4.4 Implement Intrusion Prevention

Lab Report
Time Spent: 05:15

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Configure Snort rules Show Details

 Configure Sourcefire OpenAppID Detectors Show Details

 Configure the Rules Update Settings Show Details

 Configure General Settings Show Details

 Configure the Snort Interface settings for the WAN interface Show Details

EXPLANATION

Complete this lab as follows:

1. Sign in to the pfSense management console.

EXPLANATION
Complete this lab as follows:

1. Log in to the Cisco switch.

a. In the Google Chrome URL field, type 192.168.0.2 and press Enter.
b. Maximize the window for better viewing.
c. In the Username and Password fields, enter cisco (case-sensitive).
d. Select Log In.
2. Assign a static IPv4 address to VLAN 1.
a. From the left navigation pane, expand and select Administration > Management Interface > IPv4
Interface.
b. From the right pane, for IP Address Type, select Static.
c. Configure the IPv4 interface as follows:
IP address: 192.168.45.72
Mask: 255.255.255.0
Administrative Default Gateway: 192.168.45.1
d. Select Apply.
e. Select OK.
The switch will automatically log you out.
3. Log in to the Cisco switch.
a. In the Username and Password fields, enter cisco (case-sensitive).
b. Select Log In.
4. Change the default VLAN ID for the switch to VLAN 16.
a. From the left pane, expand and select VLAN Management > Default VLAN Settings.
b. Set Default VLAN ID After Reboot to 16.
c. Select Apply and then select OK.
5. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.
6. Reboot the switch for changes to take effect.
a. From the left pane, expand and select Administration > Reboot.
b. From the right pane, select Reboot.
c. Select OK.
d. Wait for the switch to restart.
e. From the upper right, select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.2.6 Create VLANs - GUI

Lab Report
Time Spent: 06:08

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Create and configure the VLAN Show Details

 Connect the IP cameras to the VLAN and mount the IP cameras to the wall Show Details

 Connect the laptop to the VLAN

 Launch the IP camera-monitoring software and confirm that the IP cameras are online

EXPLANATION
Complete this lab as follows:

1. Log in to the Cisco switch.

a. In the Username and Password fields for the Cisco switch, enter cisco (case-sensitive).
b. Select Log In.
2. Create the IPCameras VLAN.
a. From the Getting Started pane (right), under Initial Setup, select Create VLAN.
b. Select Add.
c. For VLAN ID, enter 2.
d. For VLAN Name, enter IPCameras.
e. Select Apply.
f. Select Close.
3. Configure the IPCameras VLAN ports.
a. From the left pane, under VLAN Management, select Port to VLAN.
b. Using the VLAN ID equals to drop-down menu, select 2.
c. Select Go.
d. For ports GE18 through GE21, use the drop-down menus to select Untagged.
e. Select Apply.
4. Connect the IP camera in the lobby to the VLAN and mount the IP cameras.
a. From the top left, select Floor 1.
b. Under Lobby, select Hardware.
c. Under Shelf, expand CCTV Cameras.
d. Drag the IP Camera (Lobby) to the workspace.
e. Under Workspace, for the IP camera, select Back to switch to the back view of the IP camera.
f. Under Shelf, expand Cables and then select the Cat5e Cable, RJ45 cable.
g. From the Selected Component pane:
Drag an RJ45 Connector to the RJ-45 port on the IP camera wall mount plate.
Drag the unconnected RJ45 Connector to the RJ-45 port on the back of the IP camera.
h. Drag the IP camera to the IP camera wall plate.
5. Connect the IP camera in the Networking Closet to the VLAN and mount the IP cameras.
a. From the top left, select Floor 1.
b. Under Networking Closet, select Hardware.
c. Under Shelf, expand CCTV Cameras.
d. Drag the IP Camera (Networking Closet) to the workspace.
e. Under Workspace for the IP camera, select Back to switch to the back view of the IP camera.
f. Under Shelf, expand Cables and then select the Cat5e Cable, RJ45 cable.
g. From the Selected Component pane:
Drag an RJ45 Connector to the RJ-45 port on the IP camera mount wall plate.
Drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera.
h. Drag the IP camera to the IP camera wall plate to mount the IP camera.
6. Connect the DHCP server and laptop to the VLAN.
a. From the Networking Closet, under Shelf, select Cat5e Cable, RJ45.
b. From the Selected Component pane:
Drag an RJ45 Connector to port 21 on the switch.
Drag the unconnected RJ45 Connector to port 21 on the patch panel.

7. Connect IT-Laptop2 to the VLAN.

a. From the top menu, select Floor 1.
b. Under IT Administration, select Hardware.
c. Above IT-Laptop2, select Back to switch to the back view of the laptop.
d. Under Shelf, select Cat5e Cable, RJ45.
e. From the Selected Component pane:
Drag an RJ45 Connector to the RJ-45 port on the laptop.
Drag the unconnected RJ45 Connector to the open RJ-45 port on the wall plate.

To verify that all components are connected, you can change the location to the Network
Closet hardware view. You should see green link/activity lights on ports 18 - 21 of the switch.

8. Launch the IP camera monitoring software.

a. Under the laptop's workspace, select Front.
b. On the IT-Laptop2, select Click to view Windows 10.
c. From the taskbar, select Start.
d. Select IP Cameras.
e. Verify that both cameras are detected on the network.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.2.9 Configure Switch IP Settings - CLI

Lab Report
Time Spent: 05:18

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions & Questions

 Set the IP address for the switch

 Set the default gateway address

 Save the changes Show Details

 Q1: What is the IP address assigned to the FastEthernet0/0 interface on the SFO router?

EXPLANATION
Complete this lab as follows:

1. Find the IP address assigned to the FastEthernet0/0 interface on the SFO router.
a. Select the Branch1 switch.
b. From the Terminal, press Enter to get started.
c. Type enable and press Enter to change to the EXEC or Global Configuration mode.
d. Type show cdp neighbors detail and press Enter.
e. Find the IP address for the SFO router.
f. From the top right, select Answer Questions.
g. Answer the question.
h. Move the question dialog to the side and keep working.
2. Configure the IP address and subnet mask for the Branch1 switch.
a. At the Branch1# prompt, type config t and press Enter.
b. At the Branch1(config)# prompt, type interface vlan1 and press Enter.
c. At the Branch1(config-if)# prompt, type ip address 192.168.11.250 255.255.255.0 and press Enter.
d. At the Branch1(config-if)# prompt, type exit and press Enter.
3. Configure the switch to use the FastEthernet0/0 interface on the SFO router as the default gateway.
a. At the Branch1(config)# prompt, type ip default-gateway routers_IP_address and press Enter.
b. At the Branch1(config)# prompt, type exit and press Enter.
4. Save your changes to the startup-config file.
a. At the Branch1# prompt, type copy run start and press Enter.
b. Press Enter to begin building the configuration.
c. When you see OK, press Enter.
d. From the question dialog, select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.3.12 Configure Port Mirroring

Lab Report
Time Spent: 01:55

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Set port 26 to VLAN1

 Mirror received traffic from port 28 to port 26 Show Details

 Save the changes to the switch's startup configuration file

EXPLANATION
Complete this lab as follows:

1. Log in to the Cisco switch.

a. Maximize the Google Chrome window for better viewing.
b. In the Username and Password fields, enter cisco (case-sensitive).
c. Select Log In.
2. Assign port GE26 to VLAN 1.
a. From the left pane, expand and select VLAN Management > Port VLAN Membership.
b. Select GE26 and then select Join VLAN.
c. From the left pane, under Select VLAN, select 1 (for VLAN 1).
d. Select > to move VLAN 1 from the available pane to the attached VLAN pane.
e. Select Apply and then select Close.
3. Mirror the received traffic from port GE28 to port GE26.
a. From the left pane, expand and select Administration > Diagnostics > Port and VLAN Mirroring.
b. Select Add.
c. For the Destination Port, use the drop-down list to select GE26.
d. For the Source Interface, use the drop-down list to select GE28.
e. For the Type, make sure that Rx only is selected. This allows you to only mirror the incoming packets.
f. Select Apply and then select Close.
4. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For the Source File Name, make sure Running configuration is selected.
c. For the Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.3.14 Configure PoE

Lab Report
Time Spent: 01:32

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions & Questions

 Set the PoE Power Mode to Class Limit

 Q1: How many watts of power is the security camera currently using?

 Q2: How many watts of power are available in the switch for PoE devices?

 Configure the PoE priority for port GE23 to be Critical

 Save the changes to the switch's startup configuration file Show Details

EXPLANATION

Complete this lab as follows:

1. Log in to the Cisco switch.

a. Maximize the Google Chrome window for better viewing.
b. In the Username and Password fields, enter cisco (case-sensitive).
c. Select Log In.
2. Set the Power over Ethernet (PoE) switch properties.
a. From the left pane, expand and select Port Management > PoE > Properties.
b. Select Class Limit.
c. Select Apply.
d. From the top right, select Answer Questions.
e. Answer the questions.
f. Minimize the Lab Questions dialog.
3. Configure the PoE priority for port GE23 to be Critical.
a. From the left pane, under PoE, select Settings.
b. From the right pane, select port GE23 and click Edit.
c. For Power Priority Level, select Critical.
d. Select Apply.
e. Select Close.
4. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.
5. Score the lab.
a. From the top right, select Answer Questions.
b. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.3.4 Configure Trunking

Lab Report
Time Spent: 10:30

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions & Questions

 Q1: What is the default Interface VLAN mode?

 Set ports GE1 - GE26 to Access Mode Show Details

 Leave ports GE27 and GE28 set to Trunk, but set the PVID to 2 Show Details

 Add VLANs 22, 44, and 67 to ports 27 & 28 Show Details

 Save and apply your changes

EXPLANATION

Complete this lab as follows:

1. Log in to the CISCO switch.

a. From the taskbar, select Google Chrome.
b. In the URL field, enter 192.168.0.2 and press Enter.
c. Maximize the window for better viewing.
d. In the Username and Password fields, enter cisco (the password is case sensitive).
e. Select Log In.
2. Examine the switch port defaults.
a. From the left navigation bar, expand and select VLAN Management > Interface Settings.
b. Using the interface shown in the right pane, examine the settings for all ports.

For a detailed view of a single port, you can select Edit.

c. From the upper right, select Answer Questions.

d. Answer Question 1.
e. Minimize the Lab Questions dialog.
3. Set ports GE1 through GE26 to Access Mode.
a. From the Interface Settings pane, select GE1.
b. Select Edit.
c. Maximize the window for better viewing.
d. For Interface VLAN Mode, select Access.
e. Select Apply and then select Close.
f. With GE1 still selected, click Copy Settings.
g. In the to field, type 2-26 and then select Apply.
Notice that under the Interface VLAN Mode column, ports GE1-GE26 are now set to Access.
4. Set the port VLAN ID (PVID) for ports GE27-GE28 to the value of 2.
a. Select the desired port and then select Edit.
b. For the Administrative PVID, enter 2.
c. Select Apply and then Close.
d. Repeat steps 4a - 4c for the second port.
5. Add VLANs 22, 44, and 67 to ports GE27 and GE28.
a. From the left pane, under VLAN Management, select Port VLAN Membership.
b. Select port GE27 and then select Join VLAN.
c. From the new window, hold down the Shift key and select VLANs 22, 44, and 67; then select the >
button to assign the VLANs.
d. Select Apply and then select Close.
e. Repeat steps 5b - 5d for port GE28.
6. Save the changes to the switch's startup configuration file.
a. From the top of the switch window, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.
7. Score the lab.
a. From the upper right, select Answer Questions.
b. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.3.6 Configure Port Aggregation

Lab Report
Time Spent: 04:56

Score: 6/6 (100%) Pass Passing Score: 6/6 (100%)

TASK SUMMARY

Required Actions & Questions

 Create a new Link Aggregation Group (LAG) Show Details

 Configure a new LAG-to-VLAN mode of access

 Join LAG1 to VLAN13

 Q1: What is the current link state for LAG1?

 Q2: What are the active members of LAG1?

 Save the changes to the startup configuration Show Details

EXPLANATION
Complete this lab as follows:

1. Log in to the Cisco switch.

a. In the Username and Password fields, enter cisco (case-sensitive).
b. Select Log In.
2. Create a new Link Aggregation Group (LAG1).
a. From the left pane, expand and select Port Management > Link Aggregation > LAG Management.
b. From the right pane, select LAG 1 and then select Edit.
c. In the LAG Name field, type windows_server.
d. Select LACP to enable the Link Aggregation Control Protocol (LACP).
e. Under Port List, press and hold the Shift key; then select GE1 and GE2.
f. Select > to add the ports to the LAG Members pane.
g. Select Apply.
h. Select Close.
3. Configure LAG1 to the VLAN mode of access.
a. From the left pane, expand and select VLAN Management > Interface Settings.
b. Using the Filter: Interface Type equals to drop-down menu, select LAG and then select Go.
c. Select LAG1 and then select Edit.
d. For Interface VLAN Mode, select Access.
e. Select Apply.
f. Select Close.
4. Join LAG1 to VLAN13.
a. From the left pane, expand and select VLAN Management > Port VLAN Membership.
b. Using the Filter: Interface Type equals to drop-down menu, select LAG and then select Go.
c. Select LAG1 and then select Join VLAN.
d. Under Select VLAN, from the right pane, select 1U and then select < to remove VLAN1.
e. From the left pane, select VLAN13; then select > to add the VLAN to the selected VLANs pane.
f. Select Apply.
g. Select Close.
5. Verify the status of the new LAG1 group.
a. From the left navigation bar, expand and select Port Management > Link Aggregation > LAG
Management.
b. From the top right, select Answer Questions.
c. Answer the questions.
This connection is now ready to use LACP.
d. Minimize the Lab Questions window.
6. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.
g. From the top right, select Answer Questions.
h. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.3.8 Enable Jumbo Frame Support

Lab Report
Time Spent: 02:07

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions & Questions

 Enable Jumbo Frames

 Save configuration changes to switch

 Reboot the switch

 Q1: How many combined Undersize Packets, Oversize Packets, Fragments, Jabbers, and Collisions
are there?

 Q2: True or False: Now that Jumbo Frames is enabled, network devices should also be configured
to use Jumbo Frames or have a frame size larger than 1500 bytes.

EXPLANATION
Complete this lab as follows:

1. Log in to the CISCO switch.

a. Maximize the Google Chrome window for better viewing.
b. In the Username and Password fields, enter cisco (the password is case sensitive).
c. Select Log In.
2. Enable Jumbo Frames.
a. From the left pane, expand and select Port Management > Port Settings.
b. For Jumbo Frames, select Enable.
c. Select Apply.
3. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.
4. Reboot the switch.
a. From the left pane, under Administration, select Reboot.
b. Select Reboot to reboot the switch immediately.
c. Select OK.
5. Log in to the Cisco switch and check switch statistics for any errors.
a. In the Username and Password fields, enter cisco (the password is case sensitive).
b. Select Log In.
c. From the left pane, expand and select Status and Statistics > RMON > Statistics.
d. For Interface, use the drop-down list to select GE28.
e. Review the statistics for Undersize, Oversize, Jabbers, and Collisions.
f. From the top right, select Answer Questions.
g. Answer the questions.
h. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.4.10 Secure Access to a Switch 2

Lab Report
Time Spent: 04:25

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Create the GameConsoles ACL

 Create a MAC-based access control Show Details

 Bind the GameConsoles ACL to all of the interfaces Show Details

 Save the configuration

EXPLANATION
While completing this lab, use the following information:

Configure the GameConsoles MAC-based access control entry (ACE) settings as follows:

Destination
Priority Action Source MAC Address
MAC Address

Value: 00041F111111
1 Deny Any
Mask: 000000111111

Value: 005042111111
2 Deny Any
Mask: 000000111111

Value: 000D3A111111
3 Deny Any
Mask: 000000111111

Value: 001315111111
4 Deny Any
Mask: 000000111111

Value: 0009BF111111
5 Deny Any
Mask: 000000111111

Value: 00125A111111
6 Deny Any
Mask: 000000111111

Complete this lab as follows:

1. Create the GameConsoles ACL.

a. From the Getting Started page, under Quick Access, select Create MAC-Based ACL.
b. Select Add.
c. In the ACL Name field, enter GameConsoles.
d. Select Apply and then select Close.
2. Create a MAC-based access control.
a. Select MAC-Based ACE Table.
b. Select Add.
c. Enter the priority.
d. Select the action.
e. For Destination MAC Address, make sure Any is selected.
f. For Source MAC Address, select User Defined.
g. Enter the source MAC address value.
h. Enter the source MAC address mask.
i. Select Apply.
j. Repeat steps 2c–2i for the remaining ACE entries.
k. Select Close.
3. Bind the GameConsoles ACL to all of the interfaces.
a. From the left pane, under Access Control, select ACL Binding (Port).
b. Select GE1.
c. At the bottom of the window, select Edit.
d. Select Select MAC-Based ACL.
e. Select Apply and then select Close.
f. Select Copy Settings.
g. In the Copy configuration's to field, enter 2-30.
h. Select Apply.
4. Save the Configuration.
a. From the top of the window, select Save.
b. Under Source File Name, make sure Running configuration is selected.
c. Under Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.4.6 Disable Switch Ports - GUI

Lab Report
Time Spent: 01:30

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Disable port 15

 Copy GE15 settings to ports 18 and 21-27 Show Details

 Save configuration settings to the startup configuration file Show Details

EXPLANATION
Complete this lab as follows:

1. Log in to the CISCO switch.

a. In the Google Chrome URL field, enter 192.168.0.2 and press Enter.
b. Maximize the window for better viewing.
c. In the Username and Password fields, enter cisco (case sensitive).
d. Select Log In.
2. Disable port GE15.
a. From the left navigation bar, expand and select Port Management > Port Settings.
b. Select GE15 (port 15) and then select Edit.
c. For Administrative Status, select Down.
d. Select Apply.
e. Select Close.
3. Copy GE15 port settings to ports 18 and 21-27.
a. Select GE15 and then select Copy Settings.
b. Type 18,21-27 in the To: field.
c. Select Apply.
4. Save the changes to the switch's startup configuration file.
a. From the upper right of the switch window, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
f. Select Done.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.4.8 Harden a Switch

Lab Report
Time Spent: 03:11

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Disable the unused ports Show Details

 Configure Port Security settings for the used ports Show Details

EXPLANATION
While completing this lab, use the following information:

Unused Ports Used Ports

GE2 GE1
GE7 GE3-GE6
GE9-GE20 GE8
GE25 GE21-GE24
GE27-GE28 GE26

Complete this lab as follows:

1. Shut down the unused ports.

a. Under Initial Setup, select Configure Port Settings.
b. Select the GE2 port.
c. Scroll down and select Edit.
d. For Administrative Status, select Down.
e. Scroll down and select Apply.
f. Select Close.
g. With the GE2 port selected, scroll down and select Copy Settings.
h. In the Copy configuration field, enter the remaining unused ports. Use the examples shown in the UI as
a guide.
i. Select Apply.
From the Port Setting Table in the Port Status column, you can see that all the ports are down now.
2. Configure the Port Security settings.
a. From the left menu, expand and select Security > Port Security.
b. Select the GE1 port.
c. Scroll down and select Edit.
d. For Interface Status, select Lock.
e. For Learning Mode, make sure Classic Lock is selected.
f. For Action on Violation, make sure Discard is selected.
g. Select Apply.
h. Select Close.
i. Scroll down and select Copy Settings.
j. Enter the remaining used ports. Use the examples shown in the UI as a guide.
k. Select Apply.
Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.4.9 Secure Access to a Switch

Lab Report
Time Spent: 04:11

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Create an access profile to restrict management access Show Details

 Add a profile rule

 Set the active access profile

 Save changes to the startup configuration

EXPLANATION
Complete this lab as follows:

1. Create and configure an Access Profile named MgtAccess.

a. From the left pane, expand and select Security > Mgmt Access Method > Access Profiles.
b. Select Add.
c. Enter the Access Profile Name of MgtAccess.
d. Enter the Rule Priority of 1.
e. For Action, select Deny.
f. Select Apply and then select Close.
2. Add a profile rule to the MgtAccess profile.
a. From the left pane, under Security > Mgmt Access Method, select Profile Rules.
b. From the right pane, select the MgtAccess profile and then select Add.
c. Enter a Rule Priority of 2.
d. For Management Method, select HTTP.
e. For Applies to Source IP Address, select User Defined.
f. For IP Address, enter 192.168.0.10.
g. For Mask, enter a Network Mask of 255.255.255.0.
h. Select Apply and then select Close.
3. Set the MgtAccess profile as the active access profile.
a. From the left pane, under Security > Mgmt Access Method, select Access Profiles.
b. Use the Active Access Profile drop-down list to select MgtAccess.
c. Select Apply.
d. Select OK.
4. Save the changes to the switch's startup configuration file.
a. At the top, select Save.
b. For Source File Name, make sure Running configuration is selected.
c. For Destination File Name, make sure Startup configuration is selected.
d. Select Apply.
e. Select OK.
Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.5.10 Configure QoS

Lab Report
Time Spent: 15:41

Score: 8/8 (100%) Pass Passing Score: 8/8 (100%)

TASK SUMMARY

Required Actions & Questions

 Create an alias Show Details

 Use the Traffic Shaper wizard for dedicated links using one WAN connection

 Configure the Traffic Shaper Show Details

 Prioritize voice over IP traffic Show Details

 Enable and configure a penalty box Show Details

 Raise and lower the applicable application's priority Show Details

 Q1: How many firewall rules were created?

 Change the port number used for the MSRDP outbound rule

EXPLANATION
Complete this lab as follows:

1. Sign in to the pfSense management console.

a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (0 = zero).
c. Select SIGN IN or press Enter.
2. Create a high bandwidth usage alias.
a. From the pfSense menu bar, select Firewall > Aliases.
b. Select Add.
c. Configure the Properties as follows:
Name: HighBW
Description: High bandwidth users
Type: Host(s)
d. Add the IP addresses of the offending computers to the host(s) configuration as follows:
Under Host(s), in the IP or FQDN field, enter 172.14.1.25 for Vera's system.
Select Add Host.
In the new IP or FQDN field, enter 172.14.1.100 for Paul's system.
e. Select Save.
f. Select Apply Changes.
3. Start the Traffic Shaper wizard for dedicated links.
a. From the pfSense menu bar, select Firewall > Traffic Shaper.
b. Under the Firewall bread crumb, select Wizards.
c. Select traffic_shaper_wizard_dedicated.xml.
d. Under Traffic Shaper wizard, in the Enter number of WAN type connections field, enter 1 and then select
Next.
4. Configure the Traffic Shaper.
a. Make sure you are on Step 1 of 8.
b. Using the drop-down menu for the upper Local interface, select GuestWi-Fi.
c. Using the drop-down menu for lower Local interface, make sure PRIQ is selected.
d. For the upper Upload field, enter 8.
e. Using the drop-down menu for the lower Upload field, select Mbit/s.
f. For the top Download field, enter 50.
g. Using the drop-down menu for the lower Download field, select Mbit/s.
h. Select Next.
5. Prioritize voice over IP traffic.
a. Make sure you are on Step 2 of 8.
b. Under Voice over IP, select Enable to prioritize the voice over IP traffic.
c. Under Connection #1 parameters, in the Upload rate field, enter 10.
d. Using the drop-down menu for the top Units, select Mbit/s.
e. For the Download rate, enter 20.
f. Using the drop-down menu for the bottom Units, select Mbit/s.
g. Select Next.
6. Enable and configure a penalty box.
a. Make sure you are on Step 3 of 8.
b. Under Penalty Box, select Enable to enable the penalize IP or alias option.
c. In the Address field, enter HighBW. This is the alias created earlier.
d. For Bandwidth, enter 3.
e. Select Next.
7. Continue to step 6 of 8.
a. For Step 4 of 8, scroll to the bottom and select Next.
b. For Step 5 of 8, scroll to the bottom and select Next.
8. Raise and lower the applicable application's priority.
a. Make sure you are on Step 6 of 8.
b. Under Raise or lower other Applications, select Enable to enable other networking protocols.
c. Under Remote Service / Terminal emulation, use the:
MSRDP drop-down menu to select Higher priority.
VNC drop-down menu to select Higher priority.
d. Under VPN:
Use the PPTP drop-down menu to select Higher priority.
Use the IPSEC drop-down menu to select Higher priority.
e. Scroll to the bottom and select Next.
f. For step 7 of 8, select Finish.
Wait for the reload status to indicate that the rules have been created (look for Done).
9. View the floating rules created for the firewall.
a. Select Firewall > Rules.
b. Under the Firewall breadcrumb, select Floating.
c. From the top right, select Answer Questions.
d. Answer the question and then minimize the question dialog.
10. Change the port number used for the MSRDP outbound rule.
a. For the m_Other MSRDP outbound rule, select the edit icon (pencil).
b. Under Edit Firewall Rule, in the Interface field, select GuestWi-Fi.
c. Under Destination, use the Destination Port Range drop-down menu to select Other.
d. In both Custom fields, enter 3391.
e. Select Save.
f. Select Apply Changes.
g. From the top right, select Answer Questions.
h. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
7.6.4 Configure NAT

Lab Report
Time Spent: 06:28

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Configure NAT port forwarding for the administrator's PC Show Details

 Configure NAT port forwarding for the Kali Linux server Show Details

 Configure NAT port forwarding for the web server Show Details

EXPLANATION
Complete this lab as follows:

1. Sign into the pfSense management console.

a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (zero).
c. Select SIGN IN or press Enter.
2. Configure NAT port forwarding for the PC1 computer.
a. From the pfSense menu bar, select Firewall > NAT.
b. Select Add (either one).
c. Configure or verify the following settings:
Interface: LAN
Protocol: TCP
Destination type: LAN address
Destination port range (From and To): MS RDP
Redirect target IP: 172.16.1.100
Redirect target port: MS RDP
Description: RDP from LAN to PC1
d. Select Save.
3. Configure NAT port forwarding for the Kali Linux server.
a. Select Add (either one).
b. Configure or verify the following settings:
Interface: LAN
Protocol: TCP
Destination type: LAN address
Destination port range (From and To): SSH
Redirect target IP: 172.16.1.6
Redirect target port: SSH
Description: SSH from LAN to Kali
c. Select Save.
4. Configure NAT port forwarding for the web server.
a. Select Add (either one).
b. Configure or verify the following settings:
Interface: LAN
Protocol: TCP
Destination type: LAN address
Destination port range (From and To): Other
Custom (From and To) 5151
Redirect target IP: 172.16.1.5
Redirect target port: Other 5151
Description: RDP from LAN to web server using custom port
c. Select Save.
d. Select Apply Changes.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
8.1.3 Configure an iSCSI Target

Lab Report
Time Spent: 02:42

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Create an iSCSI virtual disk Show Details

 Assign a new iSCSI target

 Add CorpFiles16 as an access server

EXPLANATION
Complete this lab as follows:

1. Access the New iSCSI Virtual Disk Wizard.

a. From the left pane of Server Manager, select File and Storage Services.
b. Select iSCSI.
c. In the iSCSI VIRTUAL DISKS panel, use the TASK drop-down to select New iSCSI Virtual Disk.
2. Under Select by volume, select D: and then select Next.
a. Under Server, make sure CorpiSCSI is selected.
b. Under Select by volume, select D: and then select Next.
c. In the Name field, enter iSCSIDisk1 for the virtual disk and then select Next.
d. In the Size field, enter 5 for the virtual disk size and then use its drop-down to select TB.
e. Make sure Dynamically expanding is selected and then select Next.
f. Make sure New iSCSI target is selected and then select Next.
g. In the Name field, enter iSCSITarget1 for the iSCSI target and then select Next.
3. Specify the iSCSI initiator that will access your iSCSI virtual disk.
a. Select Add.
b. Make sure Query initiator computer for ID is selected.
c. For the above option, select Browse to locate the server that will be allowed to access the iSCSI disk.
d. In the Enter the object names to select field, enter the server name and then click OK.
e. Select OK.
f. Select Next.
4. Complete the creation of the virtual disk using the default options.
a. Select Next.
b. Select Create.
c. Select Close.

To view the iSCSI virtual disk and target you just created, expand the Server Manager window.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
8.1.4 Configure an iSCSI Initiator

Lab Report
Time Spent: 02:58

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Connect to the iSCSI target server

 Bring the disk online

 Create a volume with the iSCSI disk Show Details

EXPLANATION
Complete this lab as follows:

1. Access the CorpFiles16 server.

a. From Hyper-V Manager, select CORPSERVER.
b. Maximize the window to view all virtual machines.
c. Double-click CorpFiles16 to connect to the computer.
2. Using the iSCSI Initiator, discover and log on to the target server.
a. From Server Manager on CorpFiles16, select Tools > iSCSI Initiator.
b. In the Target field, enter CorpiSCSI as the target server.
c. Select Quick Connect and verify that a target was added to the Discovered targets pane.
d. Select Done.
e. Select OK to close the iSCSI Initiator Properties window.
3. Bring the iSCSI disk online.
a. From the left pane of Server Manager, select File and Storage Services.
b. Select Disks.
c. Maximize the Server Manager window for better viewing.
d. In the DISKS panel, find the Bus Type column and select the iSCSI disk.
e. Right-click the iSCSI disk and select Bring Online.
f. Select Yes to confirm.
4. Create a new volume for the iSCSI disk.
a. Right-click the iSCSI disk and select New Volume.
b. Click Next to begin the New Volume Wizard.
c. Under Disk, select Disk 2 and then select Next.
d. Make sure the Volume size is using the maximum capacity available and then select Next.
e. Change Drive letter to G and then select Next.
f. Make sure NTFS is selected as the file system.
g. For the Volume label field, use iSCSI as the name of the volume and then select Next.
h. Select Create.
i. After the volume is created, select Close.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
8.2.3 Connect VoIP 1

Lab Report
Time Spent: 05:49

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Connect the IP phone in the Lobby Show Details

 Plug the Exec workstation and monitor into the surge protector

 Connect the IP phone in the Executive Office Show Details

 Ensure that the workstation in the Executive Office is connected to the network and the internet

EXPLANATION
Complete this lab as follows:

1. Connect the IP phone in the Lobby to the network.

a. Under Lobby, select Hardware.
b. Under Shelf, expand Phones.
c. For the IP phone shown, select Details and then select Specifications.
Make note of the port options.
d. Close the IP phone details window.
e. Drag the IP phone to the Workspace.
f. Above the IP phone, select Back to switch to the back view of the phone.
g. Under Shelf, expand Cables.
h. Drag Cat5e Cable, RJ45 to the LAN port on the phone.
i. From the Selected Component pane, drag the unconnected RJ45 Connector to the Ethernet port on
the wall outlet.
j. Under Shelf, select the Power Adapter.
k. From the Select Connector window:
Drag the DC Power Connector to the DC power connector on the phone.
Drag the AC Power Adapter to the wall outlet.
l. Above the IP phone, select Front to switch to the front view of the phone. Confirm that the phone's
display is on.
2. Connect the Exec workstation and its monitor to a surge protector.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. Right-click Start.
d. Select Shut down or sign out > Shut down.
e. Under Shelf, expand Outlets.
f. Drag the Surge Protector to the Workspace.
g. Drag both AC Power plugs from the wall outlet to an open outlet on the surge protector.
h. Select the Surge Protector.
i. From the Selected Component pane, drag the AC Power Connector (Male) to an open plug on the wall
outlet.
3. Connect the IP phone in the Executive Office to the network.
a. Under Shelf, expand Phones.
b. Drag the IP phone to the Workspace.
c. Above the IP phone, select Back to switch to the back view of the phone.
d. Under Shelf, expand Cables.
e. Drag Cat5e Cable, RJ45 to the LAN port on the phone.
f. From the Selected Component pane, drag the unconnected RJ45 Connector to the Ethernet port on
the wall outlet.
g. Above the workstation, select Back to switch to the back view of the workstation.
h. From the Shelf, drag Cat5e Cable, RJ45 to the PC port on the phone.
i. In the Selected Component pane, drag the unconnected RJ45 Connector to the workstation's NIC.
4. Provide power to the IP phone.
a. Under Shelf, select the Power Adapter.
b. From the Selected Component pane:
Drag the DC Power Connector to the back of the phone.
Drag the AC Power Adapter to an open plug on the surge protector.
c. Above the IP phone, select Front to switch to the front view of the phone. Confirm that the phone's
display is on.
5. Power on the workstation and confirm that it has a connection to the network and the internet.
a. Above the workstation, select Front.
b. Select the monitor's power button.
c. Select the computer's power button.
The computer is automatically signed into Windows 10.
d. Right-click Start and then select Settings.
e. Select Network & Internet.
From the Status view, the diagram should indicate an active connection to the CorpNet.local network
and the internet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
8.2.4 Connect VoIP 2

Lab Report
Time Spent: 01:16

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Disconnect the AC adapter from the IP phone in the Lobby and place it on the Shelf Show Details

 Disconnect the AC adapter from the IP phone in the Executive Office and place it on the
Shelf Show Details

 Add an IP phone to the Support Office Show Details

 Confirm that the Support workstation is connected to the internet

EXPLANATION

Complete this lab as follows:

1. From the Lobby, disconnect the AC/DC adapter from the IP phone and the wall.
a. Under Lobby, select Hardware.
b. Above the IP phone, select Back to switch to the back view of the phone.
c. Drag the DC power connector from the phone to the Shelf.
d. Drag the AC power plug from the wall outlet to the Shelf.
e. Above the IP phone, select Front to switch to the front view of the phone and confirm it is on.
2. From the Executive Office, disconnect the AC/DC adapter from the IP phone and the wall.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Hardware.
c. Above the IP phone, select Back to switch to the back view of the phone.
d. Drag the DC power connector from the phone to the Shelf.
e. Drag the AC power plug from the wall outlet to the Shelf.
f. Above the IP phone, select Front to switch to the front view of the phone and confirm it is on.
3. From the Support Office, connect an IP phone.
a. From the top left, select Floor 1 Overview.
b. Under Support Office, select Hardware.
c. Under Shelf, expand Phones.
d. Drag the IP Phone to the Workspace.
e. Above the IP phone, select Back to switch to the back view of the phone.
f. Above the workstation, select Back to switch to the back view of the workstation.
g. Drag the RJ45 Ethernet cable from the workstation to the LAN port (top port) on the IP phone.
h. Under Shelf, expand Cables and then select Cat5e Cable, RJ45.
i. From the Selected Component pane:
Drag an RJ45 Connector to the PC port on the phone.
Drag the other unconnected RJ45 Connector to the NIC on the workstation.

4. Make sure the Support computer is still connected to the internet.

a. On the Support monitor, select Click to view Linux.
b. From the favorites bar, select Terminal.
c. From the terminal, type ping -c4 198.28.2.254 (the ISP) and press Enter.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
8.6.4 Configure Smart Devices

Lab Report
Time Spent: 12:27

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Configure the devices in the Lobby Show Details

 Install and configure the thermostat in the Main Hall Show Details

 Configure the smart devices in Office 1 Show Details

EXPLANATION
While completing this lab, use the following information:

Smart device and pairing codes:

Room Smart Device Pairing Code

Smart Light Switch 6718471173

Smart Lock 6339057209

Lobby
Smart Assistant 4377043770

Lobby Camera 1533705506

Main Hall Smart Thermostat 1753016434

Smart Outlet 1234567890

Office 1
Office Camera 1533705434

Complete this lab as follows:

1. In the TestOut Home app, create rooms for the devices.

a. From the iPad, select TestOut Home.
b. In the left corner, select the hamburger menu icon (3-lines) and then select New Room.
c. In the Room Name field, enter the name of the room.
d. Select Save.
e. Repeat steps 1b–1d to create additional rooms.
2. Configure the devices in the Lobby.
a. Select the arrow (>) on the right side of the screen to move to the Lobby room you created.
b. From the Lobby page, in the right corner, select + to add a smart device to the room.
c. In the Pairing Code field, enter the pairing code for the device you wish to add.
d. Select the smart device.
e. Select Add Device.
f. Repeat steps 2b–2e until you've added all the devices for that room.
g. Select Smart Camera to verify that the camera is working.
h. Select Done.
i. Select Smart Light Switch to turn the light on.
j. Select Smart Lock Switch to lock the doors.
3. Configure the Main Hall smart devices.
a. Select the arrow (>) on the right side of the screen to move to the Main Hall room you created.
b. From the Main Hall page, in the right corner, select + to add a smart device to the room.
c. In the Pairing Code field, enter 1753016434 for the Smart Thermostat device.
d. Select the Smart Thermostat.
e. Select Add Device.
f. Select Smart Thermostat Temperature to modify the temperature.
g. Under Cooling, select Down until the temperature reaches 72 degrees.
h. Select Done.
4. Configure the Office 1 smart devices.
a. Select the arrow (>) on the right side of the screen to move to the Office 1 room you created.
b. From the Office 1 page, in the right corner, select + to add a smart device to the room.
c. In the Pairing Code field, enter the pairing code for the device you wish to add.
d. Select the smart device.
e. Select Add Device.
f. Repeat steps 4b–4e until you've added all the devices for that room.
g. Select Smart Camera to verify that the camera is working.
h. Select Done.
i. Select the Smart Outlet Switch to set it to ON.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
8.6.7 Scan for IoT Devices

Lab Report
Time Spent: 01:28

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions & Questions

 Scan 192.168.0.54

 Q1: What is the name of the IoT device with the IP address of 192.168.0.54?

 Q2: How many issues exist for the device with the IP address of 192.168.0.54?

 Search for issues using IP range

 Q3: In the IP address range of 192.168.0.60 through 192.168.0.69, which IP addresses had issues?

EXPLANATION

Complete this lab as follows:

1. Run a Security Evaluator report for 192.168.0.54.

a. From the taskbar, select Security Evaluator.
b. Next to Target, select the Target icon to select a new target.
c. Select IPv4 Address.
d. Enter 192.168.0.54 as the IP address.
e. Select OK.
f. Next to Status, select the Run/Rerun Security Evaluation icon to run a security evaluation.
g. From the top right, select Answer Questions.
h. Answer Questions 1 and 2.
2. Run a Security Evaluator report for an IP range of 192.168.0.60 through 192.168.0.69.
a. From Security Evaluator, select the Target icon to select a new target.
b. Select IPv4 Range.
c. In the left field, type 192.168.0.60 as the beginning IP address.
d. In the right field, type 192.168.0.69 as the ending IP address.
e. Select OK.
f. Next to Status, select the Run/Rerun Security Evaluation icon to run a security evaluation.
g. Answer Question 3.
h. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.2.5 Create a Home Wireless Network

Lab Report
Time Spent: 05:20

Score: 6/6 (100%) Pass Passing Score: 6/6 (100%)

TASK SUMMARY

Required Actions

 Place the 802.11b/g/n wireless access point on the computer desk

 Connect the wireless access point to the existing router on the rack using a Cat 5e cable

 Provide power to the wireless access point

 On the laptop, slide the wireless switch to turn the integrated wireless network interface card on

 On the laptop, connect to the AC1750 wireless network

 Save the wireless profile on the laptop

EXPLANATION
Complete this lab as follows:

1. Add the wireless access point to the workspace.

a. Under Shelf, expand Wireless Access Points.
b. Drag the Wireless Access Point, 802.11b/g/n wireless access point to the workspace.
For connivance, place the access point next to the existing router.
c. Above the router, select Back to view the back of the router.
d. Above the access point, select Back to view the back of the wireless access point.
2. Connect power to the wireless access point.
a. Under Shelf, expand Cables.
b. Select Power Adapter, AC to DC.
c. From the Selected Component pane:
Drag the DC power connector to the port on the wireless access point.
Drag the AC power adapter end to an empty outlet on the wall outlet or the surge protector.

3. Connect the Ethernet cable to the wireless access point and existing router.
a. Under Shelf, select the Cat6a Cable, RJ45 Ethernet cable.
b. From the Selected Component pane:
Drag an RJ45 Ethernet connector to the back of the access point.
Drag the unconnected RJ45 Ethernet connector to one of the free LAN ports on the router.

4. Configure the homeowner's new laptop to connect to the wireless network.

a. From the front of the laptop, slide the wireless switch to the ON position (right) to enable the
integrated wireless network interface.
b. On the Home-Laptop monitor, select Click to view Windows 10.
c. In the notification area, select the wireless networking icon.
d. Select the AC1750 wireless network.
e. Make sure Connect automatically is selected and then select Connect.
f. Select Yes to make your PC discoverable on the network.

To confirm the connection, right-click the wireless networking icon in the notification area again
and select Open Network & Internet settings. The image on the Status page shows a
connection to the internet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.2.6 Secure a Home Wireless Network

Lab Report
Time Spent: 05:03

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Change the Wireless Network Name (SSID) to PoliceVan

 Configure the wireless security settings Show Details

 Change the wireless access point's default administrator authentication credentials Show Details

EXPLANATION
Complete this lab as follows:

1. Access, and sign into, the TPLink-AC1750 wireless access point.

a. In the URL field of Google Chrome, enter 192.168.0.254 and press Enter.
b. Maximize Google Chrome for easier viewing.
c. From the top menu bar, select the Wireless tab.
d. Enter the sign in credentials:
Username: admin
Password: password
e. Select Sign In.
2. Change the Wireless Network Name (SSID) to PoliceVan.
a. Make sure the Wireless submenu of Basic Settings is selected.
b. Under Wireless Interface wlan0, change the Wireless Network Name (SSID) to PoliceVan.
c. Scroll down and select Apply Settings.
3. Configure the wireless security settings.
a. From the submenu bar, select the Wireless Security tab.
b. For Wireless Mode, use the drop-down list to select WPA.
c. Under Networking, select WPA2 Personal.
d. Under WPA Algorithms, select CCMP-128 AES.
e. In the WPA Shared Key field, enter 4WatchingU.
f. (Optional) Select Unmask to verify your new shared key.
g. Scroll to the bottom and select Apply Settings.
4. Change the wireless access point's administration authentication credentials.
a. From the top menu bar, select the Administration tab.
b. Make sure the Management submenu is selected.
c. Change the Router Password settings as follows:
Router Username: @dm1n
Router Password: StayOut! (O is the capital letter O).
Re-enter to confirm: StayOut! (O is the capital letter O).
d. Scroll to the bottom and select Apply Settings.
e. Select Save.
f. Select Reboot Router.
g. When prompted, select Continue.
5. Configure the laptop to connect to the wireless network and save the wireless profile settings.
a. From the top left, select Computer Desk.
b. On the Home-Laptop monitor, select Click to view Windows 10.
c. Select the Network icon.
d. Select PoliceVan.
e. Make sure Connect automatically is selected.
f. Select Connect.
g. Enter 4WatchingU (the passphrase).
h. Select Next.
i. Select Yes to make your PC discoverable on the network.
j. From the Notification area of the taskbar, right-click the network icon and select Network & Internet
settings to confirm the connection.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.2.7 Configure Wireless Profiles

Lab Report
Time Spent: 01:05

Score: 6/6 (100%) Pass Passing Score: 6/6 (100%)

TASK SUMMARY

Required Actions

 Create the wireless profile for the PoliceVan network

 Use WPA2-Personal authentication

 Use AES encryption

 Use 4WatchingU for the security key

 Start the connection automatically if the network is detected

 Delete the out-of-date TrendNet-BGN wireless profile

EXPLANATION
Complete this lab as follows:

1. Manually create the wireless network profile on the laptop.

a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. From the right pane, scroll down and select Network and Sharing Center.
d. Select Set up a new connection or network.
e. Select Manually connect to a wireless network and then click Next.
f. In the Network name field, enter PoliceVan.
g. Use the Security type drop-down menu to select WPA2-Personal.
h. Make sure the Encryption type is set to AES.
i. In the Security Key field, enter 4WatchingU.
j. Make sure Start this connection automatically is selected.
k. Select Connect even if the network is not broadcasting and then click Next.
l. Select Close.
m. Close the Network and Sharing Center.
2. Delete the out-of-date profile.
a. From the Settings app, select Wi-Fi.
b. Select Manage known networks.
c. Select the TrendNet-BGN profile.
d. Select Forget.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.3.7 Design an Indoor Wireless Network

Lab Report
Time Spent: 01:44

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Install an omnidirectional AP in the Lobby

 Install a directional AP on the west wall of the IT Administration office

 Install a directional AP on the east wall of the Networking Closet

EXPLANATION
Only three WAPs are required to complete this lab (one omnidirectional WAP and two directional WAPs).
The following WAP configuration provides adequate coverage and reduces signal emanation.

Complete this lab as follows:

1. Under Shelf, expand Wireless Access Points.

2. Drag the Wireless Access Point (Indoor, omnidirectional Antenna) to the installation area in the Lobby.
3. Drag one Wireless Access Point (Indoor, directional Antenna) to the installation area on the west wall of
the IT Administration office.
4. Drag another Wireless Access Point (Indoor, directional Antenna) to the installation area on the east wall
of the Networking Closet.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.3.8 Design an Outdoor Wireless Network

Lab Report
Time Spent: 02:23

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Install high-gain directional antennae on the roofs Show Details

 Provide better Wi-Fi coverage to Patio A Show Details

 Provide better Wi-Fi coverage to Patio B Show Details

EXPLANATION
Complete this lab as follows:

1. Install the High-gain Antenna (Directional) on buildings A and B.

a. Under Shelf, expand High-gain Antennas.
b. Drag the High-gain Antenna (Directional) to the installation area on the roof of Building A.
c. Drag the remaining High-gain Antenna (Directional) to the installation area on the roof of Building B.
2. Install the wireless access point for buildings A and B.
a. Under Shelf, expand Wireless Access Points.
b. Drag a Wireless Access Point (Outdoor) to the installation area on the roof of Building A.
c. Drag the remaining Wireless Access Point (Outdoor) to the installation area on the roof of Building B.
3. Install the antennas.
a. Under Shelf, expand WAP Antennas.
b. Drag the WAP Antenna (Directional) to one of the installed outdoor WAPs.
c. Drag the remaining WAP Antenna (Directional) to the other installed outdoor WAP.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.4.4 Implement an Enterprise Wireless Network

Lab Report
Time Spent: 02:29

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Create the CorpNet WLAN Show Details

 Connect Exec-Laptop to the CorpNet wireless network

EXPLANATION
Complete this lab as follows:

1. Access the Ruckus wireless controller tool.

a. In the Google Chrome URL field, enter 192.168.0.6 and press Enter.
b. Maximize Google Chrome.
c. Log in to the wireless controller console using:
Admin Name: admin
Password: password.
d. Select Login.
2. Create a WLAN on the wireless controller.
a. Select the Configure tab.
b. From the left menu, select WLANs.
c. Under WLANs, select Create New.
d. In the Name field, use CorpNet Wireless
e. In the ESSID field, use CorpNet
f. For Type, make sure Standard Usage is selected.
g. Under Authentication Options, make sure the Open method is selected.
h. Under Encryption Options/Method, select WPA2.
i. Under Encryption Options/Algorithm, make sure AES is selected.
j. In the Passphrase field, enter @CorpNetWeRSecure!
k. Select OK.
3. Connect the Exec-Laptop to the new wireless network.
a. From the top left, select Floor 1.
b. Under Executive Office, select Exec-Laptop.
c. In the Notification area of the taskbar, select the wireless network icon to view the available networks.
d. Select CorpNet.
e. Select Connect.
f. Enter @CorpNetWeRSecure! for the security key and then select Next.
g. Click Yes to make the computer discoverable on the network. Wait for the connection to be made.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.5.10 Configuring a Captive Portal

Lab Report
Time Spent: 07:13

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Add a Captive Portal zone Show Details

 Enable and configure the Captive Portal Show Details

 Allow a MAC address to pass through the portal

 Allow an IP address to pass through the portal Show Details

EXPLANATION
Complete this lab as follows:

1. Sign in to the pfSense management console.

a. In the Username field, enter admin.
b. In the Password field, enter P@ssw0rd (zero).
c. Select SIGN IN or press Enter.
2. Add a Captive Portal zone.
a. From the pfSense menu bar, select Services > Captive Portal.
b. Select Add.
c. For Zone name, enter Guest_WiFi.
d. For Zone description, enter Zone used for the guest Wi-Fi.
e. Select Save & Continue.
3. Enable and configure the Captive Portal.
a. Under Captive Portal Configuration, select Enable.
b. For Interfaces, select GuestWi-Fi.
c. For Maximum concurrent connections, select 100.
d. For Idle timeout, enter 30.
e. For Hard timeout, enter 120.
f. Scroll down and select Per-user bandwidth restriction.
g. For Default download (Kbit/s), enter 8000.
h. For Default upload (Kbit/s), enter 2500.
i. Under Authentication, use the drop-down menu to select None, don't authenticate users.
j. Scroll to the bottom and select Save.
4. Allow a MAC address to pass through the portal.
a. From the Captive Portal page, select the Edit Zone icon (pencil).
b. Under the Services breadcrumb, select MACs.
c. Select Add.
d. Make sure the Action field is set to Pass.
e. For Mac Address, enter 00:00:1B:12:34:56.
f. Select Save.
5. Allow an IP address to pass through the portal.
a. Under the Services breadcrumb, select Allowed IP Addresses.
b. Select Add.
c. For IP Address, enter 198.28.1.100.
d. Use the IP address drop-down menu to select 16. This sets the subnet mask to 255.255.0.0.
e. For the Description field, enter Admin's Laptop.
f. Make sure Direction is set to Both.
g. Select Save.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.5.12 Creating a Guest Network for BYOD

Lab Report
Time Spent: 10:30

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions

 Create a guest access service Show Details

 Create a guest WLAN Show Details

 Request a guest pass

 Connect to Guest_BYOD from Gst-Lap

EXPLANATION
Complete this lab as follows:

1. Open the Ruckus ZoneDirector.

a. In the Google Chrome URL field, enter 192.168.0.6 and press Enter.
b. Maximize Google Chrome.
c. Log in using the following information:
Admin Name: WirelessAdmin (case sensitive).
Password: Adminsonly! (case sensitive).
d. Select Login.
2. Set up Guest Access Services.
a. Select the Configure tab.
b. From the left menu, select Guest Access.
c. Under Guest Access Service, select Create New.
d. In the Name field, use Guest_BYOD.
e. For Authentication, make sure Use guest pass authentication is selected.
f. For Terms of Use, select Show terms of use.
g. For Redirection, make sure Redirect to the URL that the user intends to visit is selected.
h. Expand Restricted Subnet Access.
i. Verify that 192.168.0.0/16 is listed.
j. Select OK.
3. Create a guest WLAN.
a. From the left menu, select WLANs.
b. Under WLANs, select Create New.
c. In the Name field, use Guest.
d. In the ESSID field, use Guest_BYOD.
e. For Type, select Guest Access.
f. Confirm the following settings are set:
Authentication Options: Open
Encryption Options: None
Guest Access Service: Guest_BYOD
g. For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP.
h. Select OK.
i. Close the Google Chrome browser.
4. Request a guest password.
a. Open a new Google Chrome browser window.
b. Maximize the window for better viewing.
c. In the URL field, enter 192.168.0.6/guestpass and press Enter.
d. Log in using the following information:
Admin Name: BYODAdmin (case sensitive).
Password: @dmin1s (case sensitive).
e. Select Log In.
f. In the Full Name field, enter any full name.
g. In the Key field, highlight the key and press Ctrl + C to copy the key.
h. Select Next.
5. Access the wireless Guest Access service from the guest laptop in the lobby.
a. From the top left, select Floor 1.
b. Under Lobby, select Gst-Lap.
c. In the Notification area, select the wireless network icon.
d. Select Guest_BYOD.
e. Select Connect.
f. Select Yes.
The browser opens to the Guest Access login page.
g. In the Guest Pass field, press Ctrl + V to paste the key copied from the Key field.
h. Select Log In.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.5.13 Configure a Secure Email Account on Mobile Device

Lab Report
Time Spent: 02:04

Score: 1/1 (100%) Pass Passing Score: 1/1 (100%)

TASK SUMMARY

Required Actions

 Secure IMAP network communications and authenticate to CorpNet-Wireless Wi-Fi Show Details

EXPLANATION
Complete this lab as follows:

1. Set the email account to use SSL and the secure port 993.
a. Select Settings.
b. From the left menu, select Accounts & Passwords. (You may need to scroll down to see this option.)
c. Under Accounts & Passwords, select Gmail.
d. Under Gmail, select [email protected].
e. Select Advanced.
f. Slide the button to enable Use SSL.
g. Make sure the server port is set to 993.
h. At the top, select Account.
i. Click Done.
2. Connect to CorpNet Wi-Fi.
a. From the left menu, select Wi-Fi.
b. Select CorpNet.
c. In the Password field, enter @CorpNetWeRSecure!& as the password.
d. Select Join.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.5.7 Secure an Enterprise Wireless Network

Lab Report
Time Spent: 04:55

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Change admin username and password Show Details

 Enable MAC address filtering Show Details

 Configure access controls Show Details

EXPLANATION
To complete this lab, use the following MAC addresses:

00:18:DE:01:34:67
00:18:DE:22:55:99
00:02:2D:23:56:89
00:02:2D:44:66:88

Complete this lab as follows:

1. Log into the Ruckus Wireless ZoneDirector.

a. In the Google Chrome URL field, type 192.168.0.6 and press Enter.
b. Log in using the following:
Admin Name: admin
Password: password
c. Select Login.
2. Change the admin's username and password for the Ruckus Wireless ZoneDirector.
a. Select the Administer tab.
b. Ensure Authenticate using the admin name and password is selected.
c. In the Admin Name field, enter WxAdmin
d. Enter password in the Current Password field.
e. In the New Password field, enter ZDAdminsOnly!$ (Note: O is the capital letter O).
f. Enter ZDAdminsOnly!$ in the Confirm New Password field.
g. On the right of the section, select Apply.
3. Enable MAC address filtering.
a. From the top, select the Configure tab.
b. From the left menu, select Access Control.
c. Expand L2-L7 Access Control.
d. Under L2/MAC address Access Control, select Create New.
e. In the Name field, enter Allowed Devices.
f. Under Restriction, make sure Only allow all stations listed below is selected.
g. Enter a MAC address.
h. Select Create New.
i. Repeat steps 3g–3h for each of the remaining MAC address that need to be added to the ACL.
j. Select OK.
4. Configure access controls.
a. Under Access Control, expand Device Access Policy.
b. Select Create New.
c. In the Name field, enter NoGames.
d. Select Create New.
e. Use the OS/Type drop-down menu to select Gaming.
f. Use the Type drop-down menu to select Deny.
g. Under Uplink, ensure Disabled is selected.
h. Under Downlink, ensure Disabled is selected.
i. Select Save.
j. Select OK.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.5.8 Enable Wireless Intrusion Prevention

Lab Report
Time Spent: 00:58

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Configure denial-of-service protection Show Details

 Enable wireless intrusion protection Show Details

 Enable rogue DHCP server detection

EXPLANATION
Complete this lab as follows:

1. Configure the wireless controller to protect against denial-of-service (DOS) attacks.

a. From the Ruckus controller, select the Configure tab.
b. From the left menu, select WIPS.
c. From the right pane, select:
Protect my wireless network against excessive wireless requests.
Temporarily block wireless clients with repeated authentication failures.
d. Enter a threshold of 120 seconds.
e. On the right, for this area, select Apply.
2. Configure intrusion detection and prevention.
a. Select Enable report rogue devices.
b. Select Report all rogue devices.
c. Select Protect the network from malicious rogue access points.
d. On the right, for this area, select Apply.
3. Select Enable rogue DHCP server detection and then select Apply.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.6.6 Optimize a Wireless Network

Lab Report
Time Spent: 22:21

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Configure Self Healing Show Details

 Configure Background Scanning Show Details

 Configure Load Balancing Show Details

 Configure Band Balancing for 30% on 2.4GHz

 Adjust the AP Power Level Show Details

EXPLANATION

Configure your wireless access points as follows:

1. Configure Self Healing on the wireless network.

a. From the Ruckus ZoneDirector, select the Configure tab.
b. From the left menu, select Services.
c. Under Self Healing, select Automatically adjust AP radio power to optimize coverage when
interference is present.
d. Use the Automatically adjust 2.4GHz channels using drop-down arrow to select Background Scanning.
e. Use the Automatically adjust 5GHz channels using drop-down arrow to select Background Scanning.
f. On the right, select Apply (in the Self Healing pane).
2. Configure Background Scanning.
Under Background Scanning, select Run a background scan on 2.4GHz radio.
Enter 30 seconds.
Select Run a background scan on 5GHz radio.
Enter 30 seconds.
On the right, select Apply.
3. Configure Load Balancing.
Under Load Balancing, select Run load balancing on 2.4GHz radio.
In the Adjacent radio threshold(dB) field, enter 40.
Select Run load balancing on 5GHz radio.
In the Adjacent radio threshold(dB) field, enter 40.
On the right, select Apply.
4. Configure Band Balancing.
a. Under Band Balancing, select Percent of clients on 2.4GHz radio.
b. Enter 30.
c. On the right, select Apply.
5. Adjust the AP Power Level.
a. From the left menu, select Access Points.
b. From the top right, select Exhibit to determine which access points to adjust; then close the exhibit.
c. Under Access Points, select Edit next to the access point to be modified.
d. Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected.
e. From the TX Power drop-down list, select -3dB (1/2).
f. Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected.
g. From the TX Power drop-down list, select -3dB (1/2).
h. Select OK.
i. Repeat steps 5b - 5f for additional access points.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.6.7 Explore Wireless Network Problems

Lab Report
Time Spent: 04:51

Score: 6/6 (100%) Pass Passing Score: 6/6 (100%)

TASK SUMMARY

Required Actions & Questions

 On Office2-Lap, forget the HomeWireless network

 Q1: What is the name of the corporate WLAN?

 Q2: What is the passphrase used for the WLAN security key?

 Q3: To which wireless network is Gst-Lap connected?

 On Gst-Lap, reconnect to the CorpNet wireless network

 On Exec-Lap, slide the wireless switch to ON and connect to the CorpNet wireless network Show
Details

EXPLANATION
Complete this lab as follows:

1. Identify the wireless connections on the Office2-Lap.

a. Under Office 2, select Office2-Lap.
b. In the notification area, select the wireless network icon.
c. Which wireless networks are available to Office2-Lap? Which wireless network is Office2-Lap connected
to?
Available networks are: CorpNet, StarSky, and NetGearWirless.
2. Forget the HomeWireless network on Office2-Lap.
a. Right-click Start and then select Settings.
b. Select Network & Internet.
c. Select Wi-Fi.
d. Select Manage known networks.
e. Which known networks are displayed? CorpNet and HomeWireless.
f. Select HomeWireless.
g. Select Forget.
h. Close the Settings app.
3. View the wireless controller's configuration interface using Google Chrome.
a. From the taskbar, select Google Chrome.
b. In the URL field, enter 192.168.0.6 and then press Enter.
c. Maximize the window for better viewing.
d. In the Admin Name field, enter admin.
e. In the Password field, enter password.
f. Select Login.
g. Select the Configure tab.
h. From the left menu, select WLANs.
i. Under WLANs, select Edit located in the table under Actions.
j. From the top right, select Answer Questions.
k. Answer Questions 1 and 2.
l. Minimize the Lab Questions dialog.
4. Identify the wireless connections on Gst-Lap.
a. From the top left, select Floor 1 Overview.
b. Under Lobby, select Gst-Lap to switch to laptop located in the lobby.
c. From the top right, select Answer Questions.
d. Move the question dialog to the left.
e. In the notification area, select the wireless network icon.
f. Answer Question 3.
g. Minimize the Lab Questions dialog.
h. Right-click Start and then select Settings.
i. Select Network & Internet.
j. Select Wi-Fi.
k. Select Manage known networks.
l. Which known networks are displayed? CorpNet.
m. In the notification area, select the wireless network icon.
n. Select the CorpNet wireless network name.
o. Select Connect automatically and then click Connect.
Why did Gst-Lap connect without you entering the network security key? It's already a managed/known
network.
5. Identify the wireless connections on Exec-Laptop.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Exec-Laptop.
c. In the notification area, select the wireless network icon (now being shown as an airplane).
d. What wireless networks are available to Exec-Laptop? None.
e. From the top left, select Executive Office to switch to the hardware for of the devices in the executive
office.
f. Examine the position of the wireless switch found in the lower left of the laptop's case.
g. What is the position of this switch? Off.
h. Slide the wireless switch to the On position to turn the wireless network interface card on.
i. On the Exec-Laptop monitor, select Click to view Windows 10 to switch to the operating system.
j. Select the wireless network icon in the notification area to view the available networks.
k. Which wireless networks are available to Exec-Laptop now?
l. Manually connect to the CorpNet wireless network as follows:
i. Select the CorpNet wireless network name.
ii. Select Connect.
iii. Enter @CorpNetWeRSecure!& for the wireless network and then select Next.
Exec-Laptop successfully connected to the CorpNet network.

6. Score the lab.

a. From the top right, select Answer Questions.
b. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
9.6.8 Troubleshoot Wireless Network Problems

Lab Report
Time Spent: 02:19

Score: 1/1 (100%) Pass Passing Score: 1/1 (100%)

TASK SUMMARY

Required Actions

 On Exec-Lap, slide the wireless switch to ON and connect to the CorpNet wireless network Show
Details

EXPLANATION
Complete this lab as follows:

1. Check to see if the ITAdmin computer can connect to the wireless network.
a. Under IT Administration, select ITAdmin.
b. In the Notification Area, select the wireless network icon to view the available networks in order to see
what is being shown on a working computer.
c. Select the CorpNet wireless network.
d. Select Connect.
e. Enter @CorpNetWeRSecure!& for the security key and then select Next.
ITAdmin is now connected to the CorpNet wireless network. Because this computer can connect to the
wireless network, the problem may be limited to only the Exec-Laptop laptop in the Executive Office.
2. Troubleshoot and fix the wireless networking on Exec-Laptop.
a. From the top left, select Floor 1 Overview to switch to Exec-Laptop.
b. Under Executive Office, select Exec-Laptop.
c. In the Notification Area, select the wireless network icon to view the available networks.
Note that there are no wireless networks shown as available for this laptop. Possible causes for this
include:
The wireless network interface card is not turned on (the wireless switch on the exterior of the
laptop is in the OFF position). Since no wireless networks are shown in the list, you must take
additional steps.
The wireless network's SSID is not broadcasting. However, from Step 1, you know that the wireless
access point is broadcasting the SSID.
The wireless access point is not powered on. However, from Step 1, you know that the wireless
access point is powered on.
d. From the top left, select Executive Office to switch to the devices found in the executive office.
e. On the front of the Exec-Laptop, check to see if the switch for the wireless network interface card is in
the On position.
Notice that it is in the OFF position instead.
f. Slide the wireless switch to the On position to turn the wireless network interface card on.
g. On the laptop monitor, select Click to view Windows 10.
h. In the Notification Area, select the wireless network icon to view the available networks. The CorpNet
wireless network is now displayed in the list of available networks.
i. Select the CorpNet wireless network.
j. Select Connect.
k. Enter @CorpNetWeRSecure!& for the security key and then select Next.
Exec-Laptop is now connected to the CorpNet wireless network.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
Which of the following is true about a firewall?
Answer

Firewalls protect against email spoofing attacks.

Implicit deny is used to deny permissions to a specific user even when the rest of the
user's group is allowed access.

Host-based firewalls and network-based firewalls can be installed separately, but

they cannot be placed together to provide multiple layers of protection.
Correct Answer:
You must manually specify which traffic you want to allow through the firewall.
Everything else is blocked.

Explanation

By default, most firewalls deny all traffic, which is called implicit deny. You must
manually specify which traffic you want to allow through the firewall. Everything else
is blocked.
Explicit deny is used to deny permissions to a specific user even when the rest of the
user's group is allowed access.
You can use a host-based firewall in addition to a network-based firewall to provide
multiple layers of protection.
Firewalls do not offer protection against all attacks (such as email spoofing attacks).

References

• 6.1.3 Firewall Facts

q_firewalls_fact_01_np6.question.fex

Question 2:
Correct
Which options are you able to set on a firewall? (Select three.)
Answer

Sequence number
Correct Answer:
Packet destination address

Checksum
Correct Answer:
Port number
Digital signature

Acknowledgement number
Correct Answer:
Packet source address

Explanation

Firewalls allow you to set filters by source or destination IP address and port
number. They do not filter by checksum, acknowledgement number, sequence
number, or digital signature.

References

• 6.1.3 Firewall Facts

q_firewalls_filtering_02_np6.question.fex

Question 3:
Correct
You have been given a laptop to use for work. You connect the laptop to your
company network, use the laptop from home, and use it while traveling.
You want to protect the laptop from internet-based attacks.
Which solution should you use?
Answer

VPN concentrator

Proxy server

Network-based firewall
Correct Answer:
Host-based firewall

Explanation

A host-based firewall inspects traffic received by a host. Use a host-based firewall to

protect your computer from attacks when there is no network-based firewall, such as
when you connect to the internet from a public location.
A network-based firewall inspects traffic as it flows between networks. For example,
you can install a network-based firewall on the edge of your private network to
protect your data from internal attacks.
A VPN concentrator is a device connected to the edge of a private network that's
used for remote access VPN connections. Remote clients establish a VPN
connection to the VPN concentrator and are granted access to the private network.
A proxy server is an Application layer firewall that acts as an intermediary between a
secure private network and the public. Access to the public network from the private
network goes through the proxy server.

References

• 6.1.3 Firewall Facts

q_firewalls_host_based_01_np6.question.fex

Question 4:
Correct
Which of the following is true about a network-based firewall?
Answer
Correct Answer:
A network-based firewall is installed at the edge of a private network or network
segment.

A network-based firewall is less expensive and easier to use than host-based

firewalls.

A network-based firewall is installed on a single computer.

A network-based firewall are considered software firewalls.

Explanation

A network-based firewall is installed at the edge of a private network or network

segment.
Network-based firewalls are more expensive and require more configuration than
other types of firewalls, but they are much more robust and secure.
A host-based firewall is installed on a single computer in a network.
Most network-based firewalls are considered hardware firewalls even though they
use a combination of hardware and software.

References

• 6.1.3 Firewall Facts

q_firewalls_network_based_02_np6.question.fex

Question 5:
Correct
How does a proxy server differ from a packet-filtering firewall?
Answer
Correct Answer:
A proxy server operates at the Application layer, while a packet-filtering firewall
operates at the Network layer.

A proxy server is used to create a screened subnet, while a packet-filtering firewall

can only be used with screened subnets.

A proxy server includes filters for the session ID as well as the IP address and port
number.

A proxy server can prevent unknown network attacks, while a packet-filtering firewall
can only prevent known attacks.

Explanation

A proxy server is a device that stands as an intermediary between a secure private

network and the public. A proxy server is an Application layer firewall that is capable
of filtering by information contained within the data portion of a packet (at the
Application layer).
A packet-filtering firewall makes decisions about which network traffic to allow by
examining information in the IP packet header, such as source and destination
addresses, ports, and service protocols. A packet-filtering firewall operates at OSI
Layer 3 (Network layer).
A signature-based IDS uses patterns to detect known attacks, while an anomaly-
based IDS can detect new and unknown attacks.

References

• 6.1.3 Firewall Facts

q_firewalls_proxy_03_np6.question.fex

Question 6:
Correct
Based on the diagram, which type of proxy server is handling the client's request?
Answer

Circuit-level proxy server

Correct Answer:
Reverse proxy server

Open proxy server

Forward proxy server

Explanation

A reverse proxy server handles requests from the internet to an internal network.
Instead of requests for a server going directly to the server, they first go to the
reverse proxy server.
A forward proxy server handles requests from an internal network out to the internet.
An open proxy server is accessible to any user on the internet and is used to forward
requests to and from anywhere on the internet.
A circuit-level proxy server is typically used as a stateful firewall to allow or deny
sessions.

References

• 6.1.3 Firewall Facts

q_firewalls_proxy_05_np6.question.fex

Question 7:
Correct
Which of the following are true about reverse proxy? (Select two.)
Answer
Correct Answer:
Can perform load balancing, authentication, and caching.
Correct Answer:
Handles requests from the internet to a server on a private network.

Clients always know they are using reverse proxy.

Sits between a client computer and the internet.

Handles requests from inside a private network out to the internet.

Explanation

A reverse proxy server handles requests from the internet to a server located inside
a private network. Reverse proxies can perform load balancing, authentication, and
caching.
Reverse proxies often work transparently, meaning clients don't know they are
connected to a reverse proxy.

References

• 6.1.3 Firewall Facts

q_firewalls_reverse_np6.question.fex

Question 8:
Correct
Which device combines multiple security features, such as anti-spam, load-
balancing, and antivirus, into a single network appliance?
Answer
Correct Answer:
Unified Threat Management (UTM)

Next Generation Firewall (NGFW)

Circuit-level gateway

Packet-filtering firewall

Explanation
A Unified Threat Management device combines multiple security features into a
single network appliance. A single UTM device can provide several security features,
including firewall, VPN, anti-spam, antivirus, and load balancing.
A NGFW combines a traditional firewall with an application firewall.
A circuit-level gateway makes decisions about which traffic to allow based on virtual
circuits or sessions.
A packet-filtering firewall allows and blocks network traffic by examining information
in the IP packet.

References

• 6.1.3 Firewall Facts

q_firewalls_utm_01_np6.question.fex

Question 9:
Correct
Which of the following chains is used for incoming connections that aren't delivered
locally?
Answer

Reject

Drop
Correct Answer:
Forward

Output

Explanation

Forward is a chain that's used for incoming connections that aren't delivered locally.
An example is iptables used on a router. The traffic is not destined for the router, but
the router forwards the traffic to the destination device.
Drop is an action that drops the connection.
Reject is an action that does not allow the connection but does send a response
back.
Output is a chain for outgoing connections.

References

• 6.1.6 Linux Firewall Facts

q_linux_firewall_forward_np6.question.fex

Question 10:
Correct
Which of the following does the sudo iptables -F command accomplish?
Answer

Lists all the current rules.

Drops all incoming traffic.

Saves changes to iptables.

Correct Answer:
Clears all the current rules.

Explanation

The sudo iptables -F command clears all the current rules.

The sudo iptables -A INPUT -j DROP command drops all incoming traffic.
The sudo iptables -L command lists all the current rules.
The sudo /sbin/iptables-save command saves changes to iptables.

References

• 6.1.6 Linux Firewall Facts

q_linux_firewall_sudo_np6.question.fex
Your company has an internet connection. You also have a web server and an email
server that you want to make available to your internet users, and you want to create
a screened subnet for these two servers. Which of the following should you use?
Answer

A host-based firewall
Correct Answer:
A network-based firewall

An IDS

An IPS

Explanation

You should use a network-based firewall to create a screened subnet between two
servers.
A host-based firewall inspects traffic that's received by a host. It is not designed for
use on a screened subnet.
An intrusion detection system (IDS) is a special network device that can detect
attacks and suspicious activity. You cannot use an IDS to create a screened subnet.
An active IDS (also called an intrusion protection system, or IPS) performs the
functions of an IDS, but it can also react when security breaches occur.

References

•
6.2.2 Unified Threat Management (UTM) Appliances Facts
q_utm_devices_network_np6.question.fex

Question 2:
Correct
Which of the following combines several layers of security services and network
functions into one piece of hardware?
Answer

Firewall

Circuit-level gateway
Correct Answer:
Unified Threat Management (UTM)

Intrusion detection system (IDS)

Explanation
A Unified Threat Management (UTM) appliance combines several layers of security
services and network functions into one piece of hardware.
An intrusion detection system (IDS) is a special network device that can detect
attacks and suspicious activity.
A circuit-level gateway makes decisions about which traffic to allow based on virtual
circuits or sessions.
A firewall is a software- or hardware-based network security system that allows or
denies network traffic according to a set of rules.

References

• 6.2.2 Unified Threat Management (UTM) Appliances Facts

q_utm_devices_utm_np6.question.fex

Question 3:
Correct
Which of the following are specific to extended Access control lists? (Select two.)
Answer

Identify traffic based on the destination address.

Are used by route maps and VPN filters.

Correct Answer:
Are the most used type of ACL.
Correct Answer:
Use the number ranges 100-199 and 2000-2699.

Should be placed as close to the destination as possible.

Explanation

Standard ACLs:
• Identify traffic based on the destination address.
• Are used by route maps and VPN filters.
• Use the number ranges 1-99 and 1300-1999.
• Should be placed as close to the destination as possible.
Extended ACLs:
• Are the most used type of ACL.
• Are used for access rules that permit or deny traffic through a device.
• Can filter by multiple factors including source protocol, source host name,
destination host name, etc.
• Use the number ranges 100-199 and 2000-2699.
• Should be placed as close to the source as possible.
References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_acl_01_np6.question.fex

Question 4:
Correct
Which of the following describes how access control lists can improve network
security?
Answer
Correct Answer:
An access control list filters traffic based on the IP header information, such as
source or destination IP address, protocol, or socket number.

An access control list identifies traffic that must use authentication or encryption.

An access control list filters traffic based on the frame header, such as source or
destination MAC address.

An access control list looks for patterns of traffic between multiple packets and takes
action to stop detected attacks.

Explanation

An access control list filters traffic based on the IP header information, such as
source or destination IP address, protocol, or socket number. Access control lists are
configured on routers, and they operate on Layer 3 information.
Port security is configured on switches, which filter traffic based on the MAC address
in the frame.
An intrusion detection system (IDS) or intrusion prevention system (IPS) examines
patterns detected across multiple packets. An IPS can take action when a suspicious
pattern of traffic is detected.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_acl_07_np6.question.fex

Question 5:
Correct
Your Cisco router has three network interfaces configured.
• S0/1/0 is a WAN interface that is connected to an ISP.
• F0/0 is connected to an Ethernet LAN segment with a network address of
192.168.1.0/24.
• F0/1 is connected to an Ethernet LAN segment with a network address of
192.168.2.0/24.
You have configured an access control list on this router using the following rules:
• deny ip 192.168.1.0 0.0.0.255 any
• deny ip 192.168.2.0 0.0.0.255 any
These rules will be applied to the WAN interface on the router. Your goal is to block
any IP traffic coming in on the WAN interface that has a spoofed source address that
makes it appear to be coming from the two internal networks.
However, when you enable the ACL, you find that no traffic is being allowed through
the WAN interface.
What should you do?
Answer

Use the out parameter instead of the in parameter within each ACL rule.

Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface.
Correct Answer:
Add a permit statement to the bottom of the access list.

Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface.

Explanation

The problem with this access list is that it only contains deny statements. On Cisco
devices, there is an implicit deny any at the end of every access list. You need to
add a permit statement and identify the type of traffic that is allowed.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_acl_08_np6.question.fex

Question 6:
Correct
Which of the following are true about routed firewalls? (Select two.)
Answer
Correct Answer:
Counts as a router hop.
Correct Answer:
Supports multiple interfaces.

Internal and external interfaces connect to the same network segment.

Operates at Layer 2.
Easily introduced to an existing network.

Explanation

On a routed firewall, the firewall is also a Layer 3 router. In fact, many hardware
routers include firewall functionality. Transmitting data through this type of firewall
counts as a router hop. A routed firewall usually supports multiple interfaces, each
connected to a different network segment.
A transparent firewall (which is also called a virtual firewall) works differently. It
operates at Layer 2 and is not seen as a router hop by connected devices. Both the
internal and external interfaces on a transparent firewall connect to the same
network segment. Because it is not a router, you can easily introduce a transparent
firewall into an existing network.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_fact_03_np6.question.fex

Question 7:
Correct
Which of the following is a firewall function?
Answer

Frame filtering

Encrypting
Correct Answer:
Packet filtering

FTP hosting

Explanation

Firewalls often filter packets by checking each one against a set of administrator-
defined criteria. If a packet is not accepted, it is simply dropped.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_packet_01_np6.question.fex

Question 8:
Correct
You have used firewalls to create a screened subnet. You have a web server that
needs to be accessible to internet users. The web server must communicate with a
database server to retrieve product, customer, and order information.
How should you place devices on the network to best protect the servers? (Select
two.)
Answer

Put the database server inside the screened subnet.

Correct Answer:
Put the database server on the private network.

Put the web server on the private network.

Correct Answer:
Put the web server inside the screened subnet.

Put the database server outside the screened subnet.

Explanation

Publicly accessible resources (servers) are placed inside the screened subnet.
Examples of publicly accessible resources include web, FTP, and email servers.
Devices that should not be accessible to public users are placed on the private
network. If you have a public server that communicates with another server (such as
a database server) and that server should not have direct contact with public hosts,
place the server on the private network and allow only traffic from the public server to
cross the inner firewall.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_screened_02_np6.question.fex

Question 9:
Correct
Which of the following BEST describes a stateful inspection?
Answer

Offers secure connectivity between many entities and uses encryption to provide an
effective defense against sniffing.

Designed to sit between a host and a web server and communicate with the server
on behalf of the host.

Allows all internal traffic to share a single public IP address when connecting to an
outside entity.
Correct Answer:
Determines the legitimacy of traffic based on the state of the connection from which
the traffic originated.

Explanation

Stateful firewalls, also referred to as stateful multilayer firewalls, determine the

legitimacy of traffic based on the state of the connection from which the traffic
originated. The stateful firewall maintains a state table that tracks the ongoing record
of active connections.
A virtual private network (VPN) is a network that provides secure access to a private
network through a public network or the internet. Virtual private networks offer
secure connectivity between many entities, both internally and remotely. Their use of
encryption provides an effective defense against sniffing.
Network Address Translation (NAT) separates IP addresses into two sets. This
technology allows all internal traffic to share a single public IP address when
connecting to an outside entity.
You can implement a firewall on circuit-level gateways or application-level gateways.
Both of these firewall designs sit between a host and a web server and communicate
with the server on behalf of the host. They can also cache frequently accessed
websites for faster web page loading.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_stateful_02_np6.question.fex

Question 10:
Correct
Which of the following are characteristics of a stateless firewall? (Select two.)
Answer

Identify traffic based on the destination address

Should be placed as close to the destination as possible

Allows or denies traffic based on virtual circuits of sessions

Correct Answer:
Allows or denies traffic by examining information in IP packet headers
Correct Answer:
Controls traffic using access control lists, or ACLs.

Explanation
A stateless firewall controls traffic using access control lists, or ACLs. Instead of
analyzing the state of network traffic, stateless firewalls inspect the information
contained in IP packets and compare it to a static list of rules in the ACL. These rules
determine whether to accept or reject IP packets based on the defined criteria. This
criteria can include IP addresses,
port numbers, services, and traffic direction
A stateful firewall allows or denies traffic based on virtual circuits of sessions. A
stateless firewall is also known as a circuit-level proxy or a circuit-level gateway.
Standard ACL:
• Identify traffic based on the destination address.
• Are used by route maps and VPN filters.
• Use the number ranges 1-99 and 1300-1999.
• Should be placed as close to the destination as possible.

References

• 6.2.12 Firewall Design and Configuration Facts

q_firewall_design_stateless_np6.question.fex
Which of the following terms describes a network device that is exposed to attacks
and has been hardened against those attacks?
Answer

Circuit proxy
Correct Answer:
Bastion

Multi-homed

Kernel proxy

Explanation

A bastion, or sacrificial, host is one that's unprotected by a firewall. The term bastion
host is used to describe any device fortified against attack (such as a firewall). A
sacrificial host might be a device intentionally exposed to attack, such as a honeypot.
Circuit proxies and kernel proxies are types of firewall devices.
Multi-homed describes a device with multiple network interface cards.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_bastion_np6.question.fex

Question 2:
Correct
How many network interfaces does a dual-homed gateway typically have?
Answer

one
Correct Answer:
three

four

two

Explanation

A dual-homed gateway is a firewall device that typically has three network interfaces.
One is connected to the internet, one is connected to the public subnet, and one is
connected to the private network.
References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_dual_homed_np6.question.fex

Question 3:
Correct
You have a company network that is connected to the internet. You want all users to
have internet access, but you need to protect your private network and users. You
also need to make a web server publicly available to the internet users.
Which solution should you use?
Answer

Use a single firewall. Put the server and the private network behind the firewall.

Use a single firewall. Put the web server in front of the firewall and the private
network behind the firewall.

Use firewalls to create a screened subnet. Place the web server and the private
network inside the screened subnet.
Correct Answer:
Use firewalls to create a screened subnet. Place the web server inside the screened
subnet and the private network behind the screened subnet.

Explanation

A screened subnet is a buffer network (or subnet) that sits between a private network
and an untrusted network, such as the internet. A common configuration uses two
firewalls, with one connected to the public network and one connected to the private
network. Publicly accessible resources (servers) are placed inside the screened
subnet. Examples of publicly accessible resources include web, FTP, or email
servers. Private resources that are not accessible from the internet are placed
behind the screened subnet (behind the inner firewall).
Placing the web server inside the private network would mean opening ports on the
firewall that lead to the private network, which could expose other devices to attacks.
Placing the web server outside the firewall would leave it unprotected.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_fact_01_np6.question.fex

Question 4:
Correct
You are managing a network and have used firewalls to create a screened subnet.
You have a web server that internet users need to access. It must communicate with
a database server to retrieve product, customer, and order information.
How should you place devices on the network to best protect the servers? (Select
two.)
Answer
Correct Answer:
Put the web server inside the screened subnet.

Put the database server and the web server inside the screened subnet.
Correct Answer:
Put the database server on the private network.

Put the web server on the private network.

Put the database server inside the screened subnet.

Explanation

Publicly accessible resources (servers) are placed inside the screened subnet.
Examples of publicly accessible resources include web, FTP, or email servers.
Devices that should not be accessible to public users are placed on the private
network. If you have a public server that communicates with another server (such as
a database server), and that server shouldn't have direct contact with public hosts,
place it on the private network and only allow traffic from the public server to cross
the inner firewall. Placing the database server and the web server inside the
screened subnet would not provide the necessary traffic flow.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_fact_02_np6.question.fex

Question 5:
Correct
In which of the following situations would you MOST likely implement a screened
subnet?
Answer
Correct Answer:
You want to protect a public web server from attack.

You want to detect and respond to attacks in real time.

You want to encrypt data sent between two hosts using the internet.
You want users to see a single IP address when they access your company network.

Explanation

A screened subnet is a network placed between a private, secured network and the
internet to grant external users access to internally controlled services. In essence, it
serves as a buffer zone for your network.
An intranet is a private network that happens to employ internet information services.
An extranet is a division of a private network that's accessible to a limited number of
users, such as business partners, suppliers, and certain customers.
A padded cell is an intrusion detection countermeasure that's used to delay intruders
enough to record meaningful information about them for discovery and prosecution.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_fact_03_np6.question.fex

Question 6:
Correct
Which of the following can serve as a buffer zone between a private, secured
network and an untrusted network?
Answer

Padded cell
Correct Answer:
Screened subnet

Extranet

Intranet

Explanation

A screened subnet is a network that's placed between a private, secured network

and the internet (untrusted network) to grant external users access to internally
controlled services. In essence, it serves as a buffer zone for your network.
An intranet is a private network that happens to employ internet information services.
An extranet is a division of a private network that's accessible to a limited number of
users, such as business partners, suppliers, and certain customers.
A padded cell is an intrusion detection countermeasure that's used to delay intruders
enough to record meaningful information about them for discovery and prosecution.

References
• 6.2.12 Firewall Design and Configuration Facts
• 6.3.1 Screened Subnets
• 6.3.2 Configure a Screened Subnet
• 6.3.3 Screened Subnet Facts
• 12.1.1 Security Concepts
• 12.1.2 Security Concepts Facts
• 12.1.7 Defense in Depth
• 12.1.8 Defense in Depth Facts
q_screened_subnet_fact_04_np6.question.fex

Question 7:
Correct
What do you need to configure on a firewall to allow traffic directed to the public
resources on the screened subnet?
Answer
Correct Answer:
Packet filters

Subnet

VPN

FTP

Explanation

Packet filters on a firewall allow traffic directed to the public resources inside the
screened subnet. Packet filters also prevent unauthorized traffic from reaching the
private network.
A subnet is used to segment a network.
A VPN (virtual private network) provides a secure outside connection to an internal
network's resources. A VPN does not need to be configured on the firewall to allow
traffic to the public resources on the screened subnet.
FTP (File Transfer Protocol) is a protocol that's used to transfer files. You do not
need to configure this on the firewall to allow traffic to the public resources on the
screened subnet.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_packet_np6.question.fex

Question 8:
Correct
Which of the following is another name for a firewall that performs router functions?
Answer

Screened subnet
Correct Answer:
Screening router

Screened-host gateway

Dual-homed gateway

Explanation

A firewall performing router functions is considered a screening router. A screening

router is the router that is most external to your network and closest to the internet. It
uses access control lists (ACLs) to filter packets as a form of security.
A dual-homed gateway is a firewall device that typically has three network interfaces.
One is connected to the internet, one is connected to the public subnet, and one is
connected to the private network.
A screened-host gateway resides within the screened subnet, requiring users to
authenticate in order to access resources within the screened subnet or the intranet.
A screened subnet uses two firewalls. The external firewall is connected to the
internet and allows access to public resources. The internal firewall connects the
screened subnet to the private network.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_router_01_np6.question.fex

Question 9:
Correct
Which of the following uses access control lists (ACLs) to filter packets as a form of
security?
Answer

Dual-homed gateway

Screened subnet
Correct Answer:
Screened router

Screened-host gateway

Explanation
A screening router is the router that is most external to the network and closest to
the internet. It uses access control lists (ACLs) to filter packets as a form of security.
A dual-homed gateway is a firewall device that typically has three network interfaces.
One is connected to the internet, one is connected to the public subnet, and one is
connected to the private network.
A screened-host gateway resides within the screened subnet, requiring users to
authenticate to access resources within the screened subnet or the intranet.
A screened subnet uses two firewalls. The external firewall is connected to the
internet and allows access to public resources. The internal firewall connects the
screened subnet to the private network.

References

• 6.3.3 Screened Subnet Facts

q_screened_subnet_router_02_np6.question.fex

Question 10:
Correct
Which of the following is the BEST solution to allow access to private resources from
the internet?
Answer
Correct Answer:
VPN

Packet filters

FTP

Subnet

Explanation

A VPN (virtual private network) provides a secure, outside connection to an internal

network's resources. A VPN server can be placed inside the screened subnet.
Internet users have to authenticate to the VPN server to communicate with the
private network. Only communications coming through the VPN server are allowed
through the inner firewall.
Packet filters on a firewall allow traffic directed to the public resources inside the
screened subnet. Packet filters also prevent unauthorized traffic from reaching the
private network. They do not allow access to private resources from the internet.
A subnet is used to segment a network.
File Transfer Protocol (FTP) is a protocol used to transfer files. This does not allow
access to private resources from the internet.

References
• 6.3.3 Screened Subnet Facts
q_screened_subnet_vpn_np6.question.fex
Which IDS method defines a baseline of normal network traffic and then looks for
anything that falls outside of that baseline?
Answer

Misuse detection
Correct Answer:
Anomaly-based

Pattern matching

Port scanner

VPN concentrator

Explanation

A host-based IDS is installed on a single host and monitors all traffic coming into the
host. A host-based IDS can analyze encrypted traffic because the host operating
system decrypts that traffic as it's received.
A network-based IDS is a dedicated device installed on the network. It analyzes all
traffic on the network. It cannot analyze encrypted traffic because the packet's
contents are encrypted so that only the recipient can read them.
A protocol analyzer examines packets on the network, but it cannot look at the
contents of encrypted packets.
A port scanner probes a device to identify open protocol ports.
A VPN concentrator is a device used to establish remote access VPN connections.

References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_host_01_np6.question.fex

Question 5:
Correct
Which of the following is true about an intrusion detection system?
Answer

An intrusion detection system maintains an active security role within the network.
Correct Answer:
An intrusion detection system monitors data packets for malicious or unauthorized
traffic.

An intrusion detection system can terminate or restart other processes on the

system.

An intrusion detection system can block malicious activities.

Explanation

An intrusion detection system (IDS) monitors data packets for malicious or

unauthorized traffic. However, an IDS takes no action to stop or prevent the attack. It
maintains a passive, not an active, role in network security. It cannot terminate or
restart other processes, and it cannot block malicious activities.

References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_ids_01_np6.question.fex

Question 6:
Correct
You're concerned about attacks directed at your network firewall. You want to be
able to identify and be notified of any attacks. In addition, you want the system to
take immediate action to stop or prevent the attack, if possible.
Which tool should you use?
Answer
Correct Answer:
IPS

IDS

Port scanner

Packet sniffer
Explanation

Use an intrusion prevention system (IPS) to both detect and respond to attacks.
An intrusion detection system (IDS) can detect attacks and send notifications, but it
cannot respond to attacks.
Use a port scanner to check for open ports on a system or a firewall.
Use a packet sniffer to examine packets on your network.

References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_ips_01_np6.question.fex

Question 7:
Correct
Which of the following is true about an NIDS?
Answer
Correct Answer:
It detects malicious or unusual incoming and outgoing traffic in real time.

It can analyze fragmented packets.

It can access encrypted data packets.

It can monitor changes that you've made to applications and systems.

Explanation

An NIDS (network-based intrusion detection system) detects malicious or unusual

incoming and outgoing traffic in real time.
An NIDS cannot analyze encrypted data or analyze fragmented packets.
An HIDS (host-based intrusion detection system) can monitor changes that you've
made to applications and systems.

References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_nids_01_np6.question.fex

Question 8:
Correct
Which IDS type can alert you to trespassers?
Answer
NIDS

HIDS
Correct Answer:
PIDS

VMIDS

Explanation

A PIDS (perimeter intrusion detection system) can alert you to physical trespassers.
VMIDS, NIDS, and HIDS are IDS types. However, they cannot alert you to physical
trespassers.

References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_pids_np6.question.fex

Question 9:
Correct
Which IDS method searches for intrusion or attack attempts by recognizing patterns
or identifying entities listed in a database?
Answer
Correct Answer:
Signature-based IDS

Anomaly analysis-based IDS

Heuristics-based IDS

Stateful inspection-based IDS

Explanation

A signature-based IDS, or pattern matching-based IDS, is a detection system that

searches for intrusion or attack attempts by recognizing patterns that are listed in a
database.
A heuristics-based IDS is able to perform some level of intelligent statistical analysis
of traffic to detect attacks.
Anomaly analysis-based IDSs look for changes in the normal patterns of traffic.
Stateful inspection-based IDSs search for attacks by inspecting packet contents and
associating one packet with another. These searches look for attacks in overall data
streams rather than individual packets.
References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_signature_02_np6.question.fex

Question 10:
Correct
You've just installed a new network-based IDS system that uses signature
recognition. What should you do on a regular basis?
Answer

Modify clipping levels.

Check for backdoors.

Correct Answer:
Update the signature files.

Generate a new baseline.

Explanation

Signature recognition (also referred to as pattern matching, dictionary recognition, or

misuse detection) looks for patterns in network traffic and compares them to known
attack patterns called signatures. Signature-based recognition cannot detect
unknown attacks. It can only detect attacks identified by published signature files.
For this reason, it's important to update signature files on a regular basis.
Anomaly recognition (also referred to as behavioral, heuristic, or statistical
recognition) monitors traffic to define a standard activity pattern as normal
functionality. Clipping levels or thresholds identify deviations from that norm. When
the threshold is reached, the system generates an alert or takes an action.

References

• 6.4.3 Intrusion Detection and Prevention Facts

q_ids_ips_signature_04_np6.question.fex
Match each switch management method on the left with its corresponding
characteristics on the right. Each method may be used once, more than once, or not
at all.
Competes with normal network traffic for bandwidth.

In-band management
correct answer:
Uses a dedicated communication channel.

Out-of-band management
correct answer:
Must be encrypted to protect communications from sniffing.

In-band management
correct answer:
Does not compete with normal network traffic for bandwidth.

Out-of-band management
correct answer:
Affected by network outages.

In-band management
correct answer:
Keyboard Instructions

Explanation

You can perform switch management tasks through a network connection by using
the management utilities. This is called in-band management because it uses a
normal network switch connection to perform these tasks. Tools such as Telnet or
SSH provide in-band management. Using the same network connection for both
data and management has several drawbacks. For example:
• You must compete with normal network traffic for bandwidth.
• The network traffic created by the management utilities must be protected
from sniffing to ensure that hackers cannot capture sensitive configuration
information.
• If the network connection is unavailable or if the switch is unresponsive,
you can't perform management tasks.
Out-of-band management, on the other hand, overcomes these problems by using
dedicated communication channels that separate server management traffic from
normal network traffic. With network switches (and routers), you can use console
redirection to redirect console output to a built-in serial or USB console port.

References
• 7.1.4 Switching Facts
q_switching_bands_np6.question.fex

Question 2:
Correct
Which level of the OSI model does a Layer 2 switch operate at?
Answer
Correct Answer:
Data Link layer

Transportation layer

Network layer

Session layer

Explanation

A Layer 2 switch operates at the second layer of the OSI model, which is the Data
Link layer.
A Layer 2 switch does not operate at the fourth or fifth layer of the OSI model, which
are the Transportation and Session layers.
A Layer 3 switch can operate at the second and third layers of the OSI model, which
are the Data Link and Network layers.

References

• 7.1.4 Switching Facts

q_switching_data_link_np6.question.fex

Question 3:
Correct
Which of the following is a device that can send and receive data simultaneously?
Answer

Managed

Unmanaged
Correct Answer:
Full-duplex

Honeypot

Managed switch
correct answer:
Keyboard Instructions

Explanation

You cannot configure the low-end switches available from many retail stores. These
are called unmanaged switches. To implement an unmanaged switch, you simply
plug it in to a power outlet and connect your network devices with UTP cables. While
unmanaged switches are convenient and easy to implement, they lack many of the
advanced management and security features available on managed switches. For
example, managed switches provide port security and support VLANs.

References

• 7.1.4 Switching Facts

q_switching_manage_np6.question.fex

Question 7:
Correct
Which of the following is required to establish a new network switch and configure its
IP address for the first time?
Answer

Client-to-site VPN
Correct Answer:
Out-of-band management

Site-to-site VPN

In-band management

Explanation
Out-of-band management is required when you establish a new network switch and
configure its IP address for the first time.
A client-to-site VPN is a connection where remote clients connect to the server
through the internet and to a LAN behind a server.
In-band management can only be used after the switch has been configured with an
IP address and authentication information through out-of-band management.
A site-to-site VPN is a connection between networks that creates a secure link
through VPN gateways.

References

• 7.1.4 Switching Facts

q_switching_out_of_band_01_np6.question.fex

Question 8:
Correct
Which of the following methods is best to have when a network goes down?
Answer

Site-to-site VPN
Correct Answer:
Out-of-band management

Client-to-site VPN

In-band management

Explanation

Out-of-band management uses a dedicated communication channel that can be

used to reach network nodes even when the network goes down.
In-band management requires no physical connection. If the network goes down, this
method will no longer be connected, either.
A client-to-site VPN is a connection where remote clients connect to the server
through the internet and to a LAN behind the server. If the network goes down, there
will be no connection with a client-to-site VPN.
A site-to-site VPN is a connection between networks that creates a secure link
through VPN gateways. This connection would also be lost if the network goes
down.

References

• 7.1.4 Switching Facts

q_switching_out_of_band_02_np6.question.fex
Question 9:
Correct
Which of the following is a communication device that connects other network
devices through cables and receives and forwards data to a specified destination
within a LAN?
Answer

Router

Hub
Correct Answer:
Switch

Access point

Explanation

A switch is a communication device that connects other network devices through

cables and receives and forwards data to a specified destination within a LAN.
A router is a communication device that connects computer networks and receives
and forwards data through the internet.
A hub is a communication device that connects other devices on a network, but hubs
broadcast all incoming data to all active ports.
An access point is a network connector that provides wireless signals for other
devices.

References

• 7.1.4 Switching Facts

q_switching_switch_02_np6.question.fex

Question 10:
Correct
Which of the following is true about an unmanaged switch?
Answer
Correct Answer:
It can connect to all devices in a small area.

It is capable of VLAN creation.

It supports link aggregation.

It allows port configuration.

Explanation

An unmanaged switch is faster and more economical than a managed switch and
can connect all devices within a small area, like a home or small office.
Managed switches allow VLAN creation for segmentation; unmanaged switches do
not.
Managed switches support link aggregation; unmanaged switches do not.
Managed switches allow port configuration; unmanaged switches do not.

References

• 7.1.4 Switching Facts

q_switching_unmanaged_np6.question.fex
Which of the following is the open standard for tagging Layer 2 frames?
Answer

RFC1918

NDP
Correct Answer:
802.1q

ARP

Explanation

802.1q is the open standard for tagging Layer 2 frames and is used for implementing
trunk porting.
RFC1918 is used to create IP addresses on a private network.
ARP (Address Resolution Protocol) works at Layer 3 to establish the MAC address
that's linked to the gateway's IP address.
NDP (Neighbor Discovery Protocol) works for address resolution with IPv6.

References

• 7.2.2 VLAN Facts

q_vlan_802_1q_np6.question.fex

Question 2:
Correct
Which of the following protocols prescribes what to do when a data channel is in use
on a half-duplex device?
Answer

ARP
Correct Answer:
CSMA/CD

Auto-MDI-X

NDP

Explanation

Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a protocol used to

prescribe what to do when a data channel is in use on a half-duplex device. Those
steps are to send a jam signal, wait a random amount of time, attempt to resend the
frame, and repeat until the channel is clear and the transmission is complete.
Address Resolution Protocol (ARP) is a protocol used to establish associations
between a MAC address and a given IP address.
Neighbor Discovery Protocol (NDP) is a protocol used for address resolution with
IPv6.
Auto-MDIX, or auto-medium dependent crossover, is a line-sensing port that
automatically decides which type of cable configuration is needed for a connection.

References

• 7.2.2 VLAN Facts

q_vlan_csma_cd_np6.question.fex

q_vlan_switch_02_np6.question.fex

Question 6:
Correct
You run a small network for your business that has a single router connected to the
internet and a single switch. You keep sensitive documents on a computer that you
would like to keep isolated from other computers on the network. Other hosts on the
network should not be able to communicate with this computer through the switch,
but you still need to access the network through the computer.
Which of the following should you use in this situation?
Answer

Spanning Tree

VPN
Correct Answer:
VLAN

Port security

Explanation

You should define virtual LANs (VLANs) on the switch. With a VLAN, a switch port is
associated with a VLAN, and only devices connected to ports that are members of
the same VLAN can communicate with each other. You can use routers to allow
communication between VLANs if necessary.
Use a virtual private network (VPN) to connect two hosts securely through an
unsecure network (such as the internet). VPN tunneling protocols protect data as it
travels through the unsecure network.
Spanning Tree is a switch feature that allows redundant paths between switches.
Port security is a method of requiring authentication before a network connection is
allowed.

References
•7.2.2 VLAN Facts
q_vlan_vlan_01_np6.question.fex

Question 7:
Correct
For which of the following devices does a voice VLAN prioritize traffic?
Answer

Hub

Layer 3 switch

Bridge
Correct Answer:
VoIP phone

Explanation

A VoIP phone is a phone that transmits sound over the internet. It works best when a
voice VLAN is created to prioritize its traffic.
A hub is a device that broadcasts data to every computer that is connected to it.
A Layer 3 switch is a device that can provide all the functions of a Layer 2 switch
along with routing.
A bridge is a device that creates a single network from multiple network segments.

References

• 7.2.2 VLAN Facts

q_vlan_voice_np6.question.fex

Question 8:
Correct
What does the ip address dhcp command allow you to do?
Answer
Correct Answer:
Configure a switch to obtain an IP address from a DHCP server.

Send the DHCP server address for all connected devices.

Configure a switch to act as a DHCP server.

Specify the DHCP relay server for forwarding DHCP packets.

Explanation

• In the learning state, ports do not forward frames but still populate the
MAC address table based on received frames.
• In the blocking state, ports receive BPDUs but do not forward frames.
• In the listening state, all ports are blocked.

References

• 7.3.2 Switch Port Configuration Facts

q_conf_switch_port_state_01_np6.question.fex

Question 2:
Correct
You manage a single subnet with three switches. The switches are connected to
provide redundant paths between themselves.
Which feature prevents switching loops and ensures that there is only a single active
path between any two switches?
Answer

Trunking
Correct Answer:
Spanning Tree

802.1x

PoE
Explanation

Spanning Tree is a protocol on a switch that allows it to maintain multiple paths

between other switches within a subnet. Spanning Tree runs on each switch and is
used to select a single path between any two switches. Without this protocol,
switches that are connected with multiple links would form a switching loop, where
frames are passed back and forth continuously.
802.1x is an authentication protocol used with port security (or port authentication).
Power over Ethernet (PoE) supplies power to end devices through the RJ45
Ethernet switch port.
Trunking identifies ports that are used to carry VLAN traffic between switches. A
trunk port is a member of all VLANs defined on all switches.

References

• 7.3.2 Switch Port Configuration Facts

• 7.3.15 Configure Spanning Tree
q_conf_switch_port_stp_01_np6.question.fex

Question 3:
Correct
You manage a network with two switches. The switches are connected together
through their Gigabit Ethernet uplink ports.
You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN
1 needs to communicate with a device on the second switch in VLAN 1.
What should you configure to allow communication between these two devices
through the switches?
Answer

Layer 3 switching

Spanning Tree
Correct Answer:
Trunking

Bonding

Explanation

A trunk port connects two switches together.

• Typically, Gigabit Ethernet ports are used for trunk ports, although any
port can be a trunking port.
• A trunk port is a member of all VLANs and carries traffic between the
switches.
• With trunking, frames that are sent over a trunk port are tagged by the first
switch with the VLAN ID so that the receiving switch knows which VLAN
the frame belongs to.
• The trunking protocol describes the format that switches use for tagging
frames with the VLAN ID.
• Because end devices do not understand VLAN tags, the tag is removed
from the frame by the switch before the frame is forwarded to the
destination device.
• VLAN tagging is only used for frames that travel between switches on the
trunk ports.
Use a Layer 3 switch or a router to enable devices in different VLANs to
communicate with each other.
Spanning Tree is a protocol on a switch that allows it to maintain multiple paths
between other switches within a subnet. Spanning Tree runs on each switch and is
used to select a single path between any two switches.
Bonding allows multiple switch ports to be used at the same time to reach a specific
destination.

References

• 7.3.2 Switch Port Configuration Facts

q_conf_switch_port_trunking_03_np6.question.fex

Question 4:
Correct

Computers A and B are on the same VLAN and are separated by two switches as
shown in the exhibit. Computer A sends a frame to Computer B.
Which of the following BEST describes the frame's composition as it travels from A
to B?
Answer

Computer A sends a normal frame. The first switch forwards the frame to the second
switch, where the VLAN ID is appended to the frame and forwarded to Computer B.
Computer A sends a normal frame. The first switch appends a VLAN ID to the frame.
The VLAN ID remains on the frame through the second switch up to Computer B.

Computer A appends a VLAN ID to the frame. It travels from switch to switch and
arrives at Computer B, where it removes the VLAN ID.
Correct Answer:
Computer A sends a normal frame. The first switch appends a VLAN ID to the frame.
The second switch removes the VLAN ID before forwarding it to Computer B.

Explanation

Only switches understand VLAN IDs, who use the IDs for inter-switch traffic. The first
switch appends the VLAN ID, and the second switch removes it.

References

• 7.3.2 Switch Port Configuration Facts

q_conf_switch_port_vlan_id_01_np6.question.fex

Question 5:
Correct
Which of the following BEST describes port aggregation?
Answer
Correct Answer:
Multiple ports linked together and used as a single logical port.

Multiple VLANs traveling through a single port.

IEEE network standard 802.3.

A priority-based flow control that allows you to prioritize network traffic.

Explanation

Multiple ports linked together and used as a single logical port is called link
aggregation.
Multiple VLANs traveling through a single port is called port tagging or port trunking.
The 802.3 IEEE network standard refers to an 802.3 Ethernet network.
The IEEE standard for prioritized flow control is 802.1Qbb. It is not port aggregation
itself.

References
•7.3.10 Switch Port Feature Facts
q_switch_ports_features_aggregation_01_np6.question.fex

Question 6:
Correct
Which of the following BEST describes Ethernet flow control?
Answer

A configuration that allows frames larger than 1,500 bytes to pass through the port
without fragmentation.

A protocol designed to prevent looping in network traffic.

Correct Answer:
A configuration that sends a pause frame to the transmitting device when the
receiving device cannot keep up with the volume of data being sent.

A configuration that allows traffic from multiple VLANs on a single port.

Explanation

Ethernet flow control is a configuration that sends a pause frame to the transmitting
device when the receiving device cannot keep up with the volume of data being sent.
Port tagging is a configuration that allows traffic from multiple VLANs on a single
port.
Setting your network devices' MTU to 9,000 is a configuration that allows frames
larger than 1,500 bytes (known as jumbo frames) to pass through the ports without
fragmentation.
Spanning Tree Protocol is a protocol designed to prevent looping in network traffic.

References

•7.3.10 Switch Port Feature Facts

q_switch_ports_features_flow_control_np6.question.fex

Question 7:
Correct
Which of the following must each device's MTU be set to for jumbo frames to
transverse the network without risk of fragmentation?
Answer

6,000

1,500
3,000
Correct Answer:
9,000

Explanation

The MTU of each device in the network must be set to 9,000 for jumbo frames to
transverse the network without fragmentation.
If a device's MTU is set to 1,500, 3,000, or 6,000, a jumbo frame could be
fragmented.

References

• 7.3.10 Switch Port Feature Facts

q_switch_ports_features_jumbo_np6.question.fex

Question 8:
Correct
Your organization's management wants to monitor all the customer services calls.
The calls are taken on VoIP phones. Which of the following configurations would
BEST help you set up a way to monitor the calls?
Answer
Correct Answer:
Port mirroring

LACP

Spanning Tree Protocol

Priority-based flow control

Explanation

Port mirroring provides copies of packets from a selected port for monitoring and
analysis.
LACP is Link Aggregation Control Protocol. It allows you to link up to eight ports
together to act as a single logical port.
Spanning Tree Protocol is a protocol designed to prevent looping in network traffic.
Priority-based flow control is protocol that allows you to prioritize traffic on your
network by category.

References

•7.3.10 Switch Port Feature Facts

q_switch_ports_features_mirroring_np6.question.fex
Question 9:
Correct
You have a large Power over Ethernet flat screen that you are installing in a
conference room that requires 70 watts of power. Which of the following IEEE
standards does your PoE switch need to provide power for the flat screen?
Answer
Correct Answer:
PoE++ Type 4

PoE++ Type 3

PoE+

PoE

Explanation

You would need PoE++ Type 4, which provides up to 71. 3 watts of power.
PoE provides up to 15.4 watts of power and would not be sufficient to power the flat
screen.
PoE+ provides up to 25.5 watts of power and would not be sufficient to power the flat
screen.
PoE++ Type 3 provides up to 51 watts of power and would not be sufficient to power
the flat screen.

References

• 7.3.10 Switch Port Feature Facts

q_switch_ports_features_poe4_np6.question.fex

Question 10:
Correct
Which of the following switch features allows you to configure how the switch's MAC
address table is filled?
Answer

Auto-negotiation

Spanning Tree Protocol

Correct Answer:
Port security

Port mirroring
Explanation

Port security allows you to choose from dynamic locking, static locking, or a
combination of both to fill the MAC address table. This is done to protect the switch
from MAC flooding and other vulnerabilities.
Port mirroring provides copies of packets from a selected port for monitoring and
analysis.
Auto-negotiation is a default setting on Ethernet devices in which connected devices
communicate to select the speed, duplex, and flow control parameters for their
transmissions.

References

• 7.3.10 Switch Port Feature Facts

q_switch_ports_features_security_np6.question.fex
Which of the following scenarios would typically utilize 802.1x authentication?
Answer

Authenticating VPN users through the internet.

Controlling access through a router.

Authenticating remote access clients.

Correct Answer:
Controlling access through a switch.

Explanation

802.1x is an authentication method used on a LAN to allow or deny access based on

a port or network connection. 802.1x is used for port authentication on switches and
requires an authentication server to validate user credentials, which is typically a
RADIUS server.
Remote access authentication is handled by remote access servers or a combination
of remote access servers and a RADIUS server.
You can control VPN connections through remote access servers or through a
special device called a VPN concentrator.

References

• 7.4.2 Switch Security Facts

q_switch_security_802x_02_np6.question.fex

Question 2:
Correct

You have two switches connected together as shown in the following diagram. How
many broadcast domains are in the network?
Answer

Zero

One
Correct Answer:
Two

Four

Five

Explanation

There are two broadcast domains. Each VLAN is in its own broadcast domain.
When you connect devices to a switch, each switch port connection is in its own
collision domain. In this graphic, there are five collision domains.

References

• 7.4.2 Switch Security Facts

q_switch_security_broadcast_01_np6.question.fex

Question 3:
Correct
You are the network administrator for a city library. Throughout the library are
several groups of computers that provide public access to the internet. Supervision
of these computers has been difficult. You've had problems with patrons bringing
personal laptops into the library and disconnecting the network cables from the
library computers to connect their laptops to the internet.
The library computers are in groups of four. Each group of four computers is
connected to a hub that's connected to the library network through an access port on
a switch. You want to restrict access to the network so that only library computers
are permitted connectivity to the internet.
What can you do?
Answer
Correct Answer:
Configure port security on the switch.

Remove the hub and place each library computer on its own access port.

Create static MAC addresses for each computer and associate each address with a
VLAN.

Create a VLAN for each group of four computers.

Explanation
Configuring port security on the switch can restrict access so that only specific MAC
addresses can connect to the configured switch port. This would prevent the laptop
computers from connecting.
Placing each library computer on its own access port would have no effect.
VLANs are used to group broadcast traffic and do not restrict device connectivity as
needed in this scenario.

References

• 7.4.2 Switch Security Facts

q_switch_security_port_02_np6.question.fex

Question 4:
Correct
Which of the following BEST describes an ARP spoofing attack?
Answer

An attack where a frame is manipulated to contain two tags.

An attack that changes the source MAC address on frames.

Correct Answer:
An attack that associates an attacker's MAC address with the IP address of a
victim's device.

An attack in which a switch is flooded with packets, each containing a different

source MAC address.

Explanation

An ARP spoofing attack associates an attacker's MAC address with the IP address
of a victim's device.
MAC flooding is an attack in which a switch is flooded with packets, each containing
a different source MAC address.
MAC spoofing is an attack that changes the source MAC address on frames.
Double tagging is a VLAN hopping attack where a frame is manipulated to contain
two tags.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_arp_01_np6.question.fex

Question 5:
Correct
Which of the following is a method of VLAN hopping?
Answer

MAC flooding

ARP spoofing
Correct Answer:
Double tagging

MAC spoofing

Explanation

Double tagging is a VLAN hopping method that occurs when an attacker is

connected to a host on one VLAN and the target host is on a VLAN connected to
another switch. In double tagging, the frame is manipulated to include two tags, one
for the first switch and one for the target VLAN's switch.
MAC spoofing is changing the source MAC address on frames. The attacker's
system sends frames with the spoofed MAC address. The switch reads the source
address contained in the frames and associates the MAC address with the port
where the attacker is connected.
ARP spoofing/poisoning associates the attacker's MAC address with the IP address
of the victim's device.
MAC flooding overloads the switch's MAC forwarding table to make the switch
function like a hub.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_double_np6.question.fex

Question 6:
Correct
Drag each description on the left to the appropriate switch attack type on the right.
ARP spoofing/poisoning

The source device sends frames to the attacker's MAC address instead of to the
correct device.
correct answer:
Dynamic Trunking Protocol

Should be disabled on the switch's end user (access) ports before implementing
the switch configuration in to the network.
correct answer:
MAC flooding
Causes packets to fill up the forwarding table and consumes so much of the
switch's memory that it enters a state called fail open mode.
correct answer:
MAC spoofing

Can be used to hide the identity of the attacker's computer or impersonate another
device on the network.
correct answer:
Keyboard Instructions

Explanation

Common attacks that are perpetrated against switches are MAC flooding, ARP
spoofing/poisoning, and MAC spoofing.
MAC flooding overloads the switch's MAC forwarding table to make the switch
function like a hub. MAC flooding works in the following manner:
• The attacker floods the switch with packets, each containing a different
source MAC address.
• The flood of packets fills up the forwarding table and consumes so much
of the memory in the switch that it causes it to enter in to fail open mode.
While in this mode, all incoming packets are broadcast out of all ports (as
with a hub) instead of just to the correct ports, as per normal operations.
• The attacker captures all the traffic with a protocol analyzer/sniffer.
ARP spoofing/poisoning associates the attacker's MAC address with the IP address
of the victim's device. ARP spoofing works in the following manner:
•When computers send an ARP request for a known IP address's MAC
address, the attacker's system responds with its own MAC address.
• The source device sends frames to the attacker's MAC address instead of
to the correct device.
• Switches are indirectly involved in the attack because they do not verify
the MAC address/IP address association.
MAC spoofing changes the source MAC address on frames sent by the attacker.
• MAC spoofing is typically used to bypass 802.1x port-based security.
• MAC spoofing can be used to bypass wireless MAC filtering.
• MAC spoofing can be used to hide the identity of the attacker's computer
or to impersonate another device on the network.
Dynamic Trunking Protocol (DTP) switches have the ability to automatically detect
trunk ports and negotiate the trunking protocol used between devices. DTP is not
secure and allows unauthorized devices to possibly modify configuration information.
You should disable DTP services on a switch's end user (access) ports before
implementing the switch configuration on the network.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_level2_np6.question.fex
Question 7:
Correct
An attacker hides his computer's identity by impersonating another device on a
network. Which of the following attacks did the attacker MOST likely perform?
Answer
Correct Answer:
MAC spoofing attack

ARP spoofing attack

VLAN hopping attack

DTP attack

Explanation

In a MAC spoofing attack, an attacker hides his or her computer's identity by

changing the source MAC address on frames to make it look like their computer is
actually a different computer.
A DTP attack is an attack that takes advantage of the Dynamic Trunking Protocol to
allow unauthorized devices on to a network.
An ARP spoofing attack is an attack that associates an attacker's MAC address with
the IP address of a victim's device.
VLAN hopping is an attack focused on gaining access to traffic on another VLAN
without using a router.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_mac_02_np6.question.fex

Question 8:
Correct
You have just connected four switches as shown in the Exhibit.
Assuming the default switch configuration, how can you force switch C to become
the root bridge?
Answer

Remove link cable 6 from the configuration.

Remove link cables 1 and 6 from the configuration.

Remove link cable 1 from the configuration.

Configure a priority number of 61440 for switch C.

Correct Answer:
Configure a priority number of 4096 for switch C.

Explanation

To force a specific switch to become the root bridge, configure a priority number
lower than the default (32768). The switch with the lowest bridge ID becomes the
root bridge. The bridge ID is composed of two parts, a bridge priority number and the
MAC address assigned to the switch. When the default priority is used for all
switches, the switch with the lowest MAC address becomes the root bridge.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_root_01_np6.question.fex

Question 9:
Correct
Which of the following switch attacks bypasses the normal functions of a router to
communicate between VLANs and gain unauthorized access to traffic on another
VLAN?
Answer

ARP spoofing

MAC spoofing

Dynamic Trunking Protocol attack

Correct Answer:
Switch spoofing

Explanation

Switch spoofing, also known as VLAN spoofing, is an attack that bypasses the
normal functions of a router to communicate between VLANs and gain unauthorized
access to traffic on another VLAN. It does this by taking advantage of a switch's
default setting called dynamic auto or dynamic desirable. The attacker uses this
function to imitate a trunking switch and gain access to the traffic on multiple VLANs.
VLAN, or switch, spoofing is a method of VLAN hopping.
MAC spoofing is changing the source MAC address on frames. The attacker's
system sends frames with the spoofed MAC address. The switch reads the source
address contained in the frames and associates the MAC address with the port
where the attacker is connected.
ARP spoofing/poisoning associates the attacker's MAC address with the IP address
of a victim's device.
Switches have the ability to automatically detect trunk ports and negotiate the
trunking protocol used between devices. Dynamic Trunking Protocol is not secure
and allows unauthorized devices to modify configuration information.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_switch_np6.question.fex

Question 10:
Correct
Which of the following attacks manipulates a switch's auto-negotiation setting to
access a virtual local area network that's connected to the same switch as the
attacker's virtual local area network?
Answer

ARP spoofing
MAC spoofing
Correct Answer:
VLAN spoofing

Dynamic Trunking Protocol attack

Explanation

VLAN spoofing manipulates a switch's auto-negotiation setting to access a virtual

local area network that's connected to the same switch as the attacker's virtual local
area network.
A DTP attack is an attack that takes advantage of the Dynamic Trunking Protocol to
allow unauthorized devices on a network.
MAC spoofing is an attack that changes the source MAC address on frames.
An ARP spoofing attack is an attack that associates an attacker's MAC address with
the IP address of a victim's device.

References

• 7.4.4 Switch Attack Facts

q_switch_attacks_vlan_np6.question.fex
Which of the following BEST describes dynamic routing?
Answer

Routing entries are manually added to routing tables.

Routing is done within an autonomous system.

Routing is done between autonomous systems.

Correct Answer:
Routers learn about networks by sharing routing information with each other.

Explanation

In dynamic routing, routers dynamically learn about networks by sharing routing

information with other routers through dynamic routing protocols. Dynamic routing
protocols automatically add entries to the routing table.
Interior routing is done within an autonomous system. With interior routers, you own
and control the router, determine where routers are located, and control the
interfaces that connect the routers to your system.
Static routing entries are manually added to the routing table. Static entries remain in
the routing table until they are manually removed.
Exterior routing is done between autonomous systems. In most organizations,
exterior routing is limited to a single router that connects the organization's network
to the internet via an ISP. This router is often called a border router or an edge
router.

References

• 7.5.2 Routing Facts

q_rounting_dynamic_np6.question.fex

Question 2:
Correct
Jake is a network administrator for a hospital. There is medical equipment that relies
on having uninterrupted internet connectivity. Which of the following types of routing
protocols should Jake focus on to ensure that the hospital's network connectivity
remains reliable?
Answer

Distance vector routing protocols

Link state routing protocols

Interior dynamic routing protocols

Correct Answer:
Exterior dynamic routing protocols

Explanation

Jake should focus on exterior dynamic routing protocols to provide redundancy in

internet connectivity and ensure that the medical equipment is constantly connected
to the internet. BGP (Border Gateway Protocol) is an example of an exterior dynamic
routing protocol.
Interior dynamic routing protocols route paths within an autonomous system and are
not used for connecting to external systems (including to the internet).
Link state routing protocols and distance vector routing protocols are used for routing
within an autonomous system.

References

• 7.5.2 Routing Facts

q_rounting_exterior_np6.question.fex

Question 3:
Correct
Which of the following has the least default administrative distance?
Answer
Correct Answer:
Static route to an IP address

External BGP

OSPF

RIP

Explanation

A static route to an IP address has a default administrative distance of 1. The only

thing that has a lower administrative distance is a connected interface or static route.
When more than one protocol is enabled on a router, each protocol is given an
administrative distance. When the best path is being determined, protocols with a
lower administrative distance are chosen over those with a higher administrative
distance.
External BGP (Border Gateway Protocol) has an administrative distance of 20.
RIP (Routing Information Protocol) has an administrative distance of 120.
OSPF (Open Shortest Path First) has an administrative distance of 110.

References
• 7.5.4 Routing Protocol Characteristics Facts
q_rounting_admin_distance_np6.question.fex

Question 4:
Correct
Under which of the following circumstances might you implement BGP on your
company network and share routes with internet routers?
Answer

If the network has over 15 hops.

If the network is connected to the internet using public addressing.

If the network has over 15 areas and uses IPv6.

Correct Answer:
It divides large networks into areas.
Correct Answer:
It supports IPv6 routing.

It is a classful protocol.

It uses bandwidth and delay for the metric.

Explanation

IS-IS (Intermediate System to Intermediate System) is a link state routing protocol

used for routing within an AS. IS-IS is classless and uses relative link cost for the
metric. Large networks are divided into areas, and IS-IS is best suited for large,
private networks.
A network link is the boundary between one area and another.

References

• 7.5.6 Routing Protocol Facts

q_rounting_protocols_is_is_np6.question.fex

Question 8:
Correct
What are the main differences between the OSPF and IS-IS routing protocols?
Answer
Correct Answer:
OSPF requires an area 0, while IS-IS does not.

OSPF is a classful protocol, while IS-IS is a classless protocol.

OSPF is a link state protocol, while IS-IS is not.

OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol.

Explanation

Like OSPF, IS-IS uses areas when designing the network. However, IS-IS does not
require an area 0 like OSPF does. Because IS-IS was originally designed for non-IP
protocols, it can more easily support IPv6 routing.
Both OSPF and IS-IS have the following characteristics:
• Both are link state protocols.
• Both are classless protocols, supporting CIDR and VLSM.
• Both are interior gateway protocols that are used within an AS.

References

• 7.5.6 Routing Protocol Facts

q_rounting_protocols_link_state_02_np6.question.fex

Question 9:
Correct
What is the main difference between RIP and RIPv2?
Answer

RIP use hop count for the metric, while RIPv2 uses a relative link cost.

RIP is a distance vector protocol, while RIPv2 is a link state protocol.

RIP has a limit of 15 hops, while RIPv2 increases the hop count limit.
Correct Answer:
RIP is a classful protocol, while RIPv2 is a classless protocol.

Explanation

RIPv1 is a classful protocol, meaning that the subnet mask is not included in routing
updates. With RIP, only the default subnet mask is used to identify networks. RIPv2
is a classless protocol, meaning that the subnet mask is included in routing updates.
RIPv2 supports variable-length subnet masks (VLSM).
Both RIP and RIPv1 are distance vector protocols and use hop count for the metric.
RIP and RIPv2 have a limit of 15 hops between any two networks.

References

• 7.5.6 Routing Protocol Facts

q_rounting_protocols_rip_04_np6.question.fex

Question 10:
Correct
You have only one physical interface but want to connect two IP networks. Which of
the following would allow you to do so?
Answer

A loopback address
Correct Answer:
Subinterfaces

The sticky feature

Virtual IPs

Explanation

You can use subinterfaces to connect two IP networks through one parent physical
interface. Each subinterface is given its own IP information and data can then be
routed from one network to the other through the physical interface.
A loopback address is a special IP address used for diagnostics and for
troubleshooting the TCP/IP stack.
Virtual IPs (VIPs) are IP addresses that are not associated with a single device.
Multiple devices with an internet connection can share a VIP. They are used for one-
to-many Network Address Translation, mobility, and fault tolerance.
The sticky feature is a Cisco port security command that you can enable to
automatically add MAC addresses to the Content Addressable Memory (CAM) table,
or MAC address table.

References

• 7.5.8 Routing High Availability Facts

q_rounting_avail_subinterfaces_np6.question.fex
Which of the following is true about Network Address Translation?
Answer

It cannot forward DNS requests to the internet.

It allows external hosts to initiate communication with internal hosts.

It provides end-device to end-device traceability.

Correct Answer:
It supports up to 5,000 concurrent connections.

Explanation

Hosts on a private network share the IP address of the NAT router. NAT works by
translating private addresses NAT supports up to 5,000 concurrent connections. This
can consume processor and memory resources, but allows one NAT router to
translate for a large network.
Network address translation can forward DNS requests to the internet.

NAT does not provide end-device to end-device traceability, but this also provide
some security to hosts within the private network as their IP addresses are not
shared publicly.
NAT does not allow external hosts to initiate communication with internal hosts. All
communication is through the NAT router.

References

• 7.6.2 NAT Facts

q_nat_5000_np6.question.fex

Question 2:
Correct
Which of the following allows incoming traffic addressed to a specific port to move
through the firewall and be transparently forwarded to a specific host on the private
network?
Answer
Correct Answer:
DNAT

IP masquerade

Dynamic NAT

OSPF
Explanation

DNAT (Destination Network Address Translation) is also called port forwarding and
allows incoming traffic addressed to a specific port to move through the firewall and
be transparently forwarded to a specific host on the private network. Dynamic NAT
automatically maps internal IP addresses with a dynamic port assignment. In this
implementation, many internal private IP addresses are mapped to one public IP
address on the NAT router.
IP masquerade is another name for Dynamic NAT and many-to-one NAT.
OSPF (Open Shortest Path First) is a link-state routing protocol used for routing
within an autonomous system.

References

• 7.6.2 NAT Facts

q_nat_dnat_np6.question.fex

Question 3:
Correct
Which device is NAT typically implemented on?
Answer

AD server

RADIUS server

ISP router
Correct Answer:
Default gateway router

Explanation

NAT is typically implemented on a default gateway router.

You cannot use an AD server, a RADIUS server, or an ISP router to configure NAT.

References

• 7.6.2 NAT Facts

q_nat_gateway_np6.question.fex

Question 4:
Correct
Which of the following NAT implementations maps a single private IP address to a
single public IP address on the NAT router?
Answer
Dynamic NAT

IP masquerade

Many-to-one NAT
Correct Answer:
Static NAT

Explanation

Static NAT maps a single private IP address to a single public IP address on the
NAT router.
IP masquerade and many-to-one NAT are simply different names for Dynamic NAT.
Dynamic NAT automatically maps internal IP addresses with a dynamic port
assignment. In this implementation, many internal private IP addresses are mapped
to one public IP address on the NAT router.

References

• 7.6.2 NAT Facts

q_nat_many_to_one_np6.question.fex

Question 5:
Correct
Which of the following do hosts on a private network share if the network utilizes a
NAT router?
Answer

A physical MAC address

Correct Answer:
A physical IP address

A virtual MAC address

A virtual IP address

Explanation

Hosts on a private network share the NAT router's physical IP address. The NAT
router allows the hosts to share its physical IP address when connecting to the
internet.
Hosts on a private network do not share virtual or physical MAC addresses on a
network that utilizes a NAT router. Each host retains its own MAC address.
Hosts on a private network do not share a virtual IP address on a network that
utilizes a NAT router.

References

•7.6.2 NAT Facts

q_nat_physical_np6.question.fex

Question 6:
Correct
Which of the following is a method that allows you to connect a private network to
the internet without obtaining registered addresses for every host?
Answer

EIGRP

BGP

OSPF
Correct Answer:
NAT

Explanation

Network Address Translation (NAT) is a method that transfers private addresses to a

NAT router's public address. This allows you to connect a private network to the
internet without obtaining registered addresses for every host.
OSPF (Open Shortest Path First) is a dynamic routing protocol that operates within a
single autonomous system.
EIGRP (Enhanced Interior Gateway Routing Protocol) is a dynamic routing protocol
for sharing routing information with other routers on the same autonomous system.
BGP (Border Gateway Protocol) is an exterior gateway protocol that manages the
routing between autonomous systems.

References

• 7.6.2 NAT Facts

q_nat_private_03_np6.question.fex

Question 7:
Correct
Kate, a network administrator, has been tasked with staying within the company
budget. She has a large network and doesn't want to spend more than she needs to
on purchasing and registering multiple public IP addresses for each of the hosts on
her network.
Which of the following methods could help her provide internet access but also keep
costs low and limit the number of registered IP addresses her organization needs to
purchase?
Answer

Use Layer 2 switches.

Use PoE devices.

Correct Answer:
Use Network Address Translation.

Use Layer 3 switches.

Explanation

Using NAT will allow the hosts on Kate's network to be private and to utilize just one
registered public IP address.
Using Layer 2 switches will not impact the public IP address situation.
Using Layer 3 switches would only improve the public IP address situation if NAT
were implemented on them.
Using PoE (Power over Ethernet) devices will not impact the public IP address
situation.

References

• 7.6.2 NAT Facts

q_nat_private_04_np6.question.fex

Question 8:
Correct
Which of the following is NOT one of the IP address ranges defined in RFC 1918
that are commonly used behind a NAT server?
Answer

172.16.0.1 to 172.31.255.254

10.0.0.1 to 10.255.255.254

192.168.0.1 to 192.168.255.254
Correct Answer:
169.254.0.1 to 169.254.255.254

Explanation
169.254.0.1 to 169.254.255.254 is the IP address range assigned to Windows DHCP
clients (if a DHCP server does not assign the client an IP address). This range is
known as the Automatic Private IP Addressing (APIPA) range.
The other three ranges listed in this question are defined as private IP addresses in
RFC 1918, which are commonly used behind a NAT server.

References

• 7.6.2 NAT Facts

q_nat_rfc1918_np6.question.fex

Question 9:
Correct
You are the network administrator for a small company that implements NAT to
access the internet. However, you recently acquired five servers that must be
accessible from outside your network. Your ISP has provided you with five additional
registered IP addresses to support these new servers, but you don't want the public
to access these servers directly. You want to place these servers behind your
firewall on the inside network, yet still allow them to be accessible to the public from
the outside.
Which method of NAT translation should you implement for these servers?
Answer

Restricted

Overloading
Correct Answer:
Static

Dynamic

Explanation

Static translation consistently maps an unregistered IP address to the same

registered IP address on a one-to-one basis. Static NAT is particularly useful when a
device needs to be assigned the same address so it can be accessed from outside
the network. This works well for web servers and other similar devices.
Dynamic translation would not work for these servers because it maps an
unregistered host IP address to any available IP address configured in a pool of one
or more registered IP addresses. Accessing a server assigned one of these
addresses would be nearly impossible because the addresses are still shared by
multiple hosts.

References

• 7.6.2 NAT Facts

q_nat_static_02_np6.question.fex

Question 10:
Correct
In which of the following tables does a NAT router store port numbers and their
associated private IP addresses?
Answer

Routing table

ARP table

MAC address table

Correct Answer:
Translation table

Explanation

A NAT router stores port numbers and their associated private IP addresses in a
translation table. NAT uses this table to know which host to send the incoming traffic
to.
A routing table is for routing packets from one network to another.
A MAC address table is used by Ethernet switches to know where to forward traffic
within a network segment.
An ARP table associates MAC addresses with IP addresses.

References

• 7.6.2 NAT Facts

q_nat_translation_np6.question.fex
Which of the following best describes DHCP scope exhaustion?
Answer

When a DHCP snooping technique is used to drop packets from untrusted DHCP
servers.

When IP address lease times on a DHCP server are shortened.

Correct Answer:
A denial of service from a lack of IP addresses in a DHCP server's pool.

When an attacker adds a second DHCP server to a network and offers IP addresses
to clients wanting to join the network.

Explanation

A denial of service from a lack of IP addresses in a DHCP server's pool is one form
of DHCP scope exhaustion. Another form comes from inefficient IP address
management in which the IP address pool is depleted faster than it can be refilled.
A rogue DCHP server occurs when an attacker adds a second DHCP server to a
network and offers IP addresses to client wanting to join the network. If the network
administrator does not have control over a DHCP server, it is considered a rogue
DHCP server.
Shortening IP address lease times on a DHCP server can help prevent DHCP scope
exhaustion.
DHCP snooping techniques can help protect against rogue DHCP servers.

References

• 7.7.4 Switching and Routing Troubleshooting Facts

q_trouble_switching_routing_dhcp_np6.question.fex

Question 2:
Correct
You have just connected a new computer to your network. The network uses static
IP addressing.
You find that the computer can communicate with hosts on the same subnet, but not
with hosts on a different subnet. No other computers are having issues.
Which of the following configuration values would you MOST likely need to change?
Answer

DNS server
Correct Answer:
Default gateway
Subnet mask

IP address

Explanation

You should check the computer's default gateway setting; this value is used to send
packets to other subnets. If it's incorrect, packets won't be sent to the correct router.
In this scenario, the host can communicate with other hosts on the same subnet,
meaning that the IP address and subnet mask are correctly configured.
The DNS server address is likely not the problem, as name resolution is not
mentioned in the scenario. In addition, if name resolution were a problem, it could
affect access to both local and remote hosts.

References

• 7.7.4 Switching and Routing Troubleshooting Facts

q_trouble_switching_routing_gateway_01_np6.question.fex

Question 3:
Correct
A workstation's network board is currently configured as follows:
• Network Speed = Auto
• Duplexing = Auto
The workstation is experiencing poor network performance, and you suspect that the
network board is incorrectly detecting the network speed and duplex settings. Upon
investigation, you find that it's running at 10 Mbps half-duplex. You know that your
network switch is capable of much faster throughput. To fix this issue, you decide to
manually configure these settings on the workstation.
Before you do so, you need to verify the switch port configuration for the connected
workstation. Given that it's a Cisco switch, which commands can you use on the
switch to show a list of all switch ports and their current settings? (Select two.)
Answer

show interface ethernet counters

show interface switchport

show interface capabilities

Correct Answer:
show interface
Correct Answer:
show running-config interface
Explanation

To view the speed and duplex settings of interfaces on a Cisco switch, you can use
one of the following commands:
• show running-config interface (displays concise summary information)
• show interface (displays extended information)
The show interface capabilities command displays information about interface
capabilities, not the current switch configuration.
The show interface ethernet counters command displays interface statistics.
The show interface switchport command displays VLAN information regarding
switch interfaces.

References

•
7.7.4 Switching and Routing Troubleshooting Facts
q_trouble_switching_routing_interface_np6.question.fex

Question 4:
Correct
Which of the following utilities would you use to view the routing table?
Answer

traceroute

mtr

tracert

dig
Correct Answer:
route

Explanation

Use the route command to display the routing table contents and to add or remove
static routes.
The tracert command uses ICMP packets to test connectivity between devices and
display the path between them. Responses from each hop on the route are
measured three times to provide an accurate representation of how long a packet
takes to reach and be returned by that host.
The mtr command on Linux is a combination of the ping and traceroute commands.
The dig command resolves (looks up) a hostname's IP address.
References

• 7.7.4 Switching and Routing Troubleshooting Facts

q_trouble_switching_routing_route_02_np6.question.fex

Question 5:
Correct
You are unsure if the gateway address is correct for one of your subnetworks
because traffic is not leaving the network. Which of the following tables could you
look at to check if the gateway address is correct?
Answer

ARP table

MAC address table

Correct Answer:
Routing table

State table

Explanation

Routing tables contain gateway address information.

MAC address tables, IP address tables, and state tables do not contain gateway
address information. MAC address tables contain information about source MAC
addresses and destination MAC addresses. ARP tables contain neighbor information
and link MAC addresses to IP addresses. Stateful devices keep track of the state of
network connections, like TCP streams in a state table.

References

• 7.7.4 Switching and Routing Troubleshooting Facts

q_trouble_switching_routing_route_03_np6.question.fex

Question 6:
Correct
Which of the following scenarios would cause a problem in asymmetric routing?
Answer

Using two switches in the traffic flow.

Using a hub in the traffic flow.

Correct Answer:
Using two stateful firewalls in the traffic flow.
Using two routers in the traffic flow.

Explanation

When you have asymmetrical routing, the outbound traffic would go through one
stateful firewall and the inbound traffic would come through the second stateful
firewall. The second firewall would drop the packets because it wouldn't have any
record of them in its state table. That information would be recorded in the first
firewall.
Unless you've specifically programmed a hub as stateful, it would not have problems
with asymmetrical routing.
In general, routers do not have problems with asymmetric routing, regardless of
number.
Switches do not have problems with asymmetric routing, regardless of number.

References

• 7.7.4 Switching and Routing Troubleshooting Facts

q_trouble_switching_routing_stateful_np6.question.fex

Question 7:
Correct
You manage a network with multiple switches. You find that your switches are
experiencing heavy broadcast storms.
Which of the following will help reduce the effects of these broadcast storms?
Answer

Configure each switch with a single trunk port.

Disable auto-duplex detection.

Correct Answer:
Enable Spanning Tree on the switches.

Manually set the speed for each switch port.

Explanation

A broadcast storm is excessive broadcast traffic that renders normal network

communications impossible. Broadcast storms can be caused by switching loops
that cause broadcast traffic to be circulated endlessly or by denial of service (DoS)
attacks. To reduce broadcast storms, you can:
• Run Spanning Tree protocol to prevent switching loops.
• Implement switches with built-in broadcast storm detection, which limits
the bandwidth that broadcast traffic can use.
• Use VLANs to create separate broadcast domains on switches.

References

• 7.7.4 Switching and Routing Troubleshooting Facts

q_trouble_switching_routing_stp_np6.question.fex

Question 8:
Correct
Which of the following can cause broadcast storms?
Answer

q_san_block_level_np6.question.fex

Question 2:
Correct
You manage a network with three dedicated storage devices, as shown in the
diagram. Users on the network see only a single file server.
Which network-based storage technology is being used?
Answer

iSCSI SAN with clustering

Fibre Channel SAN

Correct Answer:
NAS with clustering

NAS

Explanation

A NAS device is an appliance that's dedicated to file storage. With clustering,

multiple NAS devices are grouped together to provide a degree of fault tolerance. To
users on the network, the cluster appears as a single file server. Without clustering,
the NAS devices would appear as three separate file servers.
Because client devices are connected directly to the switch, it cannot be an iSCSI or
Fiber Channel SAN implementation. iSCSI and Fibre Channel SANs both use
special switches to create the SAN fabric that client systems are not connected to
directly.
References

• 8.1.5 SAN Facts

q_san_cluster_np6.question.fex

Question 3:
Correct
Which of the following are the components of a SAN?
Answer

Access switches, SAN fabric, and hosts

Correct Answer:
Hosts, storage, and SAN fabric

SAN fabric, core switches, and the initiator

Distribution switches, targets, and SAN fabric

Explanation

Storage attached networks have hosts (hypervisors), storage on the target servers,
and SAN fabric that consists of the cabling.
Access switches are part of the data center architecture. All SAN storage devices
are called targets. Hosts are servers that have a hypervisor installed. SAN fabric
consists of the cabling and networking hardware that provides the connectivity
between host components and storage components. Distribution layer switches are
mid-tier speed switches. Core layer switches are large modular appliances. The
servers that connect to the shared storage device are called initiators.

References

•
8.1.5 SAN Facts
q_san_components_np6.question.fex

Question 4:
Correct
Match the SAN technology on the left with it's specialization on the right. (Items may
be once, used more that once or not at all.)
iSCSI

No specialized hardware or knowledge.

correct answer:
FC
Requires specialized hardware and knowledge.
correct answer:
FCoE

No specialized hardware, but requires specialized knowledge.

correct answer:
infiniband

Requires specialized hardware and knowledge.

correct answer:
Keyboard Instructions

Explanation

SAN Technology specialization:

• iSCSI - No specialized hardware or knowledge.
• FC - Requires specialized hardware and knowledge.
• FCoE - No specialized hardware, but requires specialized knowledge.
• Infiniband - Requires specialized hardware and knowledge.

References

• 8.1.5 SAN Facts

q_san_connect_np6.question.fex

Question 5:
Correct
Brett has been tasked with creating a new SAN. The company currently has Gigabit
internet, and his CTO wants to use Fibre Channel over Ethernet (FCoE) in the SAN.
Brett tells the CTO that this will not work. Which of the following BEST describes the
problem?
Answer

Fibre Channel over Ethernet is still only conceptual.

Fibre Channel over Ethernet is slower than iSCSI.

Fibre Channel over Ethernet requires all new, specialized equipment.

Correct Answer:
Fibre Channel over Ethernet requires 10 Gigabit internet.

Explanation

The problem is that FCoE requires 10 Gigabit internet.

FCoE is no longer conceptual; it is a current, in-use solution.
FCoE provides faster speeds and lower latency than iSCSI.
FCoE uses standard switches and physical connectors.

References

• 8.1.5 SAN Facts

q_san_fiber_np6.question.fex

Question 6:
Correct
What BEST describes the designed purpose of InfiniBand?
Answer

Cloud platforms

Unlimited 10 Gigabit internet

Correct Answer:
High-performance supercomputers

Jumbo frames

Explanation

InfiniBand was designed for high-performance supercomputers.

Jumbo frames refer to payload sizes that surpass the IEEE MTU (Maximum
Transmission Unit).
Unlimited 10 Gigabit internet is managed via advanced cables and network
appliances.
Cloud platforms are the level of service that cloud customers use.

References

• 8.1.5 SAN Facts

q_san_infiniband_np6.question.fex

Question 7:
Correct
You are in the process of configuring an iSCSI storage area network (SAN) for your
network.
You want to configure a Windows Server system to connect to an iSCSI target
defined on a different server system. You also need to define iSCSI security settings,
including CHAP and IPsec.
Which tool should you use?
Answer
Correct Answer:
iSCSI Initiator

iSCSI option under File and Storage Services in Server Manager

Multipath I/O

Internet Storage Name Service

Explanation

Run the iSCSI Initiator to connect to an iSCSI target defined somewhere on the SAN
fabric. You can also use this utility to define iSCSI security settings, including CHAP
and IPsec.
Internet Storage Name Service (iSNS) servers provide discoverability and zoning for
SAN resources.
Multipath I/O (MPIO) provides support for a storage device's multiple data paths.
Use the iSCSI option under File and Storage Services in Server Manager to define
an iSCSI target on a server.

References

• 8.1.5 SAN Facts

q_san_iscsi_initiator_01_np6.question.fex

Question 8:
Correct
Within an SDN, what is commonly referred to as the brains?
Answer

Initiators

Fabric

Hosts
Correct Answer:
Controllers

Explanation

Controllers are what operate at the control plane and run an SDN.
An initiator is a client that sends iSCSI commands to storage devices within the SAN.
Hosts can refer to many items, such as servers that allow access to the SAN.
Fabric is a layer within a SAN.

References

• 8.1.8 Software-Defined Networking Facts

q_sdn_controllers_np6.question.fex

Question 9:
Correct
Which option BEST describes the third layer in the SDN architecture?
Answer

Control

Management
Correct Answer:
Infrastructure

Application

Explanation

The third layer of SDN is the Infrastructure, or Physical, layer. This is where the
network hardware is located.
The Control layer is the second layer and functions as the brains of the network.
The Application layer is the first layer and contains the applications needed to
program and monitor the network.
The management plane is the interface that admins use to set network parameters.

References

• 8.1.8 Software-Defined Networking Facts

q_sdn_infrastructure_np6.question.fex

Question 10:
Correct
What are the three layers of an SDN?
Answer

Physical, Control, and Virtualized

Correct Answer:
Application, Control, and Infrastructure
Software, Management, and Construction

SaaS, IaaS, and PaaS

Explanation

The three layers of an SDN are the Application, Control, and Infrastructure layers.
The control plane deals with software and management.
Physical is not correct since the top layer deals with applications, and virtualized is
an incorrect term for infrastructure, as some components may be physical.
SaaS, IaaS, and PaaS are cloud service models.

References

• 8.1.8 Software-Defined Networking Facts

q_sdn_layers_np6.question.fex
Which of the following BEST describes the main purpose of the codec used in VoIP?
Answer

An algorithm that exclusively controls sound quality.

An algorithm for external calls to be made over VoIP.

Correct Answer:
An algorithm to compress data in order to save on bandwidth.

An algorithm to control poor quality transmissions.

Explanation

The codec's main purpose is to compress and decompress data to save bandwidth.
External calls are controlled through other hardware, not the codec.
While the codec does help with sound and transmission quality, this is not its main
purpose.

References

• 8.2.2 VoIP Facts

q_voip_codec_np6.question.fex

Question 2:
Correct
Which of the following BEST describes VoIP (Voice over Internet Protocol)?
Answer

A series of protocols optimized for voice (telephone calls) and digital data
transmission through a packet-switched IP network.

A protocol optimized for voice data transmission (telephone calls) through a 5G

switched IP network.
Correct Answer:
A protocol optimized for voice data transmission (telephone calls) through a packet-
switched IP network.

A protocol optimized for voice data transmission (telephone calls) through a wireless
network.

Explanation

VoIP is a protocol that relies on IP networks to carry voice data.

VoIP relies on Ethernet cables to carry voice signals.
VoIP is a protocol solely for voice data. Digital data is sent using different protocols.
5G is a cellular technology, which doesn't require VoIP.

References

• 8.2.2 VoIP Facts

q_voip_description_np6.question.fex

Question 3:
Correct
Which of the following are considered VoIP endpoints?
Answer
Correct Answer:
Hard phones and soft phones

Hard lines and cell phones

Satellite phones and soft phones

Soft phones and PBX

Explanation

Hard phones and soft phones are endpoints for VoIP since both can take calls over
Ethernet cable.
A hardline is a traditional phone that does not use the internet. Cell phones work
through different technology.
A satellite phone uses signals from satellites, not from the internet.
PBX (private branch exchange) is a different piece of equipment; it is not considered
an endpoint.

References

• 8.2.2 VoIP Facts

q_voip_endpoints_np6.question.fex

Question 4:
Correct
Larry is tasked with implementing a VoIP system in the office. He presents his
research to his boss, who wants to use the current traditional hard phones to save
money. What BEST explains why this is not possible?
Answer

Traditional hard phones don't provide conferencing, but VoIP hard lines do.
Regular hard phones only work with SNMP, and VoIP hard phones use UDP and
TCP.

Hard phones don't conform to IEEE 805.3.

Correct Answer:
A traditional hard phone does not have the internal computing parts to accept VoIP
transmissions.

Explanation

VoIP requires a computer to work. VoIP hard phones are, in essence, computers
that understand network protocols.
VoIP hard phones must conform to IEEE 802.3.
Traditional hard phones are not capable of understanding any network protocols,
including SNMP.
Traditional business hard phones have included conferencing for a long time. It is not
a unique feature to VoIP hard phones.

References

• 8.2.2 VoIP Facts

q_voip_hard_phone_np6.question.fex

Question 5:
Correct
Amber, a network administrator, is conducting VoIP training for other IT team
members. Melanie, a new team member, is confused about the difference between
latency and jitter. What is the BEST way to explain the difference?
Answer

Latency is caused by sampling; jitter is not.

Jitter is caused by an inadequate codec.

Latency is the up and down variation in jitter.

Correct Answer:
Jitter is the up and down variation in latency.

Explanation

Jitter is the result of the variance rate in latency.

Jitter is a direct result of latency. Latency is caused by inadequate bandwidth.
Neither latency nor jitter is related to sampling.
A codec is an algorithm that compresses and decompresses voice data packets. It
does not have any bearing on jitter.

References

• 8.2.2 VoIP Facts

q_voip_jitter_01_np6.question.fex

Question 6:
Correct
Dan, a network administrator, gets an email from the CEO. She is upset because
people keep talking over each other on conference calls. Which option BEST
describes Dan's first step to remedy this problem?
Answer

Check to see if the VoIP server is in the cloud.

Check the latency configuration. Latency under 250 milliseconds is not

recommended.

Hold a telephone etiquette training course for upper management.

Correct Answer:
Check the latency configuration. Latency should be set between 75 and 150
milliseconds.

Explanation

You can give VoIP traffic priority on your network. Latency is recommended to be set
between 75 and 150 milliseconds.
Latency should always be below 250 milliseconds. Any higher and call quality
becomes unacceptable.
While having a VoIP server hosted in the cloud increases latency, this doesn't
change the basic problem of the current latency configuration.
Holding a telephone etiquette training course is not within Dan's purview, even
though it is probably warranted.

References

• 8.2.2 VoIP Facts

q_voip_latency_01_np6.question.fex

Question 7:
Correct
Dan, a network administrator, has noticed a consistent increase in bandwidth
consumption since installing a new VoIP system. The increase is outside of the
parameters given by the vendor. What is MOST likely the issue Dan needs to
address?
Answer

The hard phones need to be replaced.

His ISP needs to give him more bandwidth.

VoIP phones should be limited to necessary personnel only.

Correct Answer:
The codec needs to be replaced with a more efficient one.

Explanation

The codec controls compression and decompression, which determines bandwidth.

Dan should replace the basic codec with one that better suits his needs.
It's not a practical solution to limit VoIP usage.
ISPs don't give more bandwidth without a contract and more money. The current
speed would have been considered in the VoIP installation.
VoIP hard phones would not cause an increase in bandwidth usage.

References

• 8.2.2 VoIP Facts

q_voip_qos_03_np6.question.fex

q_voip_unified_np6.question.fex
Which of the following are advantages of virtualization? (Select two.)
Answer

Reduced utilization of hardware resources.

Correct Answer:
Easy system migration to different hardware.

Redundancy of hardware components for fault tolerance.

Correct Answer:
Centralized administration.

Improved detection of host-based attacks.

Explanation

Virtualization allows a single physical machine (known as the host operating system)
to run multiple virtual machines (known as the guest operating systems). The virtual
machines appear to be self-contained and autonomous systems. Advantages of
virtualization include:
• Server consolidation.
• The ability to migrate systems between different hardware.
• Centralized management of multiple systems.
• Increased utilization of hardware resources.
• Isolation of systems and applications.
Disadvantages of virtualization include:
• A compromise in the host system could affect multiple guest systems.
• A failure in a shared hardware resource could affect multiple systems.

References

• 8.3.3 Virtualization Facts

q_virt_advantage_np6.question.fex

Question 2:
Correct
Which hardware components are controlled by the hypervisor?
Answer
Correct Answer:
RAM, CPU, storage

RAM, power supply, motherboard

Storage, CPU, GPU

CPU, storage, power supply

Explanation

RAM, CPU, and storage are controlled by the hypervisor. These are the three
components that all VMs share.
The power supply and motherboard are not controlled by the hypervisor.
The GPU is only for direct usage by the host machine.

References

• 8.3.3 Virtualization Facts

q_virt_components_np6.question.fex

Question 3:
Correct
John is using a host machine with a Type1 hypervisor. He has 40 virtual servers
using unmodified guest OSs. Which type of virtualization BEST describes this
configuration?
Answer

Paravirtualization

Regular Type 2 virtualization

Partial virtualization
Correct Answer:
Full virtualization

Explanation

In full virtualization, the virtual machine completely simulates a real physical host.
This allows most operating systems and applications to run within the virtual
machine without being modified in any way. This is the most common type of
virtualization in use.
Type 2 hypervisors run mostly on laptops or desktop machines.
In partial virtualization, only some of the components of the virtual machine are
virtualized. The guest operating systems use some virtual components and some
real physical hardware components in the actual device where the hypervisor is
running.
In paravirtualization, all guest operating systems running on the hypervisor directly
access various hardware resources in the physical device. The components are not
virtual.

References
• 8.3.3 Virtualization Facts
q_virt_full_02_np6.question.fex

Question 4:
Correct
How many types of full virtualization are there?
Answer

Four

One

Three
Correct Answer:
Two

Explanation

There are two types of full virtualization. They are called software assisted and
hardware assisted.

References

• 8.3.3 Virtualization Facts

q_virt_full_03_np6.question.fex

Question 5:
Correct
In virtualization, what is the role of a hypervisor?
Answer
Correct Answer:
A hypervisor allows virtual machines to interact with the hardware without going
through the host operating system.

A hypervisor is a software implementation that executes programs like a physical

machine.

A hypervisor has the actual hardware in place on the machine, such as the hard disk
drive(s), optical drive, RAM, and motherboard.

A hypervisor is created within the host operating system and simulates a hard disk
for the virtual machine.

Explanation
A hypervisor is a thin layer of software that resides between the virtual operating
system(s) and the hardware. A hypervisor allows virtual machines to interact with the
hardware without going through the host operating system. A hypervisor manages
access to system resources such as:
•CPU
•Storage
•RAM
A physical machine (also known as the host operating system) has the actual
hardware in place on the machine, such as the hard disk drive(s), optical drive, RAM,
motherboard, etc. A virtual machine is a software implementation that executes
programs like a physical machine.
A virtual machine appears to be a self-contained and autonomous system.
A virtual hard disk (VHD) is a file that is created within the host operating system and
simulates a hard disk for the virtual machine.

References

•8.3.3 Virtualization Facts

q_virt_hypervisor_01_np6.question.fex

Question 6:
Correct
Which of the following BEST describes an enterprise-level hypervisor?
Answer

Type 2
Correct Answer:
Type 1

VHD

Explanation

Type 1, or bare metal, is a hypervisor that is installed on enterprise-level servers.

Type 2 is a hypervisor that is installed on a PC or laptop and used on a small scale.
VHD is a virtual hard disk and is used for some virtual machines. It is not a
hypervisor.
A VM is a virtual machine. This is what a hypervisor manages.

References

•8.3.3 Virtualization Facts

q_virt_hypervisor_02_np6.question.fex
Question 7:
Correct
Amber's employer has asked her to research what is needed to best utilize current
assets in creating a scalable network. Amber knows that the company has two very
robust servers. What is her BEST solution?
Answer

Convert the current servers to host servers using Type 2 hypervisors.

Do nothing since everything is moving to the cloud.

Sell the current assets and purchase specially made Type 2 hypervisor servers for
virtualization.
Correct Answer:
Convert the existing servers into host servers for virtualization using a Type 1
hypervisor.

Explanation

She should convert the existing servers into host servers for virtualization using a
Type 1 hypervisor. This has minimal expense and utilizes existing assets.
There are no specially made Type 2 hypervisor servers.
Moving to the cloud is expensive and does not utilize current assets.
Only a Type 1 hypervisor can be used in a bare metal installation. Type 2 only work
on computers that have an OS installed.

References

Routing protocols are not necessary for routing data between networks.
Correct Answer:
Multiple networks can connect to a single interface.

Explanation

The key advantage to a virtual router is that it can support multiple networks on a
single router interface. A virtual router does this by using a different routing table for
each network. Physical routers are limited to a single network on each interface.
Like physical routers, virtual routers use routing protocols to route data between
networks.
VRRP is used by physical routers to specify backup routers in the case of failure.
Virtual routers do not offer significant performance increases.

References

• 8.4.4 Virtual Networking Facts

q_virt_networking_router_np6.question.fex

Question 4:
Correct
You have configured a virtual network that includes the following virtual components:
• Four virtual machines (Virtual OS1, Virtual OS2, Virtual OS3, and Virtual
OS4)
• One virtual switch
The virtual switch is connected to a physical network to allow the virtual machines to
communicate with the physical machines out on the physical network.
Given the port configuration for the virtual switch and the physical switch in the table
below, click on all of the virtual and physical machines that Virtual OS1 can
communicate with.

Device Port Port Assignment

P1 Virtual Network1
P2 Virtual Network2
P3 Virtual Network1
Virtual Switch
P4 Virtual Network2
Physical Network,
P5
Virtual Network1
P1 Physical Network
P2 Physical Network
Physical Switch P3 Physical Network
P4 Physical Network
P5 Physical Network
Correct answer selectedCorrect answer selectedCorrect answer selectedCorrect
answer selectedCorrect answer selected

Explanation

Virtual OS1 can communicate with the following machines:

• Virtual OS3
• Physical OS1
• Physical OS2
• Physical OS3
• Physical OS4
The virtual switch port configuration allows Virtual OS1 to communicate with
machines on Virtual Network1 and the physical network. P5 on the virtual switch is
configured to allow communication between the virtual and physical machines as if
they were on the same real physical network.
Virtualized networks allow virtual servers and desktops to communicate with each
other, and they also allow communication with network devices out on the physical
network via the host operating system. Virtual networks typically include the following
components:
• Virtual switches, which allow multiple virtual servers and/or desktops to
communicate on virtual network segments and/or the physical network.
Virtual switches are often configured in the hypervisor.
• Virtual network adapters, which are created and assigned to a desktop or
server in the hypervisor. They have the following characteristics:
o Multiple network adapters could be assigned to a single virtual
machine.
o Each network adapter has its own MAC address.
o Each network adapter is configured to connect to only one
network at a time (meaning a virtual network or the physical
network, but not both).
Virtual OS2 and Virtual OS4 belong to Virtual Network2 and are only able to
communicate with each other.

References

•8.4.4 Virtual Networking Facts

q_virt_networking_switch_01_np6.question.fex

Question 5:
Correct
You have configured a virtual network that includes the following virtual components:
• Four virtual machines (Virtual OS1, Virtual OS2, Virtual OS3, and Virtual
OS4)
• One virtual switch
The virtual switch is connected to a physical network to allow the virtual machines to
communicate with the physical machines out on the physical network.
Given the port configuration for the virtual switch and the physical switch in the table
below, click on all of the virtual and physical machines that Virtual OS1 can
communicate with.

Device Port Port Assignment

P1 Virtual Network1
P2 Virtual Network1
Virtual Switch P3 Virtual Network1
P4 Physical Network
P5 Physical Network
P1 Physical Network
P2 Physical Network
Physical Switch P3 Physical Network
P4 Physical Network
P5 Physical Network
Correct answer selectedCorrect answer selected

Explanation

Virtual OS1 can communicate with the following machines:

• Virtual OS2
• Virtual OS3
The virtual switch port configuration allows these three virtual machines to
communicate as if the machines were part of a real physical network. Virtualized
networks allow virtual servers and desktops to communicate with each other and can
also allow communication with network devices out on the physical network via the
host operating system. Virtual networks typically include the following components:
• Virtual switches, which allow multiple virtual servers and/or desktops to
communicate on virtual network segments and/or the physical network.
Virtual switches are often configured in the hypervisor.
• Virtual network adapters, which are created and assigned to a desktop or
server in the hypervisor. They have the following characteristics:
o Multiple network adapters can be assigned to a single virtual
machine.
o Each network adapter has its own MAC address.
o Each network adapter is configured to connect to only one
network at a time (meaning a virtual network or the physical
network, but not both).
Virtual OS4 and all of the other Physical OS machines are configured to
communicate on the physical network.

References

• 8.4.4 Virtual Networking Facts

q_virt_networking_switch_02_np6.question.fex
Question 6:
Correct
You are an application developer. You use a hypervisor with multiple virtual
machines installed to test your applications on various operating system versions
and editions.
Currently, all of your test virtual machines are connected to the production network
through the hypervisor's network interface. You are concerned that the latest
application you are working on could adversely impact other network hosts if errors
exist in the code.
To prevent problems, you decide to isolate the virtual machines from the production
network. However, they still need to be able to communicate directly with each other.
What should you do? (Select two. Each response is one part of the complete
solution.)
Answer

Create a new virtual switch configured for bridged (external) networking.

Disable the switch port that the hypervisor's network interface is connected to.

Disconnect the network cable from the hypervisor's network interface.

Correct Answer:
Create a new virtual switch configured for host-only (internal) networking.

Create MAC address filters on the network switch that block each virtual machine's
virtual network interfaces.
Correct Answer:
Connect the virtual network interfaces in the virtual machines to the virtual switch.

Explanation

To allow the virtual machines to communicate with each other while isolating them
from the production network, complete the following:
• Create a new virtual switch configured for host-only (internal) networking.
• Connect the virtual network interfaces in the virtual machines to the virtual
switch.
Creating a bridged virtual switch would still allow the virtual machines to
communicate on the production network through the hypervisor's network interface.
Disconnecting the hypervisor's network cable, blocking the virtual machine's MAC
addresses, or disabling the hypervisor's switch port would isolate the virtual
machines from the production network, but this would also prevent them from
communicating with each other.

References
• 8.4.4 Virtual Networking Facts
q_virt_networking_switch_03_np6.question.fex

Question 7:
Correct
You are responsible for maintaining Windows workstation operating systems in your
organization. Recently, an update from Microsoft was automatically installed on your
workstations that caused an in-house application to stop working.
To keep this from happening again, you decide to test all updates on a virtual
machine before allowing them to be installed on production workstations.
Currently, none of your test virtual machines has a network connection. However,
they need to be able to connect to the update servers at Microsoft to download and
install updates.
What should you do? (Select two. Each response is one part of the complete
solution.)
Answer

Disable the switch port that the hypervisor's network interface is connected to.
Correct Answer:
Connect the virtual network interfaces in the virtual machines to the virtual switch.

Create a new virtual switch configured for internal networking.

Correct Answer:
Create a new virtual switch configured for bridged (external) networking.

Create a new virtual switch configured for host-only networking.

Explanation

To allow the virtual machines to communicate with the Microsoft update servers on
the internet, complete the following:
• Create a new virtual switch configured for bridged (external) networking.
• Connect the virtual network interfaces in the virtual machines to the virtual
switch.
Creating an internal or host-only virtual switch would not allow the virtual machines
to communicate on the production network through the hypervisor's network
interface. Disabling the hypervisor's switch port would also isolate the virtual
machines from the production network.

References

• 8.4.4 Virtual Networking Facts

q_virt_networking_switch_04_np6.question.fex

Question 8:
Correct
Which component is MOST likely to allow physical and virtual machines to
communicate with each other?
Answer

Virtual desktop

Host operating system

Correct Answer:
Virtual switch

VHD

Explanation

Virtual switches allow multiple virtual servers and/or desktops to communicate on

virtual network segments and/or the physical network. Virtual switches are often
configured in the hypervisor.
A virtual hard disk (VHD) is a file that is created within the host operating system and
simulates a hard disk for the virtual machine.
A physical machine (also known as the host operating system) has the actual
hardware in place on the machine, such as the hard disk drive(s), optical drive, RAM,
motherboard, etc.
A virtual desktop is a virtual machine that's run as a software implementation on a
computer. A virtual desktop executes programs like a physical machine.

References

• 8.4.4 Virtual Networking Facts

q_virt_networking_switch_05_np6.question.fex

Question 9:
Correct
You need to provide DHCP and file sharing services to a physical network. These
services should be deployed using virtualization. Which type of virtualization should
you implement?
Answer
Correct Answer:
Virtual servers

Virtual networks

Network as a Service (NaaS)

Virtual desktops

Explanation

Server virtualization runs multiple instances of a server operating system on a single

physical computer. With server virtualization, you can migrate servers on older
hardware to newer computers or add virtual servers to computers with extra, unused
hardware resources.
Virtual desktops do not provide DHCP services.
Virtual networks allow virtual servers and desktops to communicate with each other,
and they can also allow communication with network devices out on the physical
network via the host operating system.
Network as a Service (NaaS) servers and desktops are virtualized and managed by
a contracted third party.

References

• 8.4.5 Virtualization Implementation Facts

q_virt_implementation_server_np6.question.fex

Question 10:
Correct
Your organization uses a time-keeping application that only runs on Windows 2000
and does not run on newer OS versions. Because of this, there are several Windows
2000 workstations on your network.
Last week, you noticed unusual activity on your network coming from the Windows
2000 workstations. After further examination, you discovered that the Windows 2000
workstations were the victim of a malicious attack and were being used to infiltrate
the network.
You find out that the attackers were able to gain access to the workstations because
of the legacy operating system being used. The organization still needs to use the
Windows 2000 workstations, which need to be connected to the internet, but you
want to make sure the network is protected from future events.
Which solution should you implement to protect the network while also allowing
operations to continue as normal?
Answer

Create a dedicated network for the Windows 2000 workstations that's completely
isolated from the rest of the network, including a separate internet connection.

Install antivirus software on the Windows 2000 workstations and configure Windows
to automatically download and install updates.
Implement a host-based firewall on each Windows 2000 workstation and configure
Windows to automatically download and install updates.
Correct Answer:
Configure VLAN membership so that the Windows 2000 workstations are on their
own VLAN.

Explanation

The best solution is to place the Windows 2000 workstations in their own VLAN. If
you use VLAN network segmentation, the workstations will still have access to the
internet, but network access can be heavily restricted. This greatly reduces the
damage a workstation can cause if it were to become compromised again.
Legacy operating systems, such as Windows 2000, are easy targets for attackers.
This is because legacy operating systems use outdated protocols and have known
exploits.
Installing an antivirus or host-based firewall would do very little to protect the entire
network. In addition, legacy operating system are no longer supported with updates
or patches, so enabling automatic updates would offer no benefit.
Creating a dedicated network for the workstations would affect normal operations
and also increase network management load.

References

• 8.4.5 Virtualization Implementation Facts

q_virt_implementation_vlan_np6.question.fex
Which of the following are true regarding cloud computing? (Select three.)
Answer
Correct Answer:
Cloud computing consists of software, data access, computation, and storage
services provided to clients through the internet.
Correct Answer:
The term cloud is used as a synonym for the internet.
Correct Answer:
Typical cloud computing providers deliver common business applications online.
They are accessed from another web service or software, like a web browser.

Cloud computing requires end user knowledge of the delivery system's physical
location and configuration.

Explanation

Cloud computing does not require end user knowledge of the delivery system's
physical location and configuration. Other cloud computing details include the
following:
• Cloud computing consists of software, data access, computation, and
storage services provided to clients through the internet.
• The term cloud is used as a synonym for the internet. This is based on the
basic cloud drawing used to represent the telephone network
infrastructure and the internet in computer network diagrams.
• Typical cloud computing providers deliver common business applications
online that are accessed from another web service or software, like a web
browser. The software and data are stored on servers.

References

• 8.5.3 Cloud Facts

q_cloud_computing_mp6.question.fex

Question 2:
Correct
Match each description on the left with the appropriate cloud technology on the right.
Public cloud

Provides cloud services to just about anyone.

correct answer:
Private cloud

Provides cloud services to a single organization.

correct answer:
Community cloud

Allows cloud services to be shared by several organizations.

correct answer:
Hybrid cloud

Integrates one cloud service with other cloud services.

correct answer:
Keyboard Instructions

Explanation

Cloud computing can be implemented in several ways:

• A public cloud can be accessed by anyone. Cloud-based computing
resources are made available to the general public by a cloud service
provider. The service provider may or may not require a fee for using
these resources. For example, Google provides many publicly accessible
cloud applications, such as Gmail and Google Docs.
• A private cloud provides resources to a single organization. Access is
restricted to only the users within that organization. An organization
commonly enters into an agreement with a cloud service provider to
provide secure access to their cloud-based resources. The organization's
data is kept separate and secure from any other organization that's using
the same service provider.
• A community cloud is designed to be shared by several organizations.
Access is restricted to only users within the organizations who are sharing
the community cloud infrastructure. Community clouds are commonly
hosted externally by a third party.
• A hybrid cloud is composed of a combination of public, private, and
community cloud resources from different service providers. The goal
behind a hybrid cloud is to expand the functionality of a given cloud
service by integrating it with other cloud services.

References

• 8.5.3 Cloud Facts

q_cloud_deployment_mp6.question.fex

Question 3:
Correct
You were recently hired by a small startup company. The company is in a small
office and has several remote employees.
You have been asked to find a business service that can both accommodate the
company's current size and scale as the company grows. The service needs to
provide adequate storage as well as additional computing power.
Which cloud service model should you use?
Answer

DaaS
Correct Answer:
IaaS

SaaS

PaaS

Explanation

Infrastructure as a Service (IaaS) delivers infrastructure to the client, such as

processing, storage, networks, and virtualized environments. The client deploys and
runs software without purchasing servers, data center space, or network equipment.
Software as a Service (SaaS) delivers software applications to the client either over
the internet or on a local area network.
Platform as a Service (PaaS) delivers everything a developer needs to build an
application on to the cloud infrastructure. The deployment comes without the cost
and complexity of buying and managing the underlying hardware and software
layers.
Data as a Service (DaaS) stores and provides data from a centralized location
without requiring local collection and storage.

References

• 8.5.3 Cloud Facts

q_cloud_iaas_mp6.question.fex

Question 4:
Correct
Which of the following cloud computing solutions delivers software applications to a
client either over the internet or on a local area network?
Answer

DaaS
Correct Answer:
SaaS

PaaS

IaaS

Explanation
Software as a Service (SaaS) delivers software applications to the client either over
the internet or on a local area network.
Infrastructure as a Service (IaaS) delivers infrastructure to the client, such as
processing, storage, networks, and virtualized environments. The client deploys and
runs software without purchasing servers, data center space, or network equipment.
Platform as a Service (PaaS) delivers everything a developer needs to build an
application on to the cloud infrastructure. The deployment comes without the cost
and complexity of buying and managing the underlying hardware and software
layers.
Data as a Service (DaaS) stores and provides data from a centralized location
without requiring local collection and storage.

References

• 8.5.3 Cloud Facts

q_cloud_saas_mp6.question.fex

Question 5:
Correct
Which of the following are benefits that a VPN provides? (Select two.)
Answer

Faster connection

Easy setup

Metering
Correct Answer:
Compatibility
Correct Answer:
Cost savings

Explanation

Benefits provided by VPNs include the following:

• Cost savings - VPNs reduce connectivity costs while increasing remote
connection bandwidth.
• Security - by using appropriate encryption and authentication protocols,
data being transmitted across the VPN can be secured from prying eyes.
• Scalability - because VPNs use the internet, you can add additional users
without adding significant infrastructure.
• Compatibility - you can implement VPNs across many different WAN
types, including broadband technologies.
A faster connection is not a benefit provided by a VPN. VPN connections are usually
a bit slower.
While setting up a VPN isn't necessarily difficult, it does require a few extra steps
and setup. Easy setup and configuration is not considered a benefit of a VPN.
Service metering is an advantage of cloud computing.

References

• 8.5.5 Virtual Private Networks Facts

q_cloud_vpn_benefits_np6.question.fex

Question 6:
Correct
Which of the following provides a VPN gateway that encapsulates and encrypts
outbound traffic from a site and sends the traffic through a VPN tunnel to the VPN
gateway at the target site?
Answer

Remote access VPN

GRE over IPsec

Correct Answer:
Site-to-site IPsec VPN

SSL VPN

Explanation

Site-to-site IPsec VPNs connect networks across an untrusted network, such as the
internet. The VPN gateway encapsulates and encrypts outbound traffic from a site
and sends the traffic through a VPN tunnel to the VPN gateway at the target site.
Clients send and receive normal unencrypted TCP/IP traffic through a VPN gateway.
The receiving VPN gateway strips the headers, decrypts the content, and relays the
packet toward the target host inside its private network.
SSL VPNs use a PKI (public key infrastructure) and digital certificates to authenticate
peers.
GRE over IPsec (Generic Routing Encapsulation over IPsec) does not support
encryption.
Remote access VPNs let remote and mobile users connect to an organizational
network securely.

References

• 8.5.5 Virtual Private Networks Facts

q_cloud_vpn_ipsec_np6.question.fex

Question 7:
Correct
What is a VPN (virtual private network) primarily used for?
Answer
Correct Answer:
Support secure communications over an untrusted network.

Support the distribution of public web documents.

Allow the use of network-attached printers.

Allow remote systems to save on long distance charges.

Explanation

A VPN (virtual private network) is primarily used to support secure communications

over an untrusted network. You can use a VPN over a local area network, across a
WAN connection, over the internet, and even between a client and a server over a
dial-up internet connection.
All of the other items listed in this question are benefits or capabilities that are
secondary to this primary purpose.

References

• 8.5.5 Virtual Private Networks Facts

q_cloud_vpn_secure_np6.question.fex

Question 8:
Correct
IPsec is implemented through two separate protocols. What are these protocols
called? (Select two.)
Answer

EPS
Correct Answer:
ESP

L2TP

SSL
Correct Answer:
AH

Explanation
IPsec is implemented through two separate protocols, which are called
Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides
authentication and non-repudiation services to verify that the sender is genuine and
that the data was not modified in transit. ESP provides data encryption services for
the data within the packet.
SSL and L2TP are not protocols associated with IPsec.

References

• 8.5.6 IPsec Virtual Private Networks Facts

q_ipsec_vpn_ah_esp_np6.question.fex

Question 9:
Correct
Which other service is IPsec composed of, in addition to AH?
Answer

Extended Authentication Protocol (EAP)

Correct Answer:
Encapsulating Security Payload (ESP)

Advanced Encryption Standard (AES)

Encryption File System (EFS)

Explanation

IPsec is composed of two services, which are called Authentication Header (AH) and
Encapsulating Security Payload (ESP). AH is primarily used for authenticating the
two communication partners in an IPsec link. ESP is primarily used to encrypt and
secure the data transferred between IPsec partners. IPsec employs ISAKMP
(Internet Security Association and Key Management Protocol) for encryption key
management.

References

• 8.5.6 IPsec Virtual Private Networks Facts

q_ipsec_vpn_esp_01_np6.question.fex

Question 10:
Correct
Which of the following are IPsec modes of operation? (Select two.)
Answer
Correct Answer:
Transport mode
Single mode

Secure mode

Multimode
Correct Answer:
Tunnel mode

Explanation

Tunnel mode and transport mode are the two IPsec modes of operation.
Single mode and multimode are types of fiber optic network cable.
Secure mode is a wireless LAN setting.

References

• 8.5.6 IPsec Virtual Private Networks Facts

q_ipsec_vpn_mode_np6.question.fex
What are two major concerns regarding IoT devices? (Select two.)
Answer

Accessibility
Correct Answer:
Privacy

Short life span

Availability
Correct Answer:
Hacking

Explanation

Explanation

Streaming media devices with IoT allow you to play content from a device, such as
your smartphone, to a speaker or TV as long as both are connected to the same
home network. Security systems, such as alarms and locks, can be accessed from
an app on your smartphone. Home appliances, such as refrigerators or washing
machines, can be accessed from an app on your smartphone as well.
Computer monitors are controlled by a computing device (such as a laptop or
desktop) and are an output device that's not normally associated with the IoT.
While headsets can be wirelessly connected to a device (such as a computer,
smartphone, or TV), they normally use Bluetooth instead of the IoT.
Tablets are mobile computing devices that normally use Wi-Fi technology to connect
to the internet and are not normally associated with IoT technology.
Printers can wirelessly connect to a home Wi-Fi network, but they are not normally
associated with IoT technology.

References

• 8.6.3 Internet of Things Facts

q_iot_devices_04_np6.question.fex

Question 5:
Correct
Match each smart device with its description.
Thermostat

Learns from your habits and schedule, allows you to control the climate in your
home remotely, shows you energy consumption in real time, and adjusts itself
depending on ambient conditions.
correct answer:
Switch
Allows you to control hardwired lights, ceiling fans, fireplaces, small appliances,
and garbage disposals.
correct answer:
Bulb

Can change colors, track motion, stream audio over Bluetooth, and double as a
connected camera, but it's only smart when turned on. It doesn't work when turned
off.
correct answer:
Plug

Easy solution for making small appliances (such as lamps, coffee makers, and
toasters) smart.
correct answer:
Security camera

Uses an RF transmitter. May include such features as motion detection, scheduled

recording, remote viewing, and automatic cloud storage.
correct answer:
Door lock

Uses a wireless protocol and a cryptographic key to execute the authorization

process. It can also monitor access and send alerts related to the status of the
device.
correct answer:
Speaker/digital assistant

Uses voice recognition software and activates through a Wake Word or Hot Word.
correct answer:
Keyboard Instructions

Explanation

The following are smart IoT devices and their general characteristics:
• Thermostats learn from your habits and schedule, allow you to control the
climate in your home remotely, show you energy consumption in real time,
and adjust themselves depending on ambient conditions.
• Switches allow you to control hardwired lights, ceiling fans, fireplaces,
small appliances, and garbage disposals.
• Bulbs can change colors, track motion, stream audio over Bluetooth, and
double as a connected camera, but they're only smart when turned on.
They don't work when turned off.
• Plugs are easy solutions for making small appliances (such as lamps,
coffee makers, and toasters) smart.
• Security cameras use an RF transmitter. They may include such features
as motion detection, scheduled recording, remote viewing, and automatic
cloud storage.
• Door locks use a wireless protocol and a cryptographic key to execute the
authorization process. They can also monitor access and send alerts
related to the status of the device.
• Speakers and digital assistants use voice recognition software and
activate through a Wake Word or Hot Word.

References

• 8.6.3 Internet of Things Facts

q_iot_devices_np6.question.fex

Question 6:
Correct
Which frequencies does Zigbee operate on?
Answer

2.4 GHz, 500 MHz, and 818 MHz

Correct Answer:
2.4 GHz, 900 MHz, and 868 MHz

1.4 GHz, 90 MHz, and 500 MHz

2.7 GHz, 400 MHz, and 865 MHz

Explanation

Zigbee is a specification based on IEEE 802.15.4. The WPANs operate on 2.4 GHz,
900 MHz, and 868 MHz frequencies.

References

• 8.6.3 Internet of Things Facts

q_iot_frequencies_np6.question.fex

Question 7:
Correct
Anabel purchased a smart speaker. She connected it to all the smart devices in her
home. Which of the following communication models is she using?
Answer

Device-to-gateway
Device-to-cloud

Back-end data-sharing
Correct Answer:
Device-to-device

Explanation

The device-to-device, or machine-to-machine (M2M), communication model is meant

mostly for systems with devices transferring small data packets to each other at a
very low data rate. The devices could include thermostat, light bulbs, door locks,
CCTV cameras, refrigerators, and wearable devices.
The device-to-gateway model means that the IoT device doesn't directly interact with
the cloud or the client. Instead, the device interacts with an intermediate device, or
gateway, which then contacts the cloud to send and receive data.
The back-end data-sharing model is an expanded version of the device-to-cloud
model. This means the data sent from the IoT device to the cloud can be accessed
by authorized third parties.
The device-to-cloud model means that the devices communicate with the cloud
instead of directly with the end user to send data and receive commands.

References

• 8.6.3 Internet of Things Facts

q_iot_m2m_np6.question.fex

Question 8:
Correct
What is the maximum number of nodes Z-Wave allows on its mesh network?
Answer
Correct Answer:
232

223

231

322

Explanation

Z-Wave allows up to 232 nodes on the mesh network.

References
• 8.6.3 Internet of Things Facts
q_iot_nodes_np6.question.fex

Question 9:
Correct
What are the two protocols used most often with IoT devices? (Select two.)
Answer
Correct Answer:
Zigbee
Correct Answer:
Z-Wave

Zerg

Zensys

Zbot

Explanation

Zigbee and Z-Wave are two radio protocols many IoT devices work with because
they are designed for low-data rate, low-power applications. They link all IoT devices
to form a mesh network.

References

• 8.6.3 Internet of Things Facts

q_iot_protocols_np6.question.fex

Question 10:
Correct
What are the four primary systems of IoT technology?
Answer

Devices, data storage, remote control, and internet

Devices, gateway, sensors, and apps

Devices, sensors, apps, and internet

Correct Answer:
Devices, gateway, data storage, and remote control

Explanation
IoT technology comprises four primary systems: devices, gateway, data storage, and
remote control.
Sensors are hardware included in many IoT devices.
Apps are part of the remote control system.
The internet is part of the gateway and data storage systems.

References

• 8.6.3 Internet of Things Facts

q_iot_systems_np6.question.fex
Which type of communication path-sharing technology do all 802.11 standards for
wireless networking support?
Answer

Token passing

CSMA/CD
Correct Answer:
CSMA/CA

Polling

Explanation

802.11x standards for wireless networking all support the CSMA/CA (Carrier Sense
Multiple Access/Collision Avoidance) type of communication path-sharing
technology. This allows multiple baseband clients to share the same communication
medium. CSMA/CA works as follows:
1. The system asks for permission to transmit.
2. A designated authority (such as a hub, router, or access point), grants
access when the communication medium is free.
3. The system transmits data and waits for an ACK (acknowledgment).
4. If no ACK is received, the data is retransmitted.
Polling is a mechanism where one system is labeled as the primary system. The
primary system polls each secondary system in turn to inquire whether they have
data to transmit.
Token passing is a mechanism that uses a digital pass card. Only the system
holding the token is allowed to communicate.
CSMA/CD (Carrier Sense Multiple Access/Collision Detection) is the technology
used by Ethernet. CSMA/CD works as follows:
1. The system listens for traffic. If the line is clear, the system begins
transmitting.
2. During the transmission, the system listens for collisions.
3. If no collisions are detected, the communication succeeds. If collisions are
detected, an interrupt jam signal is broadcast to stop all transmissions.
Each system waits a random amount of time before starting over at step 1.

References

•
9.1.3 Wireless Architecture Facts
q_wireless_arch_csmaca_np6.question.fex

Question 2:
Correct
Match the wireless signaling method on the left with its definition on the right.
Transfers data over a radio signal by switching channels at random within a larger
frequency band.

FHSS
correct answer:
Makes the transmitted bandwidth signal wider than the data stream needs.

DSSS
correct answer:
Encodes data over a wireless network using non-overlapping channels.

OFDM
correct answer:
Keyboard Instructions

Explanation

Frequency-hopping spread spectrum (FHSS) transfers data over a radio signal by

switching channels at random within a larger frequency band.
Direct-sequence spread spectrum (DSSS) makes the transmitted bandwidth signal
wider than the data stream needs.
Orthogonal Frequency Division Multiplexing (OFDM) encodes data over a wireless
network using non-overlapping channels.

References

• 9.1.3 Wireless Architecture Facts

q_wireless_arch_facts_np6.question.fex

Question 3:
Correct
Which of the following is true of a wireless network SSID?
Answer
Correct Answer:
Groups wireless devices together into the same logical network.

Coordinates all communications between wireless devices.

Enables wireless interconnection of multiple APs.

Is a 48-bit value that identifies an AP.

Explanation
The SSID, also called the network name, groups wireless devices together into the
same logical network.
• All devices on the same network (within the BSS and ESS) must have the
same SSID.
• The SSID is a 32-bit value that's inserted into each frame. The SSID is
case sensitive.
• The SSID is sometimes called the ESSID (extended service set ID) or the
BSSID (basic service set ID). In practice, each term means the same
thing. However, SSIDs, ESSIDs, and BSSIDs are technically different.
An access point (AP) is a device that coordinates all communication between
wireless devices.
The basic service set identifier (BSSID) is a 48-bit value that identifies an AP.
Wireless Distribution System (WDS) is a system that enables wireless
interconnection of multiple APs.

References

• 9.1.4 Wireless Infrastructure Facts

q_wireless_infra_ssid_01_np6.question.fex

Question 4:
Correct
Which wireless networking component is used to connect multiple APs together?
Answer

IBSS
Correct Answer:
WDS

BSS

STA

Explanation

The Wireless Distribution System (WDS) is the backbone or LAN that connects
multiple APs (and BSSs) together.
An IBSS (independent basic service set) is a set of STAs configured in ad hoc mode.
A BSS, or cell, is the smallest unit of a wireless network.
An STA is a wireless NIC in an end device, such as a laptop or wireless PDA. The
term STA often refers to the device itself, not just the NIC.

References

• 9.1.4 Wireless Infrastructure Facts

q_wireless_infra_wds_np6.question.fex

Question 5:
Correct
Your organization uses an 802.11b wireless network. Recently, other tenants
installed the following equipment in your building:
• A wireless television distribution system running at 2.4 GHz.
• A wireless phone system running at 5.8 GHz.
• A wireless phone system running at 900 MHz.
• An 802.11a wireless network running in the 5.725 - 5.850 GHz frequency
range.
• An 802.11j wireless network running in the 4.9 - 5.0 GHz frequency range.
Since this equipment was installed, your wireless network has been experiencing
significant interference. Which system is to blame?
Answer

The 900 MHz wireless phone system

The 5.8 GHz wireless phone system

The 802.11j wireless network

Correct Answer:
The wireless TV system

The 802.11a wireless network

Explanation

Because the 802.11b standard operates within the 2.4 GHz to 2.4835 GHz radio
frequency range, the most likely culprit is the wireless TV distribution system.

References

• 9.1.6 Wireless Standards Facts

q_wireless_standards_24ghz_np6.question.fex

Question 6:
Correct
Which technologies are used by the 802.11ac standard to increase network
bandwidth? (Select two.)
Answer

40 MHz bonded channels

Correct Answer:
160 MHz bonded channels
Data compression
Correct Answer:
Eight MIMO radio streams

Four MIMO radio streams

Explanation

To increase network bandwidth, the 802.11ac standard uses:

• Eight MIMO radio streams
• 160 MHz-wide bonded channels

References

• 9.1.6 Wireless Standards Facts

q_wireless_standards_802_11ac_np6.question.fex

Question 7:
Correct
You are designing an update to your client's wireless network. The existing wireless
network uses 802.11b equipment, which your client complains runs too slowly. She
wants to upgrade the network to run up to 600 Mbps.
Due to budget constraints, your client wants to upgrade only the wireless access
points in the network this year. Next year, she will upgrade the wireless network
boards in her users' workstations. She has also indicated that the system must
continue to function during the transition period.
Which 802.11 standard will work BEST in this situation?
Answer

802.11d
Correct Answer:
802.11n

802.11c

802.11a

802.11b

Explanation

802.11n is the best choice for this client and provides up to 600 Mbps. With 802.11n,
you may have a single device that uses multiple radios (one that can operate at one
frequency and one that can operate on another). Because of this, 802.11n usually
allows compatibility between all 802.11 standards, depending on the specific
implementation.
While 802.11g is compatible with 802.11b, it only provides speeds up to 54 Mbps.

References

• 9.1.6 Wireless Standards Facts

q_wireless_standards_802_11n_02_np6.question.fex

Question 8:
Correct
Which of the following are frequencies defined by 802.11 committees for wireless
networking? (Select two.)
Answer

900 MHz

1.9 GHz
Correct Answer:
2.4 GHz
Correct Answer:
5.75 GHz

10 GHz

Explanation

802.11 specifications for wireless include standards for operating in the 2.4 GHz
range (802.11b, 802.11g, and 802.11n) and the 5.75 GHz range (802.11a and dual-
band devices using 802.11n).

References

• 9.1.6 Wireless Standards Facts

q_wireless_standards_802_11_np6.question.fex

Question 9:
Correct
How many total channels (non-overlapping) are available for 802.11a wireless
networks?
Answer

3
11

12
Correct Answer:
24

Explanation

802.11a wireless uses the 5.75 GHz range, which has a total of 24 channels.
802.11b and 802.11g use the 2.4 GHz range, which has a total of 11 channels in the
US.

References

• 9.1.6 Wireless Standards Facts

q_wireless_standards_channels_01_np6.question.fex

Question 10:
Correct
How many total channels are available for 802.11g wireless networks?
Answer

3
Correct Answer:
11

Explanation

802.11b and 802.11g use the 2.4 GHz range, which has a total of 11 channels in the
US.
802.11a wireless uses the 5.75 GHz range, which has a total of 23 channels.

References

• 9.1.6 Wireless Standards Facts

q_wireless_standards_channels_02_np6.question.fex
You have configured a wireless access point to create a small network and
configured all necessary parameters.
Wireless clients seem to take a long time to find the wireless access point. You want
to reduce the time it takes for the clients to connect.
What should you do?
Answer

Change the channel on the access point to a lower number.

Enable SSID broadcast.

Correct Answer:
Decrease the beacon interval.

Create a wireless profile on the client.

Explanation

A beacon is a frame that the access point sends out periodically. The beacon
announces the access point and the network characteristics (such as the SSID,
supported speeds, and the signaling method used). To improve access times,
decrease the beacon interval.
As long as clients are configured with the SSID, they will be able to locate access
points even if the SSID is not broadcasting in the beacon. The beacon is still sent out
to announce the access point.
Adding the SSID to the beacon does not change how often the beacon is broadcast.

References

• 9.2.2 Wireless Configuration Tasks

q_wireless_conf_beacon_np6.question.fex

Question 2:
Correct
You are an administrator of a growing network. You notice that the network you've
created is broadcasting, but you can't ping systems on different segments. Which
device should you use to fix this issue?
Answer
Correct Answer:
Network bridge

Network hub

Access point
Range extender

Explanation

A network bridge connects different network segments.

A range extender increases the strength of a signal or widens the range that a
network can reach.
An access point is used to broadcast the wireless network so users can access it.
A network hub isn't very common today. This device acts to push data or traffic
through to all connected users. A hub would not be a good tool for connecting
network segments.

References

•9.2.2 Wireless Configuration Tasks

q_wireless_conf_bridge_np6.question.fex

Question 3:
Correct
Which of the following wireless network protection methods prevents the wireless
network name from being broadcast?
Answer

802.1x

MAC filtering
Correct Answer:
SSID broadcast

Shared secret key

Explanation

Wireless access points (WAPs) are transceivers that transmit and receive
information on a wireless network. Each access point has a service set ID (SSID)
that identifies the wireless network. By default, access points broadcast the SSID to
announce their presence and make it easier for clients to find and connect.
MAC address filtering identifies specific MAC addresses that are allowed to access
the wireless access point. Clients with unidentified MAC addresses are not allowed
to connect.
A shared secret key is used with shared key authentication. Users must know the
shared key to connect to the access point. A shared key is also used with WEP as
the encryption key.
802.1x authentication uses usernames and passwords, certificates, or devices such
as smart cards to authenticate wireless clients.

References

• 9.2.2 Wireless Configuration Tasks

q_wireless_conf_broadcast_np6.question.fex

Question 4:
Correct
Which of the following features does WPA2 supply on a wireless network?
Answer

Client-connection refusal based on MAC address

Configure the connection with a pre-shared key and TKIP encryption.

Configure the connection to use 802.1x authentication and TKIP encryption.

Correct Answer:
Configure the connection with a pre-shared key and AES encryption.

Configure the connection to use 802.1x authentication and AES encryption.

Explanation
To connect to a wireless network using WPA2-Personal, you need to use a pre-
shared key for authentication. Advanced Encryption Standard (AES) encryption is
supported by WPA2 and is the strongest encryption method.
WPA and WPA2 designations that include Personal or PSK use a pre-shared key for
authentication.
Methods that include Enterprise use a RADIUS server for authentication and 802.1x
authentication with usernames and passwords.

References

• 9.2.2 Wireless Configuration Tasks

q_wireless_conf_psk_aes_np6.question.fex

Question 8:
Correct
You need to configure a wireless network. You want to use WPA2 Enterprise. Which
of the following components should be part of your design? (Select two.)
Answer

Open authentication

Pre-shared keys

WEP encryption
Correct Answer:
802.1x

TKIP encryption
Correct Answer:
AES encryption

Explanation

To configure WPA2 Enterprise, you need a RADIUS server to support 802.1x

authentication. WPA2 uses AES for encryption.
WPA2-PSK, also called WPA2 Personal, uses pre-shared keys for authentication.
WPA uses TKIP for encryption.

References

• 9.2.2 Wireless Configuration Tasks

q_wireless_conf_wpa2_01_np6.question.fex

Question 9:
Correct
You need to add security for your wireless network. You would like to use the most
secure method.
Which method should you implement?
Answer

WPA

WEP

Kerberos
Correct Answer:
WPA2

Explanation

Wi-Fi Protected Access 2 (WPA2) is currently the most secure wireless security
specification. WPA2 includes specifications for both encryption and authentication.
WPA was an earlier implementation of security specified by the 802.11i committee.
WEP was the original security method for wireless networks. WPA is more secure
than WEP but less secure than WPA2.
Kerberos is an authentication method, not a wireless security method.

References

• 9.2.2 Wireless Configuration Tasks

q_wireless_conf_wpa2_02_np6.question.fex

Question 10:
Correct
You have a small wireless network that uses multiple access points. The network
uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access
points.
You want to connect a laptop computer to the wireless network. Which of the
following parameters do you need to configure on the laptop? (Select two.)
Answer

BSSID
Correct Answer:
Pre-shared key

Channel
AES encryption
Correct Answer:
TKIP encryption

Explanation

To connect to the wireless network using WPA, you need to use a pre-shared key
and TKIP encryption. A pre-shared key used with WPA is known as WPA-PSK or
WPA Personal.
WPA2 uses AES encryption. The channel is automatically detected by the client. The
basic service set identifier (BSSID) is a 48-bit value that identifies an AP in an
infrastructure network or an STP in an ad hoc network. The client automatically
reads the BSSID and uses it to keep track of APs as they roam between cells.

References

• 9.2.2 Wireless Configuration Tasks

q_wireless_conf_wpa_np6.question.fex
You are designing a wireless network for a client. Your client needs the network to
support a data rate of at least 150 Mbps. In addition, the client already has a wireless
telephone system installed that operates at 2.4 GHz.
Which 802.11 standard works best in this situation?
Answer

802.11g

802.11b
Correct Answer:
802.11n

802.11a

Explanation

802.11n is the best choice for this client.

802.11b and 802.11g both operate in the 2.4 GHz to 2.4835 GHz range, which will
cause interference with the client's wireless phone system.
802.11a operates in the 5.725 GHz to 5.850 GHz frequency range. While this won't
interfere with the phone system, the maximum speed is limited to 54 Mbps.

References

• 9.3.4 Wireless Network Design Facts

q_wireless_design_802_11n_np6.question.fex

Question 2:
Correct
Which of the following uses a 2.4 GHz ISM band, has fast transmission rates, and
has been used for applications like geocaching and health monitors?
Answer

Z-Wave
Correct Answer:
Ant+

802.11ac

NFC

Explanation
Ant+ is generally used to monitor sensor data. It uses a 2.4 GHz ISM band, has fast
transmission rates, and has been used for applications like geocaching and health
monitors.
The Z-Wave protocol is found in the home security and automation market and uses
only a mesh topology. Each attached device acts as a repeater and increases the
network strength. Z-Wave has a low data transfer rate.
NFC (Near Field Communication) is common with mobile pay solutions and
connections like Bluetooth, but NFC has to be within 10 cm or 4 inches from another
device to connect.
802.11ac is a wireless networking standard that offers high-speed data transfer.

References

• 9.3.4 Wireless Network Design Facts

q_wireless_design_ant_np6.question.fex

Question 3:
Correct
You have been hired to design a wireless network for a SOHO environment. You are
currently in the process of gathering network requirements from management.
Which of the following questions should you ask? (Select three.)
Answer
Correct Answer:
Which type of data will be transmitted on the network?

Is there future construction that might affect or disrupt the RF signals?

Correct Answer:
How many devices will need to be supported?
Correct Answer:
Is the size of the business expected to grow in the future?

Where can network hardware be mounted in the building?

Are there microwaves or cordless phones that can cause interference?

What are the zoning and permit requirements?

Explanation

The first thing you do when designing a wireless network is gather network
requirements. Meet with all stakeholders and decision-makers to discuss the
implementations and gather detailed information. For example, you should:
• Identify the intended use of the wireless network.
• Identify the location of wireless service areas.
• Anticipate the number of wireless devices that need to be supported in
each area.
• Discuss future network needs so that you can plan for expansion.
• Discuss data encryption and network security requirements.
You should consider mounting points, interference, zoning and permit requirements,
and future construction during the network design phase. This happens after all
requirements have been gathered.

References

• 9.3.4 Wireless Network Design Facts

q_wireless_design_gathering_np6.question.fex

Question 4:
Correct
Which protocol is well known for its use in the home security and home automation
industry, uses a mesh topology, makes devices act as repeaters, and has a low data
transfer rate?
Answer

802.11ac
Correct Answer:
Z-Wave

Ant+

NFC

Explanation

The Z-Wave protocol is mostly found in the home security and automation market
and uses only a mesh topology. Each attached device acts as a repeater and
increases the network strength. Z-Wave has a low data transfer rate.
Ant+ uses a mesh topology. However, Ant+ is generally used to monitor sensor data.
NFC is common with mobile pay solutions and connections like Bluetooth, but NFC
has to be several inches from another device to connect.
802.11ac is a wireless networking standard that offers high-speed data transfer.

References

• 9.3.4 Wireless Network Design Facts

q_wireless_design_zwave_np6.question.fex

Question 5:
Correct
You have been hired to troubleshoot a wireless connectivity issue for two separate
networks located within a close proximity. Both networks use a WAP from the same
manufacturer, and all settings (with the exception of SSIDs) remain configured to
their defaults.
Which of the following might you suspect is the cause of the connectivity problems?
Answer

There is crosstalk between the RF signals.

Correct Answer:
There are overlapping channels.

The two client systems' SSIDs match.

The two server systems' SSIDs match.

There is WEP overlap.

Explanation

Overlapping wireless networks should use different channels to ensure that they do
not conflict with each other. In this case, each WAP is using the default channel,
which by default, is the same for each one. The solution would be to configure
different channels for each access point.
To configure client connectivity, the wireless client and the access point must share
the same SSID, channel, and WEP encryption strength. In this case, the SSIDs were
changed for each station, so they are not the problem.

References

• 9.3.6 Wireless Site Survey Facts

q_conduct_wireless_survey_channels_np6.question.fex

Question 6:
Correct
Match each wireless term or concept on the left with its associated description on the
right. Each term may be used more than once. (Not all descriptions have a matching
term.)
Compares the Wi-Fi signal level to the level of background radio signals.

Signal-to-noise ratio
correct answer:
Checks channel utilization and identifies sources of RF inference.
Spectrum analysis
correct answer:
Identifies how strong a radio signal is at the receiver.

Received signal level

correct answer:
Keyboard Instructions

Explanation

You should be familiar with the following wireless networking concepts and terms:
• Received signal level (RSL) identifies how strong a radio signal is at the
receiver. The closer you are to the transmitter, the stronger the RSL.
• Signal-to-noise ratio (SNR) compares the wireless signal level to the level
of background noise.
• A spectrum analysis checks channel utilization to identify sources of RF
inference at each location where you plan to deploy an access point.

References

•9.3.6 Wireless Site Survey Facts

q_conduct_wireless_survey_concept_np6.question.fex

Question 7:
Correct
Which of the following should you include in your site survey kit?
Answer
Correct Answer:
A tall ladder

A network bridge

A GPS

Mounting brackets

Explanation

A site survey kit should include:

• Two access points (APs). Bring access points to each location to test the
signal quality and to identify the node density required in each area.
• Two laptops with a network performance measurement utility (such as
Iperf) installed. This allows you to evaluate the network throughput at each
location.
• A tall ladder so you can test each AP at its height or close to its height.
Log the location's GPS coordinates. Use digital photos to document the location and
its surrounding environment.
During a site survey, you don't physically install the access points.
A network bridge connects different network segments. It's not included in a site
survey kit.

References

• 9.3.6 Wireless Site Survey Facts

q_conduct_wireless_survey_ladder_np6.question.fex

Question 8:
Correct
You are concerned that wireless access points might have been deployed within
your organization without authorization.
What should you do? (Select two. Each response is a complete solution.)
Answer

Implement an intrusion detection system (IDS).

Implement a network access control (NAC) solution.

Implement an intrusion prevention system (IPS).

Correct Answer:
Check the MAC addresses of devices that are connected to your wired switch.
Correct Answer:
Conduct a site survey.

Explanation

A rogue host is an unauthorized system that has connected to a wireless network. It

could be an unauthorized wireless device or even an unauthorized wireless access
point that someone connected to a wired network jack. Rogue hosts can be benign
or malicious in nature. Either way, rogue hosts represent a security risk, and you
should detect and subsequently remove them immediately. Four commonly used
techniques for detecting rogue hosts include:
• Use site survey tools to identify hosts and APs.
• Check connected MAC addresses to identify unauthorized hosts.
• Conduct an RF noise analysis to detect a malicious rogue AP that's using
jamming.
• Analyze wireless traffic to identify rogue hosts.
Using an IDS or an IPS would not be effective, as these devices are designed to
protect networks from perimeter attacks.
Rogue APs are internal threats.
You can use a NAC solution to remediate clients that connect to the network, but this
solution doesn't detect rogue APs.

References

• 9.3.6 Wireless Site Survey Facts

q_conduct_wireless_survey_site_02_np6.question.fex

Question 9:
Correct
Which of the following purposes do wireless site surveys fulfill? (Select two.)
Answer
Correct Answer:
Identify the coverage area and preferred placement of access points.
Correct Answer:
Identify existing or potential sources of interference.

Determine the amount of bandwidth required in various locations.

Identify the recommended 100 degree separation angle for alternating access points.

Document existing infrared traffic in the 5.4 GHz spectrum.

Explanation

Wireless site surveys provide layout and design parameters for access point
coverage and placement. Site surveys can also identify rogue access points and
other forms of interference that reduce security and prevent the proper operation of
authorized network devices.
You use radio frequency spectrum and protocol analyzers to conduct these surveys.
As part of bandwidth planning, you determine the amount of bandwidth required in
various locations.

References

• 9.3.6 Wireless Site Survey Facts

q_conduct_wireless_survey_site_np6.question.fex

Question 10:
Correct
Which of the following does an SNR higher than 1:1 indicate?
Answer
Correct Answer:
More signal than noise
No signal

No noise

More noise than signal

Explanation

An SNR higher than 1:1 indicates more signal than noise, which is desirable.

References

• 9.3.6 Wireless Site Survey Facts

q_conduct_wireless_survey_snr_np6.question.fex
Which of the following connects wired or wireless networks together?
Answer
Correct Answer:
Wireless bridge

Hub and spoke

Wireless mesh

Wireless router

Explanation

Wireless bridges are what connect wired or wireless networks together.

In a hub-and-spoke configuration, a wireless controller is connected to all APs
through wired links.
Wireless mesh architecture moves some of the network intelligence from the
controller out to the individual access points.
Wireless access points (also called wireless hubs or wireless routers) are the central
connection point for wireless clients.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_bridge_np6.question.fex

Question 2:
Correct
Which of the following functions does a consumer-grade access point combine into a
single device? (Select two.)
Answer

SSID
Correct Answer:
NAT

AES
Correct Answer:
WAP

WPA

Explanation
A consumer-grade access point combines many functions into a single device, such
as a wireless access point (WAP) and a NAT router.
The SSID is the name of the wireless network that is broadcast from an AP.
Wi-Fi Protected Access (WPA) is a security certification program that was developed
by the Wi-Fi Alliance to secure wireless signals between devices.
Advanced Encryption Standard (AES) uses 128-, 192-, and 256-bit key lengths to
encrypt and decrypt block-sized messages that are broadcast over a wireless
transmission.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_consumer_01_np6.question.fex

Question 3:
Correct
Which of the following is a limitation of consumer-grade wireless equipment?
Answer

It operates on 5 GHz channels at 20 MHz wide.

It makes the transmitted bandwidth signal wider than the data stream needs.

APs can quickly re-associate themselves with a different wireless controller.

Correct Answer:
It supports a maximum of 5-10 wireless clients at a time.

Explanation

Consumer-grade wireless equipment work reasonably well in small environments.

However, it has very limited capacity, usually only supporting a maximum of 5-10
wireless clients at a time. If more clients than this connect, the bandwidth for the
entire wireless network is drastically reduced.
With distributed wireless mesh infrastructure, APs can quickly re-associate
themselves with a different wireless controller if the primary controller becomes
unavailable for some reason.
Direct Sequence Spread Spectrum (DSSS) makes the transmitted bandwidth signal
wider than the data stream needs.
Orthogonal Frequency Division Multiplexing (OFDM) operates on 5 GHz channels at
20 MHz wide.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_consumer_02_np6.question.fex
Question 4:
Correct
Which of the following usually provides DHCP services to dynamically assign IP
addressing information to wireless clients and connect the wireless network to the
internal wired network and the internet?
Answer

Bridges

Backhauls
Correct Answer:
Controllers

Access points

Explanation

The controller usually provides DHCP services to dynamically assign IP addressing

information to wireless clients. The controller also connects the wireless network to
the internal wired network and the internet.
Wireless bridges are what connect wired or wireless networks together.
Wireless access points are transceivers that transmit and receive information on a
wireless network.
The link between the access points and the wired network is called the backhaul.
The backhaul allows the wireless access points to communicate with the wired
clients and other wireless clients in a separate BSS.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_controller_01_np6.question.fex

Question 5:
Correct
Which of the following can become a critical point of failure in a large wireless
network infrastructure?
Answer

Access point
Correct Answer:
Controller

Backhaul
Wireless bridge

all APs through a wired link. The individual APs contain very little embedded
intelligence and are sometimes referred to as lightweight wireless access points
(LWAPs).
Newer wireless networks can be deployed using a distributed wireless mesh
architecture. These networks still use a controller, but they move some of the
network intelligence from the controller out to the individual APs.
Wireless bridges are what connect wired or wireless networks together.
Independent APs are standalone APs that negotiate wireless traffic and require that
a device must receive a new Internet Protocol (IP) address every time it moves to a
different AP.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_hub_spoke_np6.question.fex

Question 8:
Correct
Which of the following BEST describes roaming?
Answer
Correct Answer:
The ability to broadcast the same SSID across multiple APs.

A model that connects wired and/or wireless networks.

The name of the wireless network that is broadcasted from an AP.

A deployment model used by newer wireless networks.

Explanation

Roaming is the ability to broadcast the same SSID across multiple APs. This allows
a wireless device to stay on the same network without interruption while moving from
one AP to another.
The SSID is the name of the wireless network that is broadcast from an AP.
A wireless bridge is a model that connects wired and/or wireless networks.
Distributed wireless mesh infrastructure is a deployment model used by newer
wireless networks.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_roaming_01_np6.question.fex

Question 9:
Correct
Your manager has asked you to set up four independent APs and configure them
with the same SSID, channel, and IP subnet. What should you enable to accomplish
this?
Answer

Channel bonding

A basic service set

Correct Answer:
Roaming

A spectrum analyzer

Explanation

In order to enable roaming from one AP to another, the APs must be individually set
up and share the same SSID, channel, and IP subnet.
A spectrum analyzer is a device that displays signal amplitude (strength) as it varies
by signal frequency. The frequency appears on the horizontal axis, and the
amplitude is displayed on the vertical axis.
Channel bonding is used to combine more channels in the 5 GHz band, allowing up
to 160-MHz wide channels.
A basic service set (BSS) is a wireless network that uses only one AP for all devices
to communicate with each other.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_roaming_np6.question.fex

Question 10:
Correct
Match the wireless networking term or concept on the left with its appropriate
description on the right. (Each term may be used once, more than once, or not at
all.)
Moving a wireless device between access points within the same wireless network.

Roaming
correct answer:
Used by Cisco wireless equipment to route frames back and forth between the
wireless network and the wired LAN.

LWAPP
correct answer:
Specifies the number of clients that can utilize the wireless network.

Device density
correct answer:
Automatically partitions a single broadcast domain into multiple VLANs.

VLAN pooling
correct answer:
Connects two wired networks over a Wi-Fi network.

Wireless bridge
correct answer:
The number of useful bits delivered from sender to receiver within a specified
amount of time.

Goodput
correct answer:
Keyboard Instructions

Explanation

You should be familiar with the following wireless networking terms and concepts:
• Device density specifies the number of clients that can utilize the wireless
network.
• Roaming is moving a wireless device between access points within the
same wireless network.
• Lightweight Access Point Protocol (LWAPP) is used by Cisco wireless
equipment to route frames back and forth between the wireless network
and the wired LAN.
• VLAN pooling automatically partitions a single broadcast domain into
multiple VLANs.
• A wireless bridge connects two wired networks over a Wi-Fi network.
• Goodput refers to the number of useful bits delivered from the sender to
the receiver within a specified amount of time.

References

• 9.4.3 Enterprise Wireless Facts

q_enterprise_wireless_terms_np6.question.fex
Which of the following do switches and wireless access points use to control access
through a device?
Answer

Port number filtering

Session filtering

IP address filtering
Correct Answer:
MAC address filtering

Explanation

Both switches and wireless access points are Layer 2 devices, meaning they use the
MAC address to make forwarding decisions. Both devices typically include some
form of security that restricts access based on the MAC address.
Routers and firewalls operate at Layer 3 and can use the IP address or port number
for filtering decisions.
A circuit-level gateway is a firewall that can make forwarding decisions based on the
session information.

References

• 9.5.3 Wireless Security Facts

q_wireless_security_mac_np6.question.fex

Question 2:
Correct
You want to implement 802.1x authentication on your wireless network. Where
would you configure the passwords that will be used for the authentication process?
Answer
Correct Answer:
On a RADIUS server.

On a certificate authority (CA).

On the wireless access point and each wireless device.

On the wireless access point.

Explanation
802.1x authentication uses usernames and passwords, certificates, or devices (such
as smart cards) to authenticate wireless clients. Authentication requests received by
the wireless access point are passed to a RADIUS server that validates the logon
credentials (such as the username and password).
If you're using pre-shared keys for authentication, configure the same key on the
wireless access point and each wireless device. You do need a CA to issue a
certificate to the RADIUS server. The certificate proves the RADIUS server's identity
and can be used to issue certificates to individual clients.

References

• 9.5.3 Wireless Security Facts

q_wireless_security_radius_03_np6.question.fex

Question 3:
Correct
You're replacing a wired business network with an 802.11g wireless network. You
currently use Active Directory on the company network as your directory service. The
new wireless network has multiple wireless access points, and you want to use
WPA2 on the network. What should you do to configure the wireless network?
(Select two.)
Answer

Use shared secret authentication.

Configure devices to run in ad hoc mode.

Correct Answer:
Install a RADIUS server and use 802.1x authentication.
Correct Answer:
Configure devices to run in infrastructure mode.

Use open authentication with MAC address filtering.

Explanation

When you use wireless access points, configure an infrastructure network. Because
you have multiple access points and an existing directory service, you can centralize
authentication by installing a RADIUS server and using 802.1x authentication.
Use ad hoc mode when you need to configure a wireless connection between two
hosts.
Use open authentication with WEP or when you don't want to control access to the
wireless network.
When you can't use 802.1x, use shared secret authentication.

References
• 9.5.3 Wireless Security Facts
q_wireless_security_radius_04_np6.question.fex

Question 4:
Correct
Which of the following wireless security methods uses a common shared key that's
configured on the wireless access point and all wireless clients?
Answer

WPA Enterprise and WPA2 Enterprise

WEP, WPA Personal, WPA Enterprise, WPA2 Personal, and WPA2 Enterprise

WPA Personal and WPA2 Enterprise

Correct Answer:
WEP, WPA Personal, and WPA2 Personal

Explanation

You can use shared key authentication with WEP, WPA, and WPA2. Shared key
authentication with WPA and WPA2 is often called WPA Personal or WPA2
Personal.
WPA Enterprise and WPA2 Enterprise use 802.1x for authentication. 802.1x
authentication uses usernames and passwords, certificates, or devices (such as
smart cards) to authenticate wireless clients.

References

• 9.5.3 Wireless Security Facts

q_wireless_security_shared_key_np6.question.fex

Question 5:
Correct
Which of the following features are supplied by WPA2 on a wireless network?
Answer

A centralized access point for clients

Traffic filtering based on packet characteristics

Correct Answer:
Encryption

Client connection refusals based on MAC address

Explanation

Wi-Fi Protected Access (WPA) provides encryption and user authentication for
wireless networks.
MAC address filtering allows or rejects client connections based on the hardware
address.
A wireless access point (called an AP or WAP) is the central connection point for
wireless clients.
A firewall allows or rejects packets based on packet characteristics (such as
address, port, or protocol type).

References

• 9.5.3 Wireless Security Facts

q_wireless_security_wpa2_01_np6.question.fex

Question 6:
Correct
Which of the following provides security for wireless networks?
Answer

802.11a
Correct Answer:
WPA

WAP

CSMA/CD

Explanation

Wi-Fi Protected Access (WPA) provides encryption and user authentication for
wireless networks. Wired Equivalent Privacy (WEP) also provides security, but WPA
is considered more secure than WEP.
A wireless access point (WAP) is a hardware device (like a switch) that provides
access to the wireless network.
802.11a is a wireless networking standard that defines the signal characteristics for
communicating on a wireless network.
CSMA/CD is a media access control method that controls when a device can
communicate on the network.

References

• 9.5.3 Wireless Security Facts

q_wireless_security_wpa_np6.question.fex
Question 7:
Correct
The owner of a hotel has contracted with you to implement a wireless network to
provide internet access for guests.
The owner has asked that you implement security controls so that only paying
guests are allowed to use the wireless network. She wants guests to be presented
with a login page when they initially connect to the wireless network. After entering a
code provided by the concierge at check-in, guests should then be allowed full
access to the internet. If a user does not provide the correct code, he or she should
not be allowed to access the internet.
What should you do?
Answer
Correct Answer:
Implement a captive portal.

Implement MAC address filtering.

Implement 802.1x authentication using a RADIUS server.

Implement pre-shared key authentication.

Explanation

A captive portal would be the best choice in this scenario. A captive portal requires
wireless network users to abide by certain conditions before they are allowed access
to the wireless network. For example, the captive portal could require them to:
• Agree to an Acceptable Use Policy
• Provide a PIN or password
• Pay for access to the wireless network
• View information or advertisements about the organization providing the
wireless network (such as an airport or hotel)
When a wireless device initially connects to the wireless network, all traffic to or from
that device is blocked until the user opens a browser and accesses the captive portal
web page. After the user provides the appropriate code, traffic is unblocked, and the
host can access the network normally.
MAC address filtering and 802.1x authentication would work from a technical
standpoint, but these would be completely unmanageable in a hotel scenario where
guests come and go every day. Using a pre-shared key would require a degree of
technical expertise on the part of the hotel guests. It could also become problematic
if the key were to be leaked, allowing non-guests to use the wireless network.

References

• 9.5.5 Wireless Attack Facts

q_wireless_attacks_captive_np6.question.fex
Question 8:
Correct
Which of the following measures will make your wireless network invisible to the
casual attacker performing war driving?
Answer

Implement WPA2 Personal.

Correct Answer:
Disable SSID broadcast.

Use a form of authentication other than open authentication.

Change the default SSID.

Explanation

Wireless access points are transceivers that transmit and receive information on a
wireless network. Each access point has a service set ID (SSID) that identifies the
wireless network. By default, access points broadcast the SSID to announce their
presence and make it easy for clients to find and connect to the wireless network.
Turn off SSID broadcast to keep a wireless 802.11x network from being
automatically discovered. When SSID broadcasting is turned off, users must know
the SSID to connect to the wireless network. This helps to prevent casual attackers
from connecting to the network, but any serious hacker with the right tools can still
connect.
Using authentication with WPA or WPA2 helps prevent attackers from connecting to
your wireless network, but this does not hide the network. Changing the default SSID
to a different value does not disable the SSID broadcast.

References

• 9.5.5 Wireless Attack Facts

q_wireless_attacks_disable_np6.question.fex

Question 9:
Correct
Which of the following locations creates the greatest amount of interference for a
wireless access point? (Select two.)
Answer

Near a geofence

In the top floor of a two-story building

Correct Answer:
Near backup generators
Correct Answer:
Near cordless phones

Near DCHP servers

Explanation

Other wireless transmission devices (such as cordless phones, microwaves, or

generators) cause interference for wireless access points.
In general, place access points high up to avoid interference problems caused by
going through building foundations. DHCP servers provide IP information for clients
and do not cause interference.
Geofencing requires users to be in a physical location. Using virtual boundaries, or
fences, can add another layer of security to your network.

References

• 9.5.5 Wireless Attack Facts

q_wireless_attacks_interference_np6.question.fex

Question 10:
Correct
Your company security policy states that wireless networks are not to be used
because of the potential security risk they present.
One day you find that an employee has connected a wireless access point to the
network in his office.
Which type of security risk is this?
Answer

Physical security

Phishing

Social engineering

On-path attack
Correct Answer:
Rogue access point

Explanation
A rogue access point is an unauthorized access point added to a network or an
access point that's configured to mimic a valid access point. Example scenarios
include:
• An attacker or employee with access to the wired network installs a
wireless access point on a free port. The access port then provides a
method for remotely accessing the network.
• An attacker near a valid wireless access point installs an access point with
the same (or similar) SSID. The access point is configured to prompt for
credentials, allowing the attacker to steal those credentials or use them in
an on-path attack to connect to the valid wireless access point.
• An attacker configures a wireless access point in a public location and
then monitors the traffic of those who connect to the access point.
An on-path attack is used to intercept information passing between two
communication partners. A rogue access point might be used to initiate an on-path
attack, but in this case, the rogue access point was connected without malicious
intent.
Social engineering exploits human nature by convincing someone to reveal
information or perform an activity.
Phishing uses an email and a spoofed website to gain sensitive information.

References

• 9.5.5 Wireless Attack Facts

q_wireless_attacks_rogue_np6.question.fex
A user calls to report that she is experiencing intermittent problems while accessing
the wireless network from her laptop computer. While talking to her, you discover
that she is trying to work from the coffee room two floors above the floor where she
normally works.
What is the MOST likely cause of her connectivity problem?
Answer

The user needs a new IP address because she is working on a different floor.

The wireless network access point on the user's normal floor has failed.

The user has not yet rebooted her laptop computer while at her new location.
Correct Answer:
The user is out of the effective range of the wireless access point.

The user has not yet logged off and back on to the network while at her new location.

Explanation

Because the user is only experiencing intermittent problems, the most likely cause is
that she is out of the effective range of the wireless network access point.
All of the other answers listed would be appropriate if the user were unable to
connect to the network at all. However, as the user is experiencing only intermittent
problems, none of the other answers is likely to cure the problem.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_distance_01_np6.question.fex

Question 2:
Correct
A user on your network has been moved to another office down the hall. After the
move, she calls you complaining that she has only occasional network access
through her wireless connection. Which of the following is MOST likely the cause of
the problem?
Answer

The encryption level has been erroneously set back to the default setting.

An SSID mismatch between the client and the server.

An SSID mismatch between the client and the WAP.

Correct Answer:
The client system has moved too far away from the access point.

The client has incorrect WEP settings.

Explanation

In this case, the user had no problems accessing the wireless access point until she
moved to the new office. In some cases, moving a system causes signal loss either
from the increased distance away from the WAP or from unexpected interference by
such things as concrete walls or steel doors. There are several ways to correct the
problem, including reducing the physical distance to the client, using a wireless
amplifier, upgrading the antennae on the wireless devices, or adding another WAP to
the infrastructure.
Because the client could previously access the WAP and still has occasional access,
it is likely that the move was the cause of the problem, not any other configuration
setting.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_distance_02_np6.question.fex

Question 3:
Correct
Your wireless network consists of multiple 802.11n access points that are configured
as follows:
• SSID (hidden): CorpNet
• Security: WPA2-PSK using AES
• Frequency: 5.75 GHz
• Bandwidth per channel: 40 MHz
Because of your facility's unique construction, there are many locations that do not
have a clear line of sight between network clients and access points. As a result,
radio signals are reflected along multiple paths before finally being received. The
result is distorted signals that interfere with each other.
What should you do?
Answer

Switch to RADIUS authentication for wireless clients.

Install directional access points.

Correct Answer:
Implement antenna diversity.

Reduce the power of the access point radio signals.

Explanation

Antenna diversity implements two or more radio antennae to improve the quality and
reliability of a wireless link. In environments where there is no clear line of sight
between transmitter and receiver, the radio signal is reflected along multiple paths
before finally being received. This can introduce phase shifts, time delays,
attenuation, and distortion that interfere with the antenna signal.
You can rectify the situation by implementing antenna diversity two ways:
• Spatial diversity, which uses multiple antennae that are physically
separated from one another.
• Pattern diversity, which uses two or more co-located antennae with
different radiation patterns.
Using a RADIUS authentication solution increases wireless network security, but it
doesn't address the issue of multipath interference. Reducing radio power could help
solve multipath interference issues in some situations, but it may make it worse in
others. This is also true of directional access points.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_diversity_np6.question.fex

Question 4:
Correct
You are troubleshooting a wireless connectivity issue in a small office. You
determine that the 2.4GHz cordless phones used in the office are interfering with the
wireless network transmissions.
If the cordless phones are causing the interference, which of the following wireless
standards could the network be using? (Select two.)
Answer
Correct Answer:
Bluetooth

Infrared

802.11a

802.3a
Correct Answer:
802.11b

Explanation

Both the 802.11b and Bluetooth wireless standards use the 2.4 GHz RF range to
transmit data. Cordless phones that operate at the same frequency can cause
interference on the wireless network. Other devices, such as microwaves and
electrical devices, may also cause interference.
802.11a uses the 5 GHz radio frequency, so this would not be affected by the 2.4
GHz phones used in the office.
Infrared uses a light beam to connect computer and peripheral devices to create a
personal area network (PAN).

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_interference_np6.question.fex

Question 5:
Correct
You are implementing a wireless network inside a local office. You require a wireless
link to connect a laptop in the administrator's office directly to a system in the sales
department. In the default configuration, the wireless AP uses a 360-dispersed RF
wave design. After installation, the signal between the two systems is weak, as many
obstacles interfere with it.
Which of the following strategies could you try to increase signal strength?
Answer
Correct Answer:
Replace the omni-directional antenna with a directional antenna.

Increase the RF setting on the client system.

Increase the RF power on the isotropic antenna.

Replace the directional antenna with an omni-directional antenna.

Explanation

A directional antenna is designed to create a narrow, focused signal in a particular

direction. This focused signal provides greater signal strength between two points
and increases the distance that the signal can travel. Because directional antennae
provide a stronger point-to-point connection, they are better equipped to handle
obstacles that may be in the way of the signal.
The default antenna used with this configuration is an omni-directional antenna that
disperses the RF wave in an equal 360-degree pattern. This antenna is commonly
used to provide access to many clients in a radius.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_omni_01_np6.question.fex
Question 6:
Correct
You're setting up a wireless hotspot in a local coffee shop. For best results, you want
to disperse the radio signals evenly throughout the coffee shop.
Which of the following antenna types would you use on the AP to provide a 360-
degree dispersed wave pattern?
Answer
Correct Answer:
Omni-directional

Multi-directional

Directional

Uni-directional

Explanation

An omni-directional antenna provides a 360-degree dispersed wave pattern. In this

configuration, signals are dispersed evenly in all directions, making this antenna well
suited for environments where clients are accessing the network from various
locations, such as coffee shops. A dispersed wireless signal is weaker and,
therefore, is restricted to shorter signal distances.
A directional wireless antenna focuses a signal in a particular direction. The focused
signal allows for greater transmission distances and a stronger signal. Directional
antennae are sometimes used to establish a wireless point-to-point connection
where greater transmission distances are often required.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_omni_02_np6.question.fex

Question 7:
Correct
You need to place a wireless access point in your two-story building while avoiding
interference. Which of the following is the best location for the access point?
Answer
Correct Answer:
On the top floor

In the kitchen area

Near the backup generators

In the basement

Explanation

In general, place access points as high as possible to avoid interference problems

caused by going through building foundations.
Do not place the access point next to sources of interference, such as other wireless
transmitting devices (cordless phones or microwaves) or other sources of
interference (motors or generators).

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_placement_01_np6.question.fex

Question 8:
Correct
Which of the following recommendations should you follow when placing access
points to provide wireless access for users within your company building?
Answer

Place access points near outside walls.

Correct Answer:
Place access points above where most clients are.

Place multiple access points in the same area.

Place access points in the basement.

Explanation

Follow a few guidelines for placing wireless access points:

• Devices often get better reception from access points that are above or
below.
• If possible, place access points higher up to avoid interference problems
caused by going through building foundations.
• For security reasons, do not place APs near outside walls. The signal will
extend outside beyond the walls. Placing the AP in the center of the
building decreases the signal range.
• When using multiple access points, place them evenly throughout the
area, taking care to minimize broadcast overlap while ensuring adequate
coverage for all areas.

References
• 9.6.4 Wireless Network Troubleshooting Facts
q_wireless_comm_trouble_placement_02_np6.question.fex

Question 9:
Correct
You have physically added a wireless access point to your network and installed a
wireless networking card in two laptops that run Windows. Neither laptop can find the
network, and you've come to the conclusion that you must manually configure the
wireless access point (WAP).
Which of the following values uniquely identifies the WAP?
Answer

WEP

Channel

Frequency
Correct Answer:
SSID

Explanation

The SSID (service set identifier) identifies the wireless network. All PCs and access
points in a LAN share the same SSID.
WEP (Wired Equivalent Privacy) adds a layer of security to the transmission, while
the channel identifies the frequency that the card and AP communicate on.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_ssid_01_np6.question.fex

Question 10:
Correct
You have decided to conduct a business meeting at a local coffee shop. The coffee
shop you chose has a wireless hotspot for customers who want internet access.
You decide to check your email before the meeting begins. When you open the
browser, you cannot gain internet access. Other customers are using the internet
without problems. You're sure that your laptop's wireless adapter works because you
use a wireless connection at work.
What is the MOST likely cause of the problem?
Answer

Incorrectly configured PPP

Different LAN protocols

An out-of-range WAP
Correct Answer:
A mismatched SSID

Explanation

You must configure a wireless client and access point to use the same SSID. In this
case, the client system was used on a different wireless network and may still be
using that network's SSID. To log onto this network, the system needs to use the
same SSID as the other customers in the coffee shop.
The problem is not with LAN protocols, as TCP/IP is the protocol used on the
internet. There are no other options.
The WAP is not out of range, as other clients are accessing it.
PPP (Point-to-Point Protocol) is not required to make an internet connection.

References

• 9.6.4 Wireless Network Troubleshooting Facts

q_wireless_comm_trouble_ssid_02_np6.question.fex
Which of the following devices is used on a WAN to convert synchronous serial
signals into digital signals?
Answer

Modem

Proxy

IDS
Correct Answer:
CSU/DSU

Explanation

A CSU/DSU (Channel Service Unit/Data Service Unit) is a device that converts the
signal received from the WAN provider into a signal that can be used by equipment
at a customer's site. A CSU/DSU is composed of two separate devices.
•
The CSU terminates the digital signal and provides error correction and
line monitoring.
• The DSU converts the digital data into synchronous serial data for
connection to a router.
A modem converts digital signals to analog signals.
A proxy server is a type of firewall that can filter based on upper-layer data.
An intrusion detection system (IDS) is a special network device that can detect
attacks and suspicious activity.

References

•
10.1.2 WAN Concept Facts
q_wan_concepts_csu_dsu_02_np6.question.fex

Question 2:
Correct
Which of the following is the customer's responsibility to maintain?
Answer

Local loop

CO
Correct Answer:
CPE

PSE
Explanation

Customers are responsible for customer premises equipment (CPE), which is any
equipment at the customer's site.
WAN service providers are responsible for:
• Packet switching exchange (PSE) equipment inside the WAN cloud.
• Central office (CO) equipment that allows access to the PSE.
• Data circuit-terminating equipment (DCE) devices that switch data to the
WAN.
• Local loop wiring that connects the customer to the CO.

References

• 10.1.2 WAN Concept Facts

q_wan_concepts_customer_np6.question.fex

Question 3:
Correct
Which of the following describe the channels and data transfer rates used for ISDN
BRI? (Select two.)
Answer
Correct Answer:
Two B channels operating at 64 Kbps each.
Correct Answer:
One D channel operating at 16 Kbps.

23 B channels operating at 64 Kbps each.

30 B channels operating at 64 Kbps each.

Optical Carrier (OC) is used to specify the speed of fiber optic networks conforming
to the SONET standard. Common OC speeds are:
• OC-1 = 51.85 Mbps
• OC-3 = 155.52 Mbps
• OC-12 = 622.08 Mbps
• OC-24 = 1.244 Gbps
• OC-48 = 2.488 Gbps
• OC-192 = 9.952 Gbps
T3 is 44.736 Mbps.
E3 is 34.368 Mbps.

References

•10.1.2 WAN Concept Facts

q_wan_concepts_oc3_np6.question.fex

Question 6:
Correct
Which network type divides transmitted data into smaller pieces and allows multiple
communications on the network medium?
Answer
Correct Answer:
Packet-switched

Circuit-switched

Managed

Multiplexed
Explanation

A packet-switched network divides data into small units called packets. These
packets are routed by their destination addresses. In a packet-switched network,
multiple hosts can use the network medium at the same time. An Ethernet computer
network is an example of a packet-switched network.
A circuit-switched network uses a dedicated connection between sites.
A multiplexer joins several signals together before they're transmitted.
A managed device is a device that can receive instructions and can return responses
in a network.

References

•10.1.2 WAN Concept Facts

q_wan_concepts_packet_01_np6.question.fex

Question 7:
Correct
When implementing a Multiprotocol Label Switching (MPLS) WAN, which data unit is
managed by the routers at different sites?
Answer
Correct Answer:
Packets

q_wan_concepts_ptsn_02_np6.question.fex

Question 10:
Correct
Which of the following correctly describes the T1 carrier system? (Select two.)
Answer

T1 lines use four pairs of copper wire.

T1 lines use 48 separate channels.

T1 lines have a maximum data rate of 2.4 Gbps.

T1 lines use analog signaling between the customer premise unit and the ISP.
Correct Answer:
T1 lines use two pairs of copper wire.
Correct Answer:
A single T1 channel can transfer data at 64 Kbps.

Explanation

The T1 carrier system consists of 24 separate channels. Each channel provides 64

Kbps of data throughput. A T1 line is traditionally implemented using two pairs of
twisted copper wire where two wires are used for transmission and two wires are
used for reception. Lately, many ISPs provide T1 carrier service using a variety of
network media, including fiber optic cable, coaxial cable, and radio waves.

References

• 10.1.2 WAN Concept Facts

q_wan_concepts_t1_np6.question.fex
Which of the following services is available regardless of whether the telephone
company network is available?
Answer

Dial-up

DSL
Correct Answer:
Cable modem

ISDN

Explanation

A cable modem is a network connectivity service provided by the cable television

service provider. A cable modem operates by adding a bi-directional channel
connected directly to an internet service provider (ISP) through cable TV lines. A
cable modem does not depend on phone lines for the connection.
Dial-up refers to internet access provided over a telephone company's analog
network through modems.
Integrated Services Digital Network (ISDN) is a method for providing digital
connectivity service through a telephone company's network. ISDN can combine
multiple channels consisting of voice and data simultaneously.
DSL is a digital service provided by telephone service providers. All of these
methods operate over regular phone lines.

References

• 10.2.3 Internet Services Facts

q_internet_connectivity_cable_np6.question.fex

Question 2:
Correct
Which type of internet service uses the DOCSIS specification?
Answer
Correct Answer:
Coaxial cable

Fiber optic

Shielded twisted pair

Unshielded twisted pair

Explanation

The Data Over Cable Service Interface Specification (DOCSIS) defines coaxial cable
networking specifications. It is used by cable TV providers to provide internet access
over their existing coaxial cable infrastructure. DOCSIS specifies channel widths and
modulation techniques. It also defines the manner in which the core components of
the network communicate.

References

• 10.2.3 Internet Services Facts

q_internet_connectivity_docsis_np6.question.fex

Question 3:
Correct
Which of the following internet connection technologies requires that the location be
within a limited distance of the telephone company's central office?
Answer

Satellite
Correct Answer:
DSL

Cable modem

Wireless

Explanation

There are several variations of the digital subscriber line (DSL) technology, which
are collectively referred to as xDSL. DSL works over existing telephone company
copper wires. It operates concurrently with regular voice-grade communications by
utilizing higher frequencies unused by voice transmissions. One of the
consequences of splitting the signal in this manner is that DSL must operate within a
fixed distance of the telephone company's network switching equipment.
A cable modem can be provided as a means of internet access from a cable
television company. It will work anywhere within the service area.
Satellite and wireless do not have the same distance limitations as either DSL or a
cable modem.

References

• 10.2.3 Internet Services Facts

q_internet_connectivity_dsl_np6.question.fex

Question 4:
Correct
Which of the following describe the EDGE cellular technology? (Select two.)
Answer
Correct Answer:
Offers speeds of 400 to 1,000 Kbps.

Is an extension to 3G.
Correct Answer:
Is the first internet-compatible technology.

Uses MIMO.

Explanation

The EDGE cellular technology was an intermediary between 2G and 3G networks.

EDGE was the first cellular technology to be truly internet-compatible with speeds of
400 to 1,000 Kbps.
HSPA+, LTE, and 4G networks use MIMO.

References

• 10.2.3 Internet Services Facts

q_internet_connectivity_edge_np6.question.fex

Question 5:
Correct
Which of the following technologies does GSM use to allow multiple connections on
the same frequency?
Answer

Multiple-input, multiple-output
Correct Answer:
Time-division multiple access

Frequency-division multiple access

Dial-up

Explanation

Wireless networks all provide for roaming within a limited area of coverage, but can
be limited by dead spots.
The other forms of networking listed require a cable connection, and are not
designed to allow roaming while using the network connection.

References

• 10.2.3 Internet Services Facts

q_internet_connectivity_wireless_np6.question.fex
Which of the following security functions does CHAP perform?
Answer
Correct Answer:
Periodically verifies the identity of a peer using a three-way handshake.

Allows the use of biometric devices.

Protects usernames.

Links remote systems together.

Explanation

Challenge Handshake Authentication Protocol (CHAP) periodically verifies the

identity of a peer using a three-way handshake. CHAP ensures that the same client
or system exists throughout a communication session by repeatedly and randomly
re-testing the validated system. This test involves the security server sending a
challenge message to the client. The client then performs a one-way hash function
on the challenge and returns the result to the security server. The security server
performs its own function on the challenge and compares its result with the result
received from the client. If they don't match, the session is terminated.
CHAP does provide protection for both passwords and usernames. However, stating
that it only protects usernames is incomplete and, therefore, not the best answer.
CHAP does not link remote systems together. A VPN protocol is needed for that
purpose. CHAP does not function as a device driver or interoperability mechanism
for biometric devices.

References

• 10.3.3 Remote Access Facts

q_remote_access_chap_np6.question.fex

Question 2:
Correct
Which of the following authentication protocols transmits passwords in cleartext and
is considered too unsecure for modern networks?
Answer
Correct Answer:
PAP

EAP

RADIUS

CHAP
Explanation

Password Authentication Protocol (PAP) is considered unsecure because it

transmits password information in cleartext. Anyone who sniffs PAP traffic from a
network can view the password information from a PAP packet with a simple traffic
analyzer.
Challenge Handshake Authentication Protocol (CHAP) uses a three-way handshake
to authenticate users. During this handshake, a hashed value is used to authenticate
the connection. Extensible Authentication Protocol (EAP) is an enhanced
authentication protocol that can use a variety of authentication methods, including
digital certificates and smart cards. Remote Authentication Dial-In User Service
(RADIUS) is an authentication system that allows the centralization of remote user
account management.

References

• 10.3.3 Remote Access Facts

q_remote_access_pap_np6.question.fex

Question 3:
Correct
What does a remote access server use for authorization?
Answer
Correct Answer:
Remote access policies

Usernames and passwords

SLIP or PPP

CHAP or MS-CHAP

Explanation

Authorization is the process of identifying the resources that a user can access over
a remote access connection. Authorization is controlled through the use of network
policies (remote access policies) and access control lists (ACLs). Authorization can
restrict access based on:
• Time of day
• Type of connection (PPP or PPPoE, wired or wireless)
• Location of the resource (specific servers)
Authentication is the process of proving identity. Common protocols used for remote
access authentication include PAP, CHAP, MS-CHAP, or EAP.
Usernames and passwords are used during identification and authentication as
authentication credentials. SLIP and PPP are remote access connection protocols
that are used to establish and negotiate parameters for remote access.
References

• 10.3.3 Remote Access Facts

q_remote_access_policies_np6.question.fex

Question 4:
Correct
What is the primary purpose of RADIUS?
Answer
Correct Answer:
Authenticate remote clients before access to the network is granted.

Control entry-gate access using proximity sensors.

Manage access to a network over a VPN.

Manage RAID fault-tolerant drive configurations.

Explanation

Remote Authentication Dial-In User Service (RADIUS) is primarily used for

authenticating remote clients before access to a network is granted. RADIUS is
based on RFC 2865 and maintains client profiles in a centralized database. RADIUS
offloads the authentication burden for dial-in users from the normal authentication of
local network clients. For environments with a large number of dial-in clients,
RADIUS provides improved security, easier administration, improved logging, and
alleviated performance impact on LAN security systems.

References

• 10.3.3 Remote Access Facts

q_remote_access_radius_np6.question.fex

Question 5:
Correct
Which of the following are methods for providing centralized authentication,
authorization, and accounting for remote access? (Select two.)
Answer
Correct Answer:
TACACS+
Correct Answer:
RADIUS

PKI
EAP

AAA

Explanation

Both RADIUS and TACACS+ are protocols used for centralized authentication,
authorization, and accounting with remote access. Remote access clients send
authentication credentials to remote access servers. Remote access servers are
configured as clients to the RADIUS or TACACS+ servers and forward the
authentication credentials to the servers. The servers maintain a database of users
and policies that control access for multiple remote access servers.
AAA stands for authentication, authorization, and accounting. AAA is a generic term
that describes the functions performed by RADIUS and TACACS+ servers.
A public key infrastructure (PKI) is a system of certificate authorities that issues
certificates. 802.1x is an authentication mechanism for controlling port access.
EAP is an authentication protocol that enables the use of customized authentication
methods.

References

• 10.3.3 Remote Access Facts

q_remote_access_radius_tacacs_02_np6.question.fex

Question 6:
Correct
Which of the following are differences between RADIUS and TACACS+?
Answer

RADIUS encrypts the entire packet contents, while TACACS+ only encrypts the
password.
Correct Answer:
RADIUS combines authentication and authorization into a single function, while
TACACS+ allows these services to be split between different servers.

RADIUS uses TCP, while TACACS+ uses UDP.

RADIUS supports more protocols than TACACS+.

Explanation

TACACS+ provides three protocols (one each for authentication, authorization, and
accounting). This allows each service to be provided by a different server. In
addition, TACACS+:
• Uses TCP.
• Encrypts the entire packet contents.
• Supports more protocol suites than RADIUS.

References

• 10.3.3 Remote Access Facts

q_remote_access_radius_tacacs_np6.question.fex

Question 7:
Correct
Which of the following are characteristics of TACACS+? (Select two.)
Answer
Correct Answer:
Allows three different servers (one each for authentication, authorization, and
accounting).
Correct Answer:
Uses TCP.

Uses UDP.

Can be vulnerable to buffer overflow attacks.

Allows two different servers (one for authentication and authorization and another for
accounting).

Explanation

TACACS+ was originally developed by Cisco for centralized remote access

administration. TACACS+:
• Provides three protocols (one each for authentication, authorization, and
accounting). This allows each service to be provided by a different server.
• Uses TCP.
• Encrypts the entire packet contents.
• Supports more protocol suites than RADIUS.
RADIUS is used by Microsoft servers for centralized remote access administration.
RADIUS:
• Combines authentication and authorization using policies to grant access.
• Uses UDP.
• Encrypts only the password.
• Often uses vendor-specific extensions. RADIUS solutions from different
vendors might not be compatible.
• Uses UDP ports 1812 and 1813 and can be vulnerable to buffer overflow
attacks.

References
• 10.3.3 Remote Access Facts
q_remote_access_tacacs_01_np6.question.fex

Question 8:
Correct
Which of the following is a characteristic of TACACS+?
Answer
Correct Answer:
Encrypts the entire packet, not just authentication packets.

Requires that authentication and authorization are combined in a single server.

Uses UDP ports 1812 and 1813.

Supports only TCP/IP.

Explanation

TACACS+ was originally developed by Cisco for centralized remote access

administration. TACACS+:
• Provides three protocols (one each for authentication, authorization, and
accounting). This allows each service to be provided by a different server.
• Uses TCP port 49.
• Encrypts the entire packet contents, not just authentication packets.
• Supports more protocol suites than RADIUS.
RADIUS is used by Microsoft servers for centralized remote access administration.
RADIUS:
• Combines authentication and authorization using policies to grant access.
• Allows the separation of accounting to different servers. However,
authentication and authorization remain combined on a single server.
• Uses UDP ports 1812 and 1813.
• Uses a challenge/response method for authentication. RADIUS encrypts
only the password using MD5.

References

• 10.3.3 Remote Access Facts

q_remote_access_tacacs_02_np6.question.fex

Question 9:
Correct
Which of the following ports does TACACS use?
Answer

22
Correct Answer:
49

50 and 51

1812 and 1813

3389

Explanation

Terminal Access Controller Access Control System (TACACS) uses port 49 for TCP
and UDP.
Secure Shell (SSH) uses port 22.
IPsec uses protocol numbers 50 and 51.
Remote Authentication Dial-In User Service (RADIUS) uses ports 1812 and 1813.
Remote Desktop Protocol (RDP) uses port 3389.

References

• 10.3.3 Remote Access Facts

q_remote_access_tacacs_03_np6.question.fex

Question 10:
Correct
You often travel away from the office. While traveling, you would like to use a
modem on your laptop computer to connect directly to a server in your office to
access needed files.
You want the connection to be as secure as possible. Which type of connection do
you need?
Answer

Internet
Correct Answer:
Remote access

Virtual private network

Intranet

Explanation

Use a remote access connection to connect directly to a server at a remote location.

You could use a VPN connection through the internet to connect to the server
securely. However, the connection would involve connecting to the internet through a
local ISP and then establishing a VPN connection to the server. While the VPN
connection through the internet is secure, it is not as secure as a direct remote
connection to the server.
An intranet is an internal network that only internal users can access.

References

• 10.3.3 Remote Access Facts

q_remote_access_traveling_np6.question.fex
Which IPSec subprotocol provides data encryption?
Answer

SSL
Correct Answer:
ESP

AES

Explanation

Encapsulating Security Payload (ESP) protocol provides data encryption for IPSec
traffic.
Authentication Header (AH) provides message integrity through authentication,
verifying that data is received unaltered from the trusted destination. AH provides no
privacy and is often combined with ESP to achieve integrity and confidentiality.
Secure Sockets Layer (SSL) has long been used to secure traffic generated by IP
protocols such as HTTP, FTP, and email. SSL can also be used as a VPN solution,
typically in a remote access scenario.
Advanced Encryption Standard (AES) uses variable key length (128-, 192-, or 256-
bit keys) and is resistant to all known attacks. It is computationally more efficient than
3DES.

References

• 10.4.6 VPN Protocol Facts

q_vpn_protocols_esp_01_np6.question.fex

Question 2:
Correct
Which statement BEST describes IPsec when used in tunnel mode?
Answer

The identities of the communicating parties are not protected.

Packets are routed using the original headers, and only the payload is encrypted.
Correct Answer:
The entire data packet, including headers, is encapsulated.

IPsec in tunnel mode may not be used for WAN traffic.

Explanation
When using IPsec in tunnel mode, the entire data packet, including original headers,
is encapsulated. New encrypted packets are created with headers, indicating only
the endpoint addresses. Tunneling protects the identities of the communicating
parties and the original packet contents. Tunneling is frequently used to secure traffic
traveling across insecure public channels, such as the internet. IPsec in tunnel mode
is the most common configuration for gateway-to-gateway communications.
In transport mode, routing is performed using the original headers. Only the packet's
payload is encrypted. Transport mode is primarily used in direct host-to-host
communication outside of a dedicated IPsec gateway/firewall configuration.

References

• 10.4.6 VPN Protocol Facts

q_vpn_protocols_ipsec_np6.question.fex

Question 3:
Correct
Which of the following VPN protocols merged with the deprecated Point-to-Point
Tunneling Protocol (PPTP) to create L2TP?
Answer

IPsec

TLS
Correct Answer:
Layer 2 Forwarding

SSL

Explanation

Layer 2 Forwarding (L2F) is a VPN technology developed by Cisco that merged with
the deprecated Point-to-Point Tunneling Protocol (PPTP) to create L2TP.
Internet Protocol Security (IPsec) provides authentication and encryption and can be
used in conjunction with L2TP or by itself as a VPN solution. IPsec is still considered
very secure.
Secure Sockets Layer (SSL) has long been used to secure traffic generated by other
IP protocols, such as HTTP, FTP, and email. SSL can also be used as a VPN
solution, typically in a remote access scenario.
Transport Layer Security (TLS) works in a similar way to SSL, even though they are
not interoperable.

References

• 10.4.6 VPN Protocol Facts

q_vpn_protocols_pptp_np6.question.fex

Question 4:
Correct
A group of salesmen in your organization would like to access your private network
through the internet while they are traveling. You want to control access to the
private network through a single server.
Which solution should you implement?
Answer

IPS

IDS

DMZ

RADIUS
Correct Answer:
VPN concentrator

Explanation

If you are using a remote access VPN, a server on the edge of a network (called a
VPN concentrator) is configured to accept VPN connections from individual hosts.
Hosts that are allowed to connect using the VPN connection are granted access to
resources on the VPN server or the private network.
A screened subnet is a buffer network that sits between a private network and an
untrusted network (such as the internet). A RADIUS server is used to centralize
authentication, authorization, and accounting for multiple remote access servers.
However, clients still connect to individual remote access servers.
An intrusion detection system (IDS) is a special network device that can detect
attacks and suspicious activity. A passive IDS monitors, logs, and detects security
breaches, but it takes no action to stop or prevent the attack. An active IDS (also
called an intrusion protection system, or IPS) performs the functions of an IDS but
can also react when security breaches occur.

References

• 10.4.7 VPN Facts

q_vpn_concentrator_np6.question.fex

Question 5:
Correct
A salesperson in your organization spends most of her time traveling between
customer sites. After a customer visit, she must complete various managerial tasks,
such as updating your organization's order database.
Because she rarely comes back to the home office, she usually accesses the
network from her notebook computer using Wi-Fi access provided by hotels,
restaurants, and airports.
Many of these locations provide unencrypted public Wi-Fi access, and you are
concerned that sensitive data could be exposed. To remedy this situation, you
decide to configure her notebook to use a VPN when accessing the home network
over an open wireless connection.
Which key steps should you take when implementing this configuration? (Select
two.)
Answer
Correct Answer:
Configure the VPN connection to use IPsec.

Configure the VPN connection to use PPTP.

Configure the browser to send HTTPS requests directly to the Wi-Fi network without
going through the VPN connection.
Correct Answer:
Configure the browser to send HTTPS requests through the VPN connection.

Configure the VPN connection to use MS-CHAPv2.

Explanation

It is generally considered acceptable to use a VPN connection to securely transfer

data over an open Wi-Fi network. As long as strong tunneling ciphers and protocols
are used, the VPN provides sufficient encryption to secure the connection, even
though the wireless network itself is not encrypted. It is recommended that you use
IPsec or SSL to secure the VPN, as these protocols are relatively secure. You
should also configure the browser's HTTPS requests to go through the VPN
connection. To conserve VPN bandwidth and improve latency, many VPN solutions
automatically reroute web browsing traffic through the client's default network
connection instead of through the VPN tunnel. This behavior would result in
HTTP/HTTPS traffic being transmitted over the unsecure open wireless network
instead of though the secure VPN tunnel.
Avoid using PPTP with MS-CHAPv2 in a VPN over open wireless configurations, as
these protocols are no longer considered secure.

References

• 10.4.7 VPN Facts

q_vpn_configure_np6.question.fex
Question 6:
Correct
Which of the following can route Layer 3 protocols across an IP network?
Answer

SSL

IPsec
Correct Answer:
GRE

PPTP

Explanation

Generic Routing Encapsulation (GRE) is a tunneling protocol that creates a tunnel

between two routers. It does this by adding a GRE header and a new IP header to
the original packet.
IPsec, PPTP, and SSL are all authentication protocols that are used to secure
communications.

References

• 10.4.7 VPN Facts

q_vpn_gre_np6.question.fex

Question 7:
Correct
Which of the following Network layer protocols provides authentication and
encryption services for IP-based network traffic?
Answer

L2TP

TCP

SSL
Correct Answer:
IPsec

Explanation
IPsec is a security implementation that provides security for all other TCP/IP-based
protocols that operate above the Network layer. IPsec provides authentication
through a protocol called IPsec Authentication Header (AH) and encryption services
through a protocol called IPsec Encapsulating Security Payload (ESP)
Transmission Control Protocol (TCP) is a Transport layer connection-oriented
protocol that provides data transmission services. It is not a secure protocol and
relies on other measures, such as IPsec, to provide security.
Secure Sockets Layer (SSL) is an Application layer protocol that is designed to
secure network traffic from certain other protocols, such as HyperText Transfer
Protocol (HTTP) and Post Office Protocol version 3 (POP3). SSL does not provide
security for protocols lower in the TCP/IP protocol stack, such as TCP and UDP.
Layer 2 Tunneling Protocol (L2TP) is a protocol used to encapsulate Point-to-Point
Protocol (PPP) traffic.

References

• 10.4.7 VPN Facts

q_vpn_ipsec_02_np6.question.fex

Question 8:
Correct
Which of the following purposes is a VPN primarily used for?
Answer
Correct Answer:
Support secured communications over an untrusted network.

Allow remote systems to save on long-distance charges.

Support the distribution of public web documents.

Allow the use of network-attached printers.

Explanation

A VPN (virtual private network) is used primarily to support secured communications

over an untrusted network. A VPN can be used over a local area network, across a
WAN connection, over the internet, and even between a client and server on a dial-
up internet connection. All of the other items listed in this question are benefits or
capabilities that are secondary to this primary purpose.

References

• 10.4.7 VPN Facts

q_vpn_purpose_np6.question.fex

Question 9:
Correct
Which VPN tunnel style routes only certain types of traffic?
Answer

Host-to-host

Site-to-site
Correct Answer:
Split

Full

Explanation

A VPN split tunnel routes only certain types of traffic, usually determined by
destination IP address, through the VPN tunnel. All other traffic is passed through
the normal internet connection.
A full VPN tunnel routes all of a user's network traffic through the VPN tunnel. This
can sometimes send unnecessary traffic.
A site-to-site VPN is a VPN implementation that uses routers on the edge of each
site.
A host-to-host VPN implementation allows an individual host connected to the
internet to establish a VPN connection to another host on the internet.

References

• 10.4.7 VPN Facts

q_vpn_split_np6.question.fex

Question 10:
Correct
Which of the following statements about an SSL VPN are true? (Select two.)
Answer

Encapsulates packets by adding a GRE header.

Correct Answer:
Encrypts the entire communication session.

Uses UDP port 500.

Correct Answer:
Uses port 443.

Uses pre-shared keys for authentication.

Provides message integrity using HMAC.

Explanation

An SSL VPN uses SSL (Secure Sockets Layer) to secure communications. An SSL
VPN:
• Authenticates the server to the client using public key cryptography and
digital certificates.
• Encrypts the entire communication session.
• Uses port 443, which is already open on most firewalls.
IPsec uses pre-shared keys to provide authentication to other protocols. It also uses
HMAC (Hash-Based Message Authentication Code) to provide message integrity
checks.
The GRE tunneling protocol exclusively uses GRE (General Routing Encapsulation)
headers.
Layer 2 Tunneling Protocol (L2TP) uses port 500.

References

• 10.4.7 VPN Facts

q_vpn_ssl_np6.question.fex
What is the definition of bandwidth?
Answer

The calculation of how often bits are damaged in transit due to electromagnetic
interference.

The condition that occurs when a system is unable to keep up with the demands
placed on it.

The speed at which packets travel from source to destination and back.
Correct Answer:
The amount of data that can be transferred from one place to another in a specific
amount of time.

Explanation

Bandwidth is the amount of data that can be transferred from one place to another in
a specific amount of time.
Latency is the speed at which packets travel from source to destination and back.
Error rate is the calculation of how often bits are damaged in transit due to
electromagnetic interference (or other interference).
A bottleneck is the condition that occurs when a system is unable to keep up with the
demands placed on it.

References

• 11.1.2 Performance Metrics

q_performance_metrics_bandwidth_np6.question.fex

Question 2:
Correct
Which of the following is a best practice when establishing a baseline?
Answer

Establish baselines using only specialized tools.

Correct Answer:
Determine baselines over time by analyzing network traffic.

Establish baselines only during the busiest times of the day.

Establish baselines within a network or device's first week of installation.

Explanation
You should determine your baselines by analyzing network traffic. To get a true
picture of your network's activity, you want to collect data over a period of time. You
should monitor different times of day and different times of year (especially if your
organization has notoriously busy or slow periods). You can create baselines
manually, however, there are also tools you can purchase to collect more information
and to possibly create more accurate baselines, if you so choose.

References

•
11.1.2 Performance Metrics
•
11.4.1 Network Monitoring
•
11.4.4 Use Wireshark to Sniff Traffic
•
11.4.5 Monitor Utilization
•
11.4.6 Monitor Interface Statistics
•
11.4.9 Network Monitoring Facts
q_performance_metrics_baseline_np6.question.fex

Question 3:
Correct
Which of the following is the term for when a system is unable to keep up with the
demands placed on it?
Answer

Hard fault

Jitter

Latency
Correct Answer:
Bottleneck

Explanation

A bottleneck occurs when a system is unable to keep up with the demands placed
on it.
Latency, jitters, and hard faults are related to network and device metrics. They do
not occur when a system can't keep up with the demands placed on it.

References

•
11.1.2 Performance Metrics
q_performance_metrics_bottleneck_np6.question.fex

Question 4:
Correct
Which of the following is the term for a calculation of how often bits are damaged in
transit due to electromagnetic interference?
Answer

Bandwidth

Bottleneck

Latency
Correct Answer:
Error rate

Explanation

Error rate is a calculation of how often bits are damaged in transit due to
electromagnetic interference (or other interference).
Latency is the speed at which data packets travel from source to destination and
back.
A bottleneck is the condition that occurs when a system is unable to keep up with the
demands placed on it.
Bandwidth is the amount of data that could be transferred from one place to another
in a specific amount of time.

References

• 11.1.2 Performance Metrics

q_performance_metrics_error_np6.question.fex

Question 5:
Correct
When packets arrive at their destination at different speeds, they sometimes arrive
out of order. What does this cause?
Answer

Dropped packets

Latency

Error rates
Correct Answer:
Jitter

Explanation
When packets arrive at their destination at different speeds, they sometimes arrive
out of order. This causes what's known as jitter.
Latency, dropped packets, and error rates are not caused by out-of-order packets.

References

• 11.1.2 Performance Metrics

q_performance_metrics_jitter_np6.question.fex

Question 6:
Correct
What is the definition of latency?
Answer
Correct Answer:
The speed at which data packets travel from source to destination and back.

The percentage of time that a disk subsystem reads from and writes to a disk.

The percentage of available bandwidth being used.

• 11.1.2 Performance Metrics

q_performance_metrics_processor_01_np6.question.fex

Question 9:
Correct
Which of the following could be to blame if your computer is regularly crashing or
restarting?
Answer

You're dropping packets.

Correct Answer:
The processor is too hot.

You don't have enough memory.

You've run out of bandwidth.

Explanation

An overheated CPU can result in crashing or constant restarts and shutdowns.

Insufficient memory, low bandwidth, or dropped packets can cause delays, but these
do not usually result in crashes and restarts.

References

• 11.1.2 Performance Metrics

q_performance_metrics_processor_02_np6.question.fex

Question 10:
Correct
Where can you check your CPU's temperature?
Answer

Task Manager
Correct Answer:
BIOS
Performance Manager

Device Manager

Explanation

You can check your CPU's temperature in the system BIOS, or you can use third-
party software to monitor and alert you to any extreme temperature spikes.
Although they're useful performance tools, Task Manager, Performance Manager,
and Device Manager can't be used to check your CPU's temperature.

References

• 11.1.2 Performance Metrics

q_performance_metrics_temp_np6.question.fex
Which of the following does an agent send to the manager to confirm the receipt of a
transmission?
Answer

GET
Correct Answer:
Inform

Walk

Alert

Explanation

Informs are sent to the manager to confirm the receipt of a transmission.

Alerts, walk, and GET are all SNMP components, but these are not sent to the
manager to confirm the receipt of a transmission.

References

• 11.2.5 SNMP Facts

q_snmp_inform_np6.question.fex

Question 2:
Correct
What is the name of the computer that queries agents and gathers responses by
sending messages?
Answer

Trap

Agent

MIB
Correct Answer:
Manager

Explanation

The manager queries agents and gathers responses by sending messages.

A trap, MIB (Management Information Base), and agent are all SNMP components.
However, they do not query agents.

References
•11.2.5 SNMP Facts
q_snmp_manager_np6.question.fex

Question 3:
Correct
Because of an unexplained slowdown on your network, you decide to install
monitoring software on several key network hosts to locate the problem. You will
then collect and analyze the data from a central network host.
Which protocol will the software use to detect the problem?
Answer
Correct Answer:
SNMP

•11.2.5 SNMP Facts

q_snmp_string_02_np6.question.fex

Question 6:
Correct
Which protocol uses traps to send notifications from network devices?
Answer

IGMP

ICMP

SMTP
Correct Answer:
SNMP

Explanation

Simple Network Management Protocol (SNMP) lets network hosts exchange

configuration and status information. This information can be gathered by
management software and used to monitor and manage the network. A trap is an
event configured on an agent. When the event occurs, the agent logs details
regarding the event.
SMTP (Simple Mail Transfer Protocol) is used for sending email.
ICMP (Internet Control Message Protocol) is an echo/response protocol that's used
for exchanging simple requests between devices. ICMP does not use traps.
IGMP (Internet Group Management Protocol) is used to send packets to hosts that
are members of a group.

References

• 11.2.5 SNMP Facts

q_snmp_traps_01_np6.question.fex

Question 7:
Correct
When an event occurs, the agent logs details regarding the event. What is this event
called?
Answer
Correct Answer:
Trap

GET

OID

MIB
Explanation

A trap is an event configured on an agent. When the event occurs, the agent logs
details regarding the event.
GET, OIDs, and MIB are SNMP components, but they are not events.

References

• 11.2.5 SNMP Facts

q_snmp_traps_02_np6.question.fex

Question 8:
Correct
You have been using SNMP on your network for monitoring and management, but
you're concerned about the security of this configuration. What should you do to
increase security in this situation?
Answer

Combine SNMP with SSL

Correct Answer:
Implement version 3 of SNMP

Use SSH instead of SNMP

Implement a RADIUS solution

Explanation

Simple Network Management Protocol (SNMP) is a protocol designed for managing

complex networks. SNMP lets network hosts exchange configuration and status
information. The original version of SNMP has several vulnerabilities. For added
security, implement version 3.
SSH (Secure Shell) allows secure interactive control of remote systems but does not
provide the same features as SNMP.
RADIUS controls remote access authentication, authorization, and accounting from a
centralized server.

References

• 11.2.5 SNMP Facts

q_snmp_version3_01_np6.question.fex

Question 9:
Correct
Which of the following improvements to SNMP are included in version 3? (Select
two.)
Answer

Ports 161 and 162 usage

SNMP data transfer through SFTP

Question 3:
Correct
You suspect that a bad video driver is causing a user's system to randomly crash
and reboot. Where would you go to identify and confirm your suspicions?
Answer

Application logs

SIP logs

Syslog
Correct Answer:
Dump files

Explanation

You would choose dump files. Dump files are created when an application, OS, or
other computer function stops abruptly. These files help IT admins perform root
cause analysis and can also give clues as to the crash's origin. This could be
something as commonplace as a bad driver or hardware component. Unfortunately,
though, it may prove to be the result of a malicious act.
Syslog is a protocol that defines how log messages are sent from one device to a
logging server on an IP network. The sending device sends a small text message to
the Syslog receiver (the logging server).
App logs show application access, crashes, updates, and any other relevant
information that could be valuable in doing root cause analysis.
Session Information Protocol (SIP) logs contain key information about where a
phone call was initiated and what the communication's intent was.

References
•11.3.5 Log File Management Facts
q_log_management_dump_np6.question.fex

Question 4:
Correct
Which Syslog severity level indicates a debugging message?
Answer
Correct Answer:
Level 7

Level 3

Level 1

Level 5

Explanation

Level 7 indicates a debugging message.

Level 5 indicates a notification of a normal but significant condition.
Level 3 indicates a non-urgent error that should be addressed when possible.
Level 1 is an alert that indicates the system has encountered serious errors and that
you should take action immediately.

References

• 11.3.5 Log File Management Facts

q_log_management_level_01_np6.question.fex

Question 5:
Correct
Which Syslog level indicates an emergency that could severely impact the system
and cause it to become unusable?
Answer

Level 4

Level 6

Level 2
Correct Answer:
Level 0

Explanation
Level 0 indicates an emergency that could severely impact the system and cause it
to become unusable.
Level 2 indicates a serious errors in secondary subsystem that should be addressed
immediately.
<="" away.="" right="" addressed="" be="" should="" that="" condition="" critical=""
a="" indicates="" 2="" style="margin: 0px;">
Level 4 indicates a warning that could eventually become a problem if not
addressed.
Level 6 indicates an informational message.

References

•11.3.5 Log File Management Facts

q_log_management_level_02_np6.question.fex

Question 6:
Correct
Which of the following is a standard for sending log messages to a central logging
server?
Answer

LC4

Nmap

OVAL
Correct Answer:
Syslog

Explanation

Syslog is a protocol that defines how log messages are sent from one device to a
logging server on an IP network. The sending device sends a small text message to
the Syslog receiver (the logging server).
The Open Vulnerability and Assessment Language (OVAL) is an international
standard for testing, analyzing, and reporting a system's security vulnerabilities.
LC4 (previously called LOphtcrack) is a password cracking tool.
Nmap is a network mapping tool that performs ping and port scans.

References

•11.3.5 Log File Management Facts

q_log_management_syslogs_01_np6.question.fex

Question 7:
Correct
You are concerned that an attacker can gain access to your web server, make
modifications to the system, and alter the log files to hide his or her actions. Which of
the following actions would BEST protect the log files?
Answer

Configure permissions on the log files to prevent access.

Encrypt the log files.

Take a hash of the log files.

Correct Answer:
Use Syslog to send log entries to another server.

Explanation

The best protection is to save log files to a remote server. In this way, system
compromise does not provide access to that system's log files.
Configuring permissions on the log files would allow access for only specified user
accounts. However, if an attacker has gained access to the system, he or she might
also have access to the user accounts that've been given access to the log files.
Encrypting the log files protects the contents from being read, but this does not
prevent the files from being deleted.
Hashing the log files ensures their integrity and that they have not been altered since
they were created.

References

• 11.3.5 Log File Management Facts

q_log_management_syslogs_02_np6.question.fex

Question 8:
Correct
You are the network administrator for a growing business. When you were hired, the
organization was small, and only a single switch and router were required to support
your users. During this time, you monitored log messages from your router and
switch directly from each device's console.
The organization has grown considerably in recent months. Now you manage eight
individual switches and three routers. It's becoming more and more difficult to
monitor these devices and stay on top of issues in a timely manner.
What should you do?
Answer

Hire additional resources to help monitor and manage your network infrastructure.
Use a remote access utility, such as SSH, to access router and switch consoles
remotely.
Correct Answer:
Use Syslog to implement centralized logging.

Consolidate network resources down to one or two switches.

Explanation

In this scenario, a cost-effective option would be to implement centralized logging

with Syslog. By default, routers and switches send all log messages regardless of
severity level directly to the console. If a network contains a small number of
devices, this default configuration is usually manageable. However, on a growing
network, it quickly becomes impractical to visit each device to view log messages.
Instead, you can configure your network devices to redirect logging to a Syslog
server somewhere on the network. By doing this, you can view all the log messages
from all the devices from a single location.
Reducing the number of switches on a growing network is generally not advisable.
Using a remote access utility can help alleviate the issue to an extent. However, you
still have to manually connect to and monitor each individual system.
If the network continues to grow, this option will quickly become unviable. It's not
necessary to hire additional administrators in this scenario.

References

•11.4.2 Protocol Analyzers
•11.4.6 Monitor Interface Statistics
•11.4.7 Configure Netflow on pfSense
•11.4.9 Network Monitoring Facts
q_network_monitoring_analyzer_01_np6.question.fex

Question 2:
Correct
Which of the following conditions can low humidity result in?
Answer

Condensation
Cold air

Warm air
Correct Answer:
Electrostatic discharge

Explanation

Low humidity can result in electrostatic discharge.

High humidity can result in condensation.
In summer, the air is warmer and can hold more moisture. This makes it more
humid. In the winter, the air is cooler and holds less moisture.

References

•
11.4.9 Network Monitoring Facts
q_network_monitoring_electrostatic_np6.question.fex

Question 3:
Correct
You are using a protocol analyzer to capture network traffic. You want to only
capture the frames coming from a specific IP address.
Which of the following can you use to simplify this process?
Answer

Display filters

NIC
Correct Answer:
Capture filters

Switch

Explanation

A capture filter records only the frames that the filter identified. Frames that don't
match the filter criteria aren't captured.
A switch connects multiple computers together in a network. It's not used to capture
specific frames.
A network interface card (NIC) is used to transmit and receive frames addressed to
it. It's not used to capture specific frames.
A display filter shows only the frames that match the filter criteria. Frames that don't
match the filter criteria are still captured but not shown.
References

• 11.4.1 Network Monitoring

• 11.4.2 Protocol Analyzers
• 11.4.6 Monitor Interface Statistics
• 11.4.7 Configure Netflow on pfSense
• 11.4.9 Network Monitoring Facts
q_network_monitoring_filter_np6.question.fex

Question 4:
Correct
Most equipment is cooled by bringing cold air in the front and ducting the heat out
the back. What is the term for where heat is sent?
Answer

Front aisle

Cold aisle
Correct Answer:
Hot aisle

Back aisle

A blackout is generally a longer power outage. The rest of the events are relatively
short durations of less than a few seconds.

References

• 11.4.11 Environmental Monitoring Facts

q_environment_monitoring_blackout_np6.question.fex

Question 8:
Correct
You maintain the network for an industrial manufacturing company. A short-circuit of
a switch in the server room starts an electrical fire.
Which of the following should you use to suppress the fire?
Answer

Water or soda acid

Dry powders
Correct Answer:
Halon or CO2

CO2 or FM200

Explanation

For energized electrical equipment (such as electrical equipment, switches, and

wires), you should use Halon or CO2 to suppress the fire.
For ordinary combustible materials (wood, paper, cloth, plastics, etc.), you should
use water or soda acid to suppress the fire.
For flammable and combustible liquids (petroleum, oil, solvent, alcohol, etc.), you
should use CO2 or FM200 to suppress the fire.
For metal fires (magnesium, titanium, potassium, sodium, etc.), you should use dry
powders to suppress the fire.

References
• 11.4.11 Environmental Monitoring Facts
q_environment_monitoring_positive_np6.question.fex

Question 9:
Correct
Your 24U rack currently houses two 4U server systems. To prevent overheating,
you've installed a rack-mounted environmental monitoring device within the rack.
Currently, the device shows that the temperature within the rack is 70 degrees
Fahrenheit (21 degrees Celsius).
What should you do?
Answer
Correct Answer:
Nothing, the temperature within the rack is within acceptable limits.

Install a humidifier to increase the humidity within the server room.

Install an additional air conditioning unit for the server room.

Reorient the cold aisle within the server room so that it is directed toward the air
conditioner's return duct.

Explanation

The ideal temperature for computing equipment is around 68 degrees Fahrenheit (20
degrees Celsius). Therefore, a reading of 70 degrees Fahrenheit (21 degrees
Celsius) within a server rack is not an issue of concern.
Under the current environmental conditions, installing an additional air conditioning
unit isn't necessary and would be very expensive.
Installing a humidifier in the server room would have no effect on the temperature
within the room and is not warranted given the scenario.
Reorienting the cold aisle within the server room so that it's directed toward the air
conditioner's return duct would likely cause the temperature within the server room to
increase.

References

• 11.4.11 Environmental Monitoring Facts

q_environment_monitoring_temp_01_np6.question.fex

Question 10:
Correct
Which of the following ensures that power is supplied to a server or device during
short power outages?
Answer
Line conditioner
Correct Answer:
Uninterruptible power supply

Backup generator

Surge protector

Explanation

An uninterruptible power supply (UPS) provides continuous power using batteries for
a short period of time. Often, it is paired with a backup generator that can provide
power over a longer time period.
Although a UPS often contains both surge protection and line conditioning, neither
can maintain power during an outage.

References

• 11.4.11 Environmental Monitoring Facts

q_environment_monitoring_ups_01_np6.question.fex
In business continuity planning, what is the primary focus of the scope?
Answer

Company assets

Recovery time objective

Correct Answer:
Business processes

Human life and safety

Explanation

Business processes are the primary focus of the scope within business continuity
planning (BCP).
Company assets are the focus of risk assessment for security policy development,
not BCP.
Human life and safety are considerations for emergency response, not BCP.
Recovery time objective is a consideration of emergency response development, not
BCP.

References

• 11.5.2 Plans and Procedure Facts

q_plan_procedures_business_01_np6.question.fex

Question 2:
Correct
You plan to implement a new security device on your network. Which of the following
policies outlines the process you should follow before you implement that device?
Answer

Service Level Agreement

Correct Answer:
Change Management

Acceptable Use

Resource Allocation

Explanation

A Change Management Policy provides a structured approach to secure company

assets and make changes to those assets. This type of policy:
• Establishes hardware, software, and infrastructure configurations that are
to be deployed universally throughout the corporation.
• Tracks and documents significant changes to the infrastructure.
• Assesses the risk of implementing new processes, hardware, or software.
• Ensures that proper testing and approval processes are followed before
changes are allowed.
An Acceptable Use Policy (AUP) identifies the employees' rights to use company
property, such as internet access and computer equipment, for personal use.
A Resource Allocation Policy outlines how resources are allocated. Resources could
include staffing, technology, or budgets.
Service Level Agreements (SLAs), sometimes called maintenance contracts,
guarantee a network client a certain quality of service from the provider.

References

• 11.5.2 Plans and Procedure Facts

q_plan_procedures_change_01_np6.question.fex

Question 3:
Correct
Which of the following pieces of information are you MOST likely to find in a policy
document?
Answer
Correct Answer:
A requirement for using encrypted communications for web transactions

Steps for completing and validating nightly backups

The IP address assigned to a router interface

Average performance statistics for a router

Explanation

A policy is a document that describes the overall goals and requirements for a
network. A policy identifies what should be done, but it doesn't necessarily define
how the goal is to be reached. In this question, a policy might contain a requirement
that encrypted communications are required for web transactions. The policy does
not state the method that will be deployed, just that encryption is a requirement.
The type of encryption to be used, along with the process for implementing it, would
be included in a procedure document. A procedure is a step-by-step process
outlining how to implement a specific action. As another example, a procedure
document might include steps for completing and validating nightly backups.
You might find the IP address for a device's interface in the configuration
documentation or a network diagram. A baseline is a snapshot of the performance
statistics for your network and devices. A baseline would include a router's average
performance information.

References

• 11.5.2 Plans and Procedure Facts

q_plan_procedures_policy_01_np6.question.fex

Question 4:
Correct
Which of the following information are you MOST likely to find in a procedure
document?
Answer

A record of the repairs made to a specific device

Correct Answer:
Details on how to test and deploy patches

An inventory of the hardware components inside a specific device

The relationship of routers to other routers on the network

Explanation

A procedure is a step-by-step process outlining how to implement a specific action.

For example, you might have a procedure document that identifies how patches are
tested and applied within your network.
Change, or history, documentation keeps track of changes to device or network
configuration. For example, you might record a change in a network interface card or
to a WAN link.
Configuration documentation identifies specific configuration information for a device.
For example, the document might identify the hardware components within a device.
A network diagram shows the logical and/or physical layout of your network. The
network diagram could be a collection of diagrams showing the location and IP
addresses of hubs, switches, routers, and firewalls.

References

• 11.5.2 Plans and Procedure Facts

q_plan_procedures_procedure_np6.question.fex

Question 5:
Correct
Which of the following is a contract in which both parties agree not to share
proprietary or confidential information gathered during the business relationship?
Answer
Correct Answer:
Non-Disclosure Agreement

Non-Compete Agreement

Service Level Agreement

Memorandum of Understanding

Explanation

A Non-Disclosure Agreement (NDA) is a contract in which both parties agree not to

share proprietary or confidential information gathered during the business
relationship.
A Non-Compete Agreement, a Service Level Agreement, and a Memorandum of
Understanding are initiated at the start of a third-party relationship, but they do not
address the sharing of confidential information.

References

• 11.5.5 Documentation and Agreements

• 11.5.6 Documentation and Agreements Facts
q_security_policy_non_disclosure_np6.question.fex

Question 6:
Correct
Which of the following defines an Acceptable Use Agreement?
Answer
Correct Answer:
An agreement that identifies the employees' rights to use company property, such as
internet access and computer equipment, for personal use.

An agreement that outlines the organization's monitoring activities.

A legal contract between the organization and the employee that specifies that the
employee is not to disclose the organization's confidential information.

An agreement that prohibits an employee from working for a competing organization

for a specified time after the employee leaves the organization.

Explanation

An Acceptable Use Agreement identifies the employees' rights to use company

property, such as internet access and computer equipment, for personal use.
A Non-Compete Agreement prohibits an employee from working for a competing
organization for a specified time after the employee leaves the organization.
An Employee Monitoring Agreement outlines the organization's monitoring activities.
A Non-Disclosure Agreement (NDA) is a legal contract between the organization and
the employee that specifies that the employee is not to disclose the organization's
confidential information.

References

• 11.5.6 Documentation and Agreements Facts

q_docs_agreements_aup_np6.question_xml.question.fex

Question 7:
Correct
You want to make sure that the correct ports on a firewall are open or closed. Which
document should you check?
Answer
Correct Answer:
Baseline configurations

Intermediate distribution frame

Wireless site survey

Wiring schematic

Explanation

Baseline configuration documentation identifies specific configuration information for

a device. For example, a configuration document for a firewall might include
information about the IP addresses assigned to each interface and open firewall
ports.
A wiring diagram is a type of network diagram that focuses on the physical
connections between devices.
A site survey ensures that a wireless network performs as desired.
A traditional intermediate distribution frame is a smaller wiring distribution frame or
rack within a building.

References

• 11.5.6 Documentation and Agreements Facts

q_docs_agreements_baseline_01_np6.question_xml.question.fex

Question 8:
Correct
Which of the following provides a layout of all electrical, plumbing, HVAC, and
networking wiring and components?
Answer

Network diagram

Wiring diagram

Rack diagram
Correct Answer:
Floor plan

Explanation

A floor plan provides a layout of all electrical, plumbing, HVAC, and networking
wiring and components.
A rack diagram, network diagram, and wiring diagram provide layouts for networking
infrastructure, but they do not include electrical, plumbing, and HVAC information.

References

• 11.5.6 Documentation and Agreements Facts

q_docs_agreements_floor_plan_np6.question_xml.question.fex

Question 9:
Correct
Which of the following provides information on the subnets within your network,
including the subnet addresses and the routers connecting each subnet?
Answer

Floor plan
Correct Answer:
Network diagram

Wiring diagram

Rack diagram

Explanation

A network diagram includes a layout of the subnets within your network, including
the subnet addresses and the routers connecting each subnet.
A wiring diagram, rack diagram, and floor plan provide information about your
physical network, but they do not include subnet information.
References

• 11.5.6 Documentation and Agreements Facts

q_docs_agreements_network_02_np6.question_xml.question.fex

Question 10:
Correct
Which type of documentation would you consult to find the location of RJ45 wall
jacks and their endpoints in the intermediate distribution closet?
Answer

Baseline
Correct Answer:
Wiring schematic

Procedure

Policy

Explanation

A wiring schematic is a type of network diagram that focuses on the physical

connections between devices. The wiring diagram typically shows:
•The location of drop cables and ports within offices or cubicles.
•The path that wires take between wiring closets and offices.
•A labeling scheme that matches endpoints in offices and cubicles with
specific switch ports or punch down block locations.
A baseline is a record that shows normal network statistics.
A policy is a document that describes the overall goals and requirements for a
network. A policy identifies what should be done, but it doesn't necessarily define
how the goal is to be reached.
A procedure is a step-by-step process outlining how to implement a specific action. A
procedure is guided by goals defined in the policy but goes beyond it by identifying
specific steps that are to be implemented.

References

•
3.6.8 Data Center Device Installation
•
3.6.9 Data Center Device Installation Facts
•
11.5.5 Documentation and Agreements
•
11.5.6 Documentation and Agreements Facts
q_docs_agreements_wiring_01_np6.question_xml.question.fex
You manage your company's website, which uses a cluster of two servers with a
single shared storage device. The shared storage device uses a RAID 1
configuration. Each server has a single connection to the shared storage and a
single connection to your ISP.
You want to provide redundancy so that a failure on a single component doesn't
cause the website to become unavailable. What should you add to your configuration
to accomplish this?
Answer

On each server, add a second network connection to connect the server to the
shared storage device.
Correct Answer:
Connect one server to the internet through a different ISP.

On each server, add a second network connection to the internet.

Reconfigure the disk array in a RAID 1+0 configuration.

Explanation

In this scenario, the ISP is the single point of failure. If the ISP connection goes
down, the website will be unavailable. Connecting one server to a different ISP or
both servers to two ISPs provides redundancy for the connection.
Adding multiple network connections to the shared storage or the same ISP is
unnecessary because if the single network connection on one server fails, the other
server will still be available. Reconfiguring the storage as a RAID 1+0 allows multiple
disk failures, but RAID 1 can sustain a failure on a single disk.

References

• 11.6.3 Redundancy and High Availability Facts

q_redundancy_avail_ips_np6.question.fex

Question 2:
Correct
Why should you store backup media off site?
Answer

To make the restoration process more efficient

To reduce the possibility of theft

Correct Answer:
To prevent the same disaster from affecting both the network and the backup media
To comply with government regulations

Explanation

Backup media should be stored off site to prevent the same disaster from affecting
the network and the backup media. If your primary facility is destroyed, your only
hope of recovery is off site data storage.
Off site storage does not significantly reduce the possibility of media theft because it
can be stolen while in transit or at your storage location.
Off site storage is not a government regulation.
Off site storage does not make the restoration process more efficient because
additional time is spent retrieving backup media from the offsite storage location.

References

• 11.6.3 Redundancy and High Availability Facts

q_redundancy_avail_offsite_np6.question.fex

Question 3:
Correct
In addition to performing regular backups, what must you do to protect your system
from data loss?
Answer
Correct Answer:
Regularly test restoration procedures.

Write-protect all backup media.

Restrict restoration privileges to system administrators.

Store the backup media in an on-site fireproof vault.

Explanation

The only way to ensure that you have protection against data loss is to regularly test
your restoration procedures. This activity reveals whether or not your backup
process functions properly and your restoration and recovery procedures are
accurate.
It's a good idea to store backup media in a fireproof vault, but it's a better idea to
store it off site.
You should restrict restoration privileges to trusted staff to prevent confidentiality
violations. However, this does not address the issue of data loss protection.
Write-protecting backup media provides little real security for the stored data
because anyone can flip the switch on the media to remove the protection.
References

• 11.6.3 Redundancy and High Availability Facts

q_redundancy_avail_restore_np6.question.fex

Question 4:
Correct
You have purchased a solar backup power device to provide temporary electrical
power to critical systems in your data center should the power provided by the
electrical utility company go out. The solar panel array captures sunlight, converts it
into direct current (DC), and stores it in large batteries.
The power supplies on the servers, switches, and routers in your data center require
alternating current (AC) to operate.
Which electrical device should you implement to convert the DC power stored in the
batteries into AC power that can be used in the data center?
Answer
Correct Answer:
Inverter

Capacitor

Transformer

Transistor

Explanation

A power inverter changes direct current (DC) power to alternating current (AC)
power. In this scenario, you can use a power inverter to convert the DC power stored
in the batteries to AC power that your servers, switches, and routers can use in an
emergency.
A transformer is typically used to increase or decrease AC power voltage.
A capacitor temporarily stores an electrical charge. Capacitors are used with the
chips on a computer memory module that store data.
A transistor is used to amplify and switch electrical signals.

References

• 11.6.5 Power Management Facts

q_pwr_prot_inverter_np6.question.fex

Question 5:
Correct
Which of the following is the least effective power loss protection for computer
systems?
Answer

Backup power generator

Secondary power source

Correct Answer:
Surge protector

Uninterruptible power supply

Explanation

A surge protector provides no power loss protection.

A UPS, a secondary power source, and a backup power generator all provide
reasonable protection from power loss.

References

• 11.6.5 Power Management Facts

q_pwr_prot_surge_np6.question.fex

Question 6:
Correct
You are adding a new rack to your data center, which will house two new blade
servers and a new switch. The new servers will be used for virtualization.
The only space you have available in the data center is on the opposite side of the
room from your existing rack, which already houses several servers, a switch, and a
router. You plan to configure a trunk port on each switch and connect them with a
straight-through UTP cable that will run across the floor of the data center.
To protect equipment from power failures, you also plan to install a UPS on the rack
along with redundant power supplies for the server.
Will this configuration work?
Answer

No, you must use a cross-over cable to connect the two switches together.

Yes, this configuration complies with data center best practices.

Correct Answer:
No, you should not run a cable across the data center floor.

No, you must implement the UPS and power supplies on the rack externally.

No, you should not use blade servers for virtualization.

Explanation

In this scenario, running a cable across the data center floor represents a tripping
hazard. It also represents a point of failure, as the cable will be walked on constantly,
resulting in it being kicked out of one or both jacks. It will also likely fail prematurely
due to the excessive wear. A better option would be to run the cable through the
ceiling plenum.
Blade servers work well for virtualization as long as they meet the system
requirements for the hypervisor software. In the early days of networking, crossover
cables were required to uplink two hubs or switches together. However, most
modern switches implement auto-MDIX, which detects whether crossover is required
and automatically configures the interface for you, making a crossover cable
unnecessary. Rack-mounted power supplies and UPS devices are commonly used
in data centers.

References

• 11.6.5 Power Management Facts

q_pwr_prot_ups_01_np6.question.fex

Question 7:
Correct
You are adding a new rack to your data center, which will house two new blade
servers and a new switch. The new servers will be used for file storage and a
database server.
The only space you have available in the data center is on the opposite side of the
room from your existing rack, which already houses several servers, a switch, and a
router. You plan to configure a trunk port on each switch and connect them with a
crossover UTP plenum cable that will run through the suspended tile ceiling in the
data center.
To provide power for the new devices, you had an electrician install several new 20-
amp wall outlets near the new rack. Each device on the rack will be plugged directly
into one of these new wall outlets.
What is wrong with this configuration? (Select two.)
Answer
Correct Answer:
You should implement redundant power supplies for the network devices.
Correct Answer:
You should implement a UPS between the wall outlet and the network devices.

You should not connect networking equipment to a 20-amp wall circuit.

You must use a straight-through cable to connect the two switches together.

You should not run a plenum cable through a suspended tile ceiling.
Explanation

In this scenario, all the devices on the new rack will go down if the power from the
wall outlet fails for some reason (such as a power outage). To prevent this from
happening, you should implement a UPS between the wall outlets and the network
devices. In addition, the power supplies used by computing equipment have finite life
spans and fail frequently. Because these are mission-critical devices, you should
consider implementing redundant power supplies.
Plenum network cabling is specifically designed to run through a suspended tile
ceiling. The space between the suspended tile and the physical ceiling is called a
ceiling plenum.
In the early days of networking, crossover cables were required to uplink two hubs or
switches together. However, most modern switches implement auto-MDIX, which
detects whether crossover is required and automatically configures the interface,
allowing you to use either a crossover or straight-through cable. Using a 20-amp
circuit for networking equipment is considered a data center best practice.
Connecting too many devices to a standard 15-amp wall circuit can overload it and
trip its breaker.

References

• 11.6.5 Power Management Facts

q_pwr_prot_ups_02_np6.question.fex

Question 8:
Correct
Which of the following devices accepts incoming client requests and distributes
those requests to specific servers?
Answer
Correct Answer:
Load balancer

CSU/DSU

Media converter

Caching engine

Explanation

A load balancer is a device that accepts incoming client requests and distributes
those requests to multiple servers. One goal of load balancing is to distribute client
requests evenly between multiple servers to improve performance.
A CSU/DSU (Channel Service Unit/Data Service Unit) is a device that converts the
signal received from the WAN provider into a signal that can be used by equipment
at the customer site. An intrusion prevention system (IPS) can detect and respond to
security events.
A caching engine saves copies of frequently used content, eliminating the need to
download the content each time it's requested.
A media converter converts signals used on one media type (such as twisted-pair
Ethernet) to another media type (such as fiber optic).

References

• 11.6.3 Redundancy and High Availability Facts

• 11.6.11 NIC Teaming Facts
• 11.6.12 Configure a Load Balancing Server
q_nic_teaming_balancer_np6.question.fex

Question 9:
Correct
What is the purpose of using Ethernet bonding? (Select two.)
Answer
Correct Answer:
Provides a failover solution for network adapters

Increases read and write operations between the system bus and network adapters

Provides increased bus speeds

Correct Answer:
Increases network performance

Enables dual remote access (DRA) over a WAN link

Explanation

For a true fault-tolerant strategy, you must consider all system components. Ethernet
bonding (also called adapter teaming) is a fault-tolerant strategy that uses multiple
network adapters configured on a failover solution. In the event of a NIC failure,
other adapters automatically provide link redundancy. Multiple adapters can also
increase performance by distributing the network load between adapters.
Ethernet bonding does not provide increased bus speeds, increase read and write
operations between the system bus and network adapters, or enable dual remote
access (DRA) over a WAN link.

References

• 11.6.3 Redundancy and High Availability Facts

• 11.6.8 Set Up NIC Teaming
• 11.6.10 Configure Linux Network Bonding
• 11.6.11 NIC Teaming Facts
q_nic_teaming_bonding_01_np6.question.fex

Question 10:
Correct
A web server on your network hosts your company's public website. You want to
make sure that a NIC failure on the server does not prevent the website from being
accessible on the internet.
Which solution should you implement?
Answer

QoS
Correct Answer:
Ethernet bonding

Spanning Tree

Traffic shaping

Explanation

Ethernet bonding (also called NIC teaming) logically groups two or more physical
connections to the same network. If one NIC fails, the second NIC with a connection
to the same network can still be used.
Spanning Tree is a protocol on a switch that allows it to maintain multiple paths
within a subnet.
A traffic shaper (also called a bandwidth shaper) is a device that's capable of
modifying the flow of data through a network in response to network traffic
conditions.
Quality of Service (QoS) refers to a set of mechanisms that try to guarantee timely
delivery or minimal delay of important or time-sensitive communications. QoS is
particularly important when you implement Voice over IP (VoIP), Video over IP, or
online gaming, where delay or data loss make the overall experience unacceptable.

References

q_backup_restore_full_differential_01_np6.question.fex

Question 6:
Correct
Your disaster recovery plan (DRP) calls for backup media to be stored at a different
location. The location is a safe deposit box at the local bank. Because of this, the
disaster recovery plan specifies that you must choose a method that uses the least
amount of backup media but also allows you to quickly back up and restore files.
Which backup strategy would BEST meet the DRP's specifications?
Answer

Perform a full backup each day of the week.

Perform a full backup once per week and an incremental backup the other days of
the week.

Perform a full backup once per month and an incremental backup the other days of
the month.
Correct Answer:
Perform a full backup once per week and a differential backup the other days of the
week.

Explanation

Performing a full backup once per week and a differential backup the other days of
the week would best meet this disaster recovery plan's specifications. The full
backup backs up all files, usually to one tape, but the process can be time-
consuming. The differential backup backs up all files since the last full backup.
Performing a full backup each day would meet the requirement of using as few tapes
as possible, but that backup process would be very time-consuming each day.
Performing a full backup once per week and an incremental backup the other days of
the week would be one of the fastest methods for backing up files, but it would
require many tapes to complete the restore. The incremental backup only backs up
files added or changed since the last backup. Because of this, in order to do a
complete restore of the file system, you'd need a tape for each day of the week that
the incremental backup ran.
Performing a full backup once per month and an incremental backup the other days
of the month would be the fastest method to back up files, but it would require many
tapes to complete. This process only backs up files added or changed since the last
backup. Because of this, in order to do a complete restore of the file system, you'd
need a tape for each day of the month that the incremental backup ran.

References

•11.7.3 Data Backup and Storage Facts

q_backup_restore_full_differential_02_np6.question.fex

Question 7:
Correct
Your network uses the following backup strategy. You create:
• Full backups every Sunday night.
• Differential backups Monday night through Saturday night.
On Thursday morning, the storage system fails. How many restore operations would
you need to perform to recover all of the data?
Answer

One
Correct Answer:
Two

Three

Four

Explanation

You would need to perform two restore procedures. You would do the following:
1. Restore the full backup from Sunday.
2. Restore the differential backup from Wednesday.
If you did a full backup every night, you would restore only a single backup
(Wednesday's backup). If you did full backups with incremental backups, you would
restore the last full backup along with each incremental backup.

References

• 11.7.3 Data Backup and Storage Facts

q_backup_restore_full_differential_03_np6.question.fex

Question 8:
Correct
Which of the following are backed up during an incremental backup?
Answer

Only files that are new since the last full or incremental backup.
Only files that have changed since the last full backup.
Correct Answer:
Only files that have changed since the last full or incremental backup.

Only files that have changed since the last full or differential backup.

Explanation

An incremental backup only captures files that have changed since the last full or
incremental backup. The primary attraction to this backup plan is that it requires less
storage space and processing time to complete. Restoration starts from the last full
backup and then requires the loading of each subsequent incremental backup for a
full restoration.

References

• 11.7.3 Data Backup and Storage Facts

q_backup_restore_incremental_01_np6.question.fex

Question 9:
Correct
Your network uses the following backup strategy. You create:
• Full backups every Sunday night.
• Incremental backups Monday night through Saturday night.
On a Thursday morning, the storage system fails. How many restore operations
would you need to perform to recover all of the data?
Answer

One

Two

Three
Correct Answer:
Four

Five

Explanation

In this scenario, you would need to perform the following four restore procedures:
1. Restore the full backup from Sunday.
2. Restore the incremental backup from Monday.
3. Restore the incremental backup from Tuesday.
4. Restore the incremental backup from Wednesday.
If you did a full backup every night, you would restore only a single backup
(Wednesday's backup). If you did full backups with differential backups, you would
restore the last full backup along with the last differential backup.

References

• 11.7.3 Data Backup and Storage Facts

q_backup_restore_incremental_03_np6.question.fex

Question 10:
Correct
Which of the following describe a system image backup?
Answer

A system image does not include operating system files, program files, encrypted
files, files in the Recycle Bin, user profile settings, or temporary files.

A system image includes only specified files and folders backed up to a compressed
file.
Correct Answer:
A system image contains everything on the system volume, including the operating
system, installed programs, drivers, and user data files.

A system image only contains the operating system, installed programs, drivers, and
user profile settings.

Explanation

Explanation

Remote Desktop Gateway (RD Gateway) is a role service that allows users with the
Remote Desktop Connection client and an internet connection to connect on an
internal network.
A Remote Desktop Resource Authorization Policy (RD RAP) identifies the internal
resources that users can access.
A Remote Desktop Connection Authorization Policy (RD CAP) identifies the users
who can establish a connection through the RD Gateway server.
Remote Desktop is a software tool.

References

• 11.8.1 Remote Management

• 11.8.2 Use Remote Desktop
• 11.8.4 Remote Management Facts
q_remote_manage_gateway_np6.question.fex

Question 4:
Correct
You are the desktop administrator for your company. You would like to manage the
computers remotely using a tool with a graphical user interface (GUI).
Which of the following actions can you take to accomplish this?
Answer

Use Telnet to connect to each computer.

Send an assistance invitation.

Run Remote Shell to manage each computer.

Correct Answer:
Establish a Remote Desktop connection to each computer.

Explanation

To remotely manage computers using a graphical user interface, you can use
Remote Desktop to establish a connection to each computer.
Use Remote Shell and Telnet to execute commands on a remote computer.
You initiate a Remote Assistance session by sending an assistance invitation.

References

• 11.8.1 Remote Management

• 11.8.2 Use Remote Desktop
• 11.8.4 Remote Management Facts
q_remote_manage_gui_np6.question.fex

Question 5:
Correct
You manage a server at work that has just been configured with a new application.
Consequently, the server has crashed several times during the last week. You think
that you've resolved the problem, but you'd like to be able to manage the server
remotely just in case more issues occur.
Which of the following protocols should you use for remote management? (Select
two.)
Answer
Correct Answer:
VNC

L2TP
Correct Answer:
ICA
PPP

PPTP

Explanation

Use a remote access protocol to remotely manage devices. A remote access

protocol allows you to interact with a computer's desktop without being present at the
console. There are multiple protocols you can use for remote desktop connections.
• Virtual Network Computing (VNC) was originally designed for UNIX.
Applications that use VNC include RealVNC, TightVNC, UltraVNC, and
Vine Server.
• Independent Computing Architecture (ICA) is the protocol used by Citrix
products (WinFrame and MetaFrame/XenApp).
• Remote Desktop Protocol (RDP) is the protocol developed by Microsoft
and used in Microsoft's Terminal, Remote Desktop, and Remote
Assistance solutions. Aqua Connect has now licensed RDP and created a
version for Mac OS X.
PPP (Point-to-Point Protocol) is a protocol that's used to control remote access. PPP
allows the authentication, authorization, and accounting of remote access
connections.
PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) are
VPN protocols that provide a secure connection to a destination host or network
through the internet .

References

• 11.8.1 Remote Management

• 11.8.2 Use Remote Desktop
• 11.8.4 Remote Management Facts
q_remote_manage_protocols_np6.question.fex

Question 6:
Correct
Which of the following protocols or services would you associate with Windows
Remote Desktop network traffic?
Answer
Correct Answer:
RDP

WPA

NNTP

RD RAP
Explanation

Remote Desktop Protocol (RDP) is used by Windows Remote Desktop applications,

including Remote Desktop Connection.
A Remote Desktop Resource Authorization Policy (RD RAP) identifies the internal
resources that users can access.
Network News Transport Protocol (NNTP) is used to access newsgroups and
download messages. It is not associated with Windows Terminal.
Wi-Fi Protected Access (WPA) is a security mechanism designed to provide
protection on wireless networks. It is not associated with Windows Terminal.

References

•
11.8.1 Remote Management
•
11.8.2 Use Remote Desktop
•
11.8.4 Remote Management Facts
q_remote_manage_rdp_01_np6.question.fex

Question 7:
Correct
You are in the middle of a big project at work. All of your work files are on a server at
the office. You want to be able to access the server desktop, open and edit files,
save the files on the server, and print files to a printer that's connected to a computer
at home.
Which protocol should you use?
Answer
Correct Answer:
RDP

SSH

Telnet

FTP

Explanation

To access the server's desktop, use Remote Desktop Protocol (RDP). RDP is
Microsoft's own remote access protocol, but other available protocols include VNC
and ICA. With this remote desktop solution, you can access a device's desktop and
work with applications and files on that device. Device redirection allows you to
redirect sound, drives, or printing at the remote computer to your local computer.
Telnet and SSH are command line utilities used for remote management.
FTP (File Transfer Protocol) is used for file transfer. While you might use this
protocol to transfer files, it does not give you access to a remote system's desktop.
References

• 11.8.1 Remote Management

• 11.8.2 Use Remote Desktop
• 11.8.4 Remote Management Facts
q_remote_manage_rdp_02_np6.question.fex

Question 8:
Correct
You just deployed a new Cisco router that connects several network segments in
your organization.
The router is physically located in a server room that requires an ID card for access.
You backed up the router configuration to a remote location with an encrypted file.
You access the router configuration interface from your notebook computer using a
Telnet client with the username admin and the password admin. You used the MD5
hashing algorithm to protect the password.
What else should you do to increase the security of this device? (Select two.)
Answer

Use TFTP to back up the router configuration to a remote location.

Correct Answer:
Use an SSH client to access the router configuration.
Correct Answer:
Change the default administrative username and password.

Use a web browser to access the router configuration using an HTTP connection.

Use encrypted Type 7 passwords.

Explanation

In this scenario, you need to address the following two key security issues:
• You should use an SSH (Secure Shell) client to access the router
configuration. Telnet transfers data over the network connection in
cleartext, exposing sensitive data to sniffing.
• You should change the default administrative username and password.
Default usernames and passwords are readily available from websites on
the internet.
Encrypted Type 7 passwords on a Cisco device are less secure than those protected
with MD5.
Using HTTP and TFTP (Trivial File Transfer Protocol) to manage the router
configuration could expose sensitive information to sniffers, as they transmit data in
cleartext.

References
• 11.8.1 Remote Management
• 11.8.2 Use Remote Desktop
• 11.8.4 Remote Management Facts
q_remote_manage_ssh_01_np6.question.fex

Question 9:
Correct
Which of the following is a protocol used for terminal emulation?
Answer

RDP

ICA
Correct Answer:
SSH

VNC

Explanation

Most administrators use Secure Shell (SSH) for terminal emulation.

VNC, ICA, and RDP are remote access protocols.

References

• 11.8.1 Remote Management

• 11.8.2 Use Remote Desktop
• 11.8.4 Remote Management Facts
q_remote_manage_ssh_02_np6.question.fex

Question 10:
Correct
Which of the following remote protocols was originally designed for UNIX?
Answer

VPN

RDP

ICA
Correct Answer:
VNC

Explanation
Virtual Network Computing (VNC) was originally designed for UNIX.
ICA, VPN, and RDP are remote desktop protocols. However, they were not originally
designed for UNIX.
You can use a virtual private network (VPN) for remote access, but it is not a
protocol that was originally designed for UNIX.

References

• 11.8.4 Remote Management Facts

q_remote_manage_vnc_np6.question.fex
Which of the following BEST describes an inside attacker?
Answer
Correct Answer:
An unintentional threat actor (the most common threat).

An attacker with lots of resources and money at their disposal.

A good individual who tries to help a company see their vulnerabilities.

SSH (Secure Shell) is a secure and acceptable alternative to Telnet. SSH allows
secure interactive control of remote systems. SSH uses RSA public key
cryptography for both connection and authentication. SSH also uses the IDEA
algorithm for encryption by default but is able to use Blowfish and DES as well.
Remote Desktop, while a remote control mechanism, is limited to a few versions of
Windows and is not very secure.
Point-to-Point Protocol (PPP) and Serial Line Interface Protocol (SLIP) are not
remote access authentication protocols. They are used to establish a connection, not
provide authentication.

References

• 12.1.6 Secure Protocol Facts

q_secure_protocols_ssh_01_np6.question.fex

Question 4:
Correct
Which of the following protocols can you use to securely manage a network device
from a remote connection?
Answer

Telnet

SFTP

TLS
Correct Answer:
SSH

Explanation

SSH allows secure interactive control of remote systems. It is a secure and

acceptable alternative to Telnet.
SFTP (Secure File Transfer Protocol) uses Secure Shell (SSH) to secure data
transfers.
TLS (Transport Layer Security) ensures that messages being transmitted on the
internet are private and tamper-proof. TLS is often used to add security to other
protocols.

References

•
12.1.6 Secure Protocol Facts
q_secure_protocols_ssh_02_np6.question.fex

Question 5:
Correct
Which protocol does HTTPS use to offer greater security for web transactions?
Answer

CHAP

PAP

IPsec
Correct Answer:
SSL

Explanation
HTTPS (HyperText Transfer Protocol Secure) uses Secure Sockets Layer (SSL) to
offer greater security for web transactions.
IPsec uses HMAC (Hash-Based Message Authentication Code) to provide message
integrity checks.
Password Authentication Protocol (PAP) transmits login credentials in cleartext.
Challenge Handshake Authentication Protocol (CHAP) protects login credentials
using a hash and allows periodic re-authentication.

References

•12.1.6 Secure Protocol Facts

q_secure_protocols_ssl_01_np6.question.fex

Question 6:
Correct
You want to allow traveling users to connect to your private network through the
internet. Users will connect from various locations, including airports, hotels, and
public access points (like coffee shops and libraries). As such, you won't be able to
configure the firewalls that might be controlling access to the internet in these
locations.
Which of the following protocols is MOST likely to be allowed through the widest
number of firewalls?
Answer

PPTP

L2TP
Correct Answer:
SSL

IPsec

Explanation

Ports must be open on firewalls to allow VPN protocols. For this reason, using SSL
(Secure Sockets Layer) for a VPN often works through firewalls when other solutions
do not because SSL uses port 443, which is a port that's often already open to allow
HTTPS traffic. In addition, some NAT (Network Address Translation) solutions do not
work well with VPN connections.
PPTP (Point-to-Point Tunneling Protocol) uses port 1723. L2TP (Layer 2 Tunneling
Protocol) uses ports 1701 and 500. IPsec uses UDP port 500 for IKE (Internet Key
Exchange).

References
•
12.1.6 Secure Protocol Facts
q_secure_protocols_ssl_02_np6.question.fex

Question 7:
Correct
Which of the following protocols are often added to other protocols to provide secure
data transmission? (Select two.)
Answer

SMTP

HTTPS

SNMP
Correct Answer:
SSL
Correct Answer:
TLS

Explanation

Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols
that are used with other protocols to add security. In addition, you can use Secure
Shell (SSH) to add security when using unsecure protocols.
HTTPS (HyperText Transfer Protocol Secure) is the secure form of HTTP that uses
SSL. SMTP (Simple Mail Transfer Protocol) is used for sending email. SNMP
(Simple Network Management Protocol) is for network management tasks.

References

•
12.1.6 Secure Protocol Facts
q_secure_protocols_ssl_tls_np6.question.fex

Question 8:
Correct
Which of the following intrusion detection and prevention systems uses fake
resources to entice intruders by displaying a vulnerability, configuration flaw, or
valuable data?
Answer

Botnet
Correct Answer:
Honeypot
Trojan horse

Zombie

Explanation

A honeypot is a device or virtual machine that entices intruders by displaying a

vulnerability, displaying a configuration flaw, or appearing to contain valuable data.
A Trojan horse is a malicious program that is disguised as legitimate or desirable
software.
A zombie is a computer that's infected with malware and that allows remote software
updates and control by a command and control center (called a zombie master).
A botnet refers to a group of zombie computers that are commanded from a central
control infrastructure.

References

• 12.1.8 Defense in Depth Facts

q_defense_depth_honeypot_01_np6.question.fex

Question 9:
Correct
Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of
the following main intrusion detection and prevention goals? (Select two.)
Answer

Entices attackers to reveal their IDS signatures, which can then be matched to
known attack patterns.

Detects anomalous behavior that varies from standard activity patterns, also referred
to as heuristic recognition.
Correct Answer:
Offers attackers a target that occupies their time and attention while distracting them
from valid resources.
Correct Answer:
Reveals information about an attacker's methods and gathers evidence for
identification or prosecution purposes.

Lures attackers into a non-critical network segment where their actions are passively
monitored and logged, after which their connection is simply dropped.

Detects attacks that are unique to the services on valid system resources and
monitors application activity.
Explanation

By using honeypots, honeynets, and tarpits, you can fulfill the following intrusion
detection and protection goals:
• Attackers are offered targets that will occupy their time and attention,
distracting them from valid resources.
• You can observe attackers and gather information about their attack
methods or gather evidence for identification or prosecution purposes.

References

• 12.1.8 Defense in Depth Facts

q_defense_depth_honeypot_02_np6.question.fex

Question 10:
Correct
Members of the sales team use laptops to connect to the company network. While
traveling, they connect their laptops to the internet through airport and hotel
networks.
You are concerned that these computers will pick up viruses that could spread to
your private network. You would like to implement a solution that prevents the
laptops from connecting to your network unless antivirus software and the latest
operating system patches have been installed.
Which solution should you use?
Answer

VLAN

q_risk_management_quantitative_np6.question.question.fex

Question 3:
Correct
What is the main difference between vulnerability scanning and penetration testing?
Answer

Vulnerability scanning uses approved methods and tools; penetration testing uses
hacking tools.

Vulnerability scanning is performed with a detailed knowledge of the system;

penetration testing starts with no knowledge of the system.

The goal of vulnerability scanning is to identify potential weaknesses; the goal of

penetration testing is to attack a system.
Correct Answer:
Vulnerability scanning is performed within the security perimeter; penetration testing
is performed outside of the security perimeter.

Explanation

Penetration testing simulates an actual attack on the network and is conducted from
outside the organization's security perimeter. Vulnerability scanning is typically
performed internally by users with administrative access to the system.
The goal of both vulnerability scanning and penetration testing is to identify the
effectiveness of security measures and identify weaknesses that can be fixed. While
some penetration testing is performed with no knowledge of the network, penetration
testing could be performed by testers with detailed information about the systems.
Both vulnerability scanning and penetration testing can use similar tools, although
you should avoid illegal tools in both activities.

References
• 12.2.4 Penetration Testing Facts
q_pen_test_differences_np6.question.fex

Question 4:
Correct
A security administrator is conducting a penetration test on a network. She connects
a notebook system running Linux to the wireless network and then uses Nmap to
probe various network hosts to see which operating system they are running.
Which process did the administrator use for the penetration test in this scenario?
Answer

Network enumeration

Passive fingerprinting

Firewalking
Correct Answer:
Active fingerprinting

Explanation

The administrator in this scenario used active fingerprinting. Active fingerprinting is a

form of system enumeration that is designed to gain as much information about a
specific computer as possible. It identifies operating systems based upon ICMP
message quoting characteristics. Portions of an original ICMP request are repeated
(or quoted) within the response, and each operating system quotes this information
back in a slightly different manner. Active fingerprinting can determine the operating
system and even the patch level.
Passive fingerprinting works in much the same manner as active fingerprinting.
However, this technique does not utilize active probes of specific systems. Network
enumeration (also called network mapping) involves a thorough and systematic
discovery of as much of the corporate network as possible, using:
• Social engineering
• Wardriving
• War dialing
• Banner grabbing
• Firewalking
Firewalking uses traceroute techniques to discover which services can pass through
a firewall or a router. Hping and Firewalk are common firewalking tools.

References

• 12.2.4 Penetration Testing Facts

q_pen_test_fingerprinting_01_np6.question.fex

Question 5:
Correct
Drag each penetration test characteristic on the left to the appropriate penetration
test name on the right.
Known test

The tester has detailed information about the target system prior to starting the
test.
correct answer:
Partially known test

The tester has the same amount of information that would be available to a typical
insider in the organization.
correct answer:
Unknown test

The tester has no prior knowledge of the target system.

correct answer:
Single-blind test

Either the attacker has prior knowledge about the target system or the
administrator knows that the test is being performed.
correct answer:
Double-blind test

The tester does not have prior information about the system, and the administrator
has no knowledge that the test is being performed.
correct answer:
Keyboard Instructions

Explanation

Penetration testing is classified by the knowledge that the attacker and system
personnel have prior to the attack.
• In an unknown test, the tester has no prior knowledge of the target
system.
• In a known test, the tester has detailed information prior to starting the
test.
• In a partially known test, the tester has the same amount of information
that would be available to a typical insider in the organization.
• In a single-blind test, one side has advanced knowledge. Either the
attacker has prior knowledge about the target system or the defender has
knowledge about the impending attack.
• In a double-blind test, the penetration tester does not have prior
information about the system, and the network administrator has no
knowledge that the test is being performed. A double-blind test provides
more accurate information about a system's security.

References

• 12.2.4 Penetration Testing Facts

q_pen_test_types_np6.question.fex

Question 6:
Correct
Which SIEM component is responsible for gathering all event logs from configured
devices and securely sending them to the SIEM system?
Answer
Correct Answer:
Collectors

Security automation

Data handling

SIEM alerts

Explanation

Collectors are responsible for gathering all event logs from configured devices and
securely sending them to the Security Information and Event Management (SIEM)
system. Collectors are basically the middleman between devices and the SIEM
system.
The data handling component receives the data from the collectors and then reads,
analyzes, and separates the data into different categories.
SIEM alerts are responsible for triggering alerts if any data exceeds the established
thresholds.
Security automation is a feature of a SOAR system.

References

• 12.2.6 Security Information and Event Management Facts

q_siem_collector_np6.question.fex

Question 7:
Correct
Which of the following Security Orchestration, Automation, and Response (SOAR)
system components helps to document the processes and procedures that are to be
used by a human during a manual intervention?
Answer
Orchestration

Runbook

Response
Correct Answer:
Playbook

Explanation

Playbooks are linear checklists of required steps and actions that are to be taken to
respond to an alert. While playbooks do support automated actions, they are often
used to document the processes and procedures that are to be used by a human
during a manual intervention.
Runbooks consist of a series of conditional steps to perform actions, such as
sending notifications or threat containment. They are not used to document the
processes and procedures for a manual intervention.
The Orchestration component of the Security Orchestration, Automation, and
Response (SOAR) system is responsible for gathering data and information from
across the network. This is not used to document the processes and procedures for
a manual intervention.
The Response component of a SOAR system allows the system to automatically
take actions against threats. It is not used to document the processes and
procedures for a manual intervention.

References

• 12.2.6 Security Information and Event Management Facts

q_siem_playbook_np6.question.fex

Question 8:
Correct
You want to make sure that a set of servers only accepts traffic for specific network
services. You have verified that the servers are only running the necessary services,
but you also want to make sure that the servers do not accept packets sent to those
services.
Which tool should you use?
Answer

Packet sniffer
Correct Answer:
Port scanner
IDS

System logs

IPS

Explanation

Use a port scanner to check for open ports on a system or firewall. Compare the list
of open ports with the list of ports allowed by your Network Design and Security
Policy. Typically, a port is open when a service starts or is configured on a device.
Open ports for unused services expose the server to attacks directed at that port.
Use a packet sniffer to examine packets on a network. With a packet sniffer, you can
identify packets directed toward specific ports, but you won't be able to tell if those
ports are open. Examine system logs to look for events that have happened on your
system. These events might include a service starting up, but this would not likely
reflect open ports.
An intrusion detection system (IDS) is a special network device that can detect
attacks and suspicious activity. A passive IDS monitors, logs, and detects security
breaches, but it takes no action to stop or prevent an attack. An active IDS (also
called an intrusion protection system, or IPS) performs the functions of an IDS but
can also react when security breaches occur.

References

• 12.2.6 Security Information and Event Management Facts

q_siem_port_np6.question.fex

Question 9:
Correct
A security administrator logs on to a Windows server on her organization's network.
Then she runs a vulnerability scan on that server.
Which type of scan did she conduct in this scenario?
Answer

Non-credentialed scan

Non-intrusive scan

Intrusive scan
Correct Answer:
Credentialed scan

Explanation
In a credentialed scan, the security administrator authenticates to the system prior to
starting the scan. A credentialed scan usually provides detailed information about
potential vulnerabilities. For example, a credentialed scan of a Windows workstation
allows you to probe the Registry for security vulnerabilities.
With a non-credentialed scan, the security administrator does not authenticate to the
system prior to running the scan.
A non-intrusive scan is the most common type of scan you will see performed. It
looks for vulnerabilities and gives you a report on what it found.
An intrusive scan finds a potential vulnerability and then actively attempts to exploit
it.

References

• 12.2.9 Vulnerability Assessment Facts

q_vulnerability_assessment_cred_np6.question.fex

Question 10:
Correct
You want to be able to identify the services running on a set of servers on your
network. Which tool would BEST give you the information you need?
Answer

Port scanner

Network mapper

Protocol analyzer
Correct Answer:
Vulnerability scanner

Explanation

Use a vulnerability scanner to gather information about systems, such as the running
applications or services. A vulnerability scanner often combines functions found in
other tools and can perform additional functions, such as identifying open firewall
ports, missing patches, and default or blank passwords.
A port scanner is a tool that probes systems for open ports. A port scanner tells you
which ports are open in the firewall, but it cannot identify services running on a
server if the firewall port has been closed.
A network mapper is a tool that can discover devices on a network and show those
devices in a graphical representation. Network mappers typically use a ping scan to
discover devices and a port scanner to identify open ports on those devices.
Use a protocol analyzer to identify traffic that is sent on the network medium and
traffic sources. Services could still be running on a server that do not generate the
network traffic that a protocol analyzer would catch.
References

• 12.2.9 Vulnerability Assessment Facts

q_vulnerability_assessment_scanner_np6.question.fex
Five salespeople work out of your office. They frequently leave their laptops on the
desks in their cubicles. You are concerned that someone might walk by and take one
of these laptops.
Which of the following is the BEST way to address your concerns?
Answer

Encrypt all company data on the hard drives.

Require strong passwords in the Local Security Policy.

Correct Answer:
Use cable locks to chain the laptops to the desks.

Implement screensaver passwords.

Explanation

The main concern, in this case, is with laptops being stolen. The best protection
against physical theft is to secure the laptops in place using a cable lock.
Requiring strong passwords or using encryption might prevent unauthorized users
from accessing data on the laptops, but this does not prevent physical theft.

References

• 12.3.2 Physical Security Facts

q_physical_security_cable_locks_np6.question.fex

Question 2:
Correct
What is the primary benefit of CCTV?
Answer

Provides a corrective control.

Correct Answer:
Expands the area visible to security guards.

Increases security protection throughout an environment.

Reduces the need for locks and sensors on doors.

Explanation

A primary benefit of CCTV is that it expands the area visible to security guards. This
helps fewer guards oversee and monitor a larger area.
CCTV does not reduce the need for locks and sensors on doors.
CCTV does not provide a corrective control (it is a preventative, deterrent, or
detective control).
CCTV does not increase security protection throughout an environment. It only does
so in the area where it is aimed.

References

• 12.3.2 Physical Security Facts

q_physical_security_cctv_01_np6.question.fex

Question 3:
Correct
Which of the following CCTV types would you use in areas with little or no light?
Answer

C-mount

A camera with a high LUX rating

PTZ
Correct Answer:
Infrared

Explanation

Infrared cameras can record images in little or no light.

LUX is a measure of sensitivity to light. The lower the number, the less light is
needed for a clear image. Infrared cameras have a low LUX rating, meaning that
little light is needed.
A C-mount camera has interchangeable lenses and is typically rectangular in shape.
A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on
specific areas.

References

• 12.3.2 Physical Security Facts

q_physical_security_cctv_05_np6.question.fex

Question 4:
Correct
Match each physical security control on the left with an appropriate example of that
control on the right. Each security control may be used once, more than once, or not
at all.
Hardened carrier
Protected cable distribution
correct answer:
Biometric authentication

Door locks
correct answer:
Barricades

Perimeter barrier
correct answer:
Emergency escape plans

Safety
correct answer:
Alarmed carrier

Protected cable distribution

correct answer:
Anti-passback system

Physical access control

correct answer:
Emergency lighting

Safety
correct answer:
Exterior floodlights

Perimeter barrier
correct answer:
Keyboard Instructions

Explanation

Physical security controls and their functions include the following:

• Perimeter barriers secure the building perimeter and restrict access to
secure entry points. Examples include barricades and floodlights.
• Door locks allow access only to those with the proper key. For example, a
biometric authentication system requires an individual to submit to a
fingerprint or retina scan before a door is unlocked.
• Physical access controls are implemented inside the facility to control who
can go where. For example, an anti-passback system prevents a card
holder from passing their card back to someone else.
• Safety controls help employees and visitors remain safe while on site. For
example, consider devising escape plans that utilize the best escape
routes for each area in your organization. In addition, emergency lighting
should be implemented that runs on protected power and automatically
switches on when the main power goes off.
• A protected distribution system (PDS) encases network cabling within a
carrier. This enables data to be securely transferred through an area of
lower security. In a hardened carrier PDS, network cabling is run within
metal conduit. In an alarmed carrier PDS, an electronic alarm system is
used to detect attempts to compromise the carrier and access the cable
within it.

References

• 12.3.2 Physical Security Facts

q_physical_security_controls_np6.question.fex

Question 5:
Correct
You want to use CCTV as a preventative security measure. Which of the following is
a requirement for your plan?
Answer

Low LUX or infrared camera

Sufficient lighting

PTZ camera
Correct Answer:
Security guards

Explanation

When used in a preventative way, you must have a guard or other person available
who monitors one or more cameras. Only a security guard can interpret what the
camera sees to make appropriate security decisions.
Even with sufficient lighting on a low-LUX or infrared camera, cameras are not a
useful preventative measure without a security guard present to interpret images and
make security decisions.
A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on
specific areas.

References

• 12.3.2 Physical Security Facts

q_physical_security_guards_np6.question.fex
Question 6:
Correct
Which of the following is the MOST important way to prevent console access to a
network switch?
Answer

Disconnect the console cable when not in use.

Correct Answer:
Keep the switch in a room that is locked by a keypad.

Set the console and enable secret passwords.

Implement an access list to prevent console connections.

Explanation

To control access to the switch console, you must keep it in a locked room. A
console connection can only be established with a direct physical connection to the
device. If the switch is in a locked room, only those with access will be able to make
a console connection. In addition, even if you had set console passwords, users with
physical access to the device could perform password recovery and gain access.

References

• 12.3.2 Physical Security Facts

q_physical_security_keypad_np6.question.fex

Question 7:
Correct
Which of the following controls is an example of a physical access control method?
Answer

Passwords

Access control lists with permissions

Smart cards

New hire background checks

Correct Answer:
Locks on doors

Explanation
Locks on doors is an example of a physical access control method. Physical controls
restrict or control physical access.
Passwords, access control lists, and smart cards are all examples of technical
controls. Even though a smart card is a physical object, the card by itself is part of a
technical implementation. Requiring background checks for hiring is an example of a
policy or an administrative control.

References

• 12.3.2 Physical Security Facts

q_physical_security_locks_02_np6.question.fex

Question 8:
Correct
Which of the following can you use to stop piggybacking from occurring at a front
entrance where employees swipe smart cards to gain entry?
Answer

Install security cameras.

Correct Answer:
Deploy a mantrap.

Use weight scales.

Use key locks rather than electronic locks.

Explanation

Piggybacking is the activity where an authorized or unauthorized individual gains

entry into a secured area by exploiting the credentials of a prior person. Often, the
first person will authenticate, unlock the door, and then hold it open for the next
person to enter without forcing them to authenticate separately. You can stop
piggybacking with a mantrap. A mantrap is a single-person room with two doors and
often includes a scale to prevent piggybacking. It requires proper authentication
before unlocking the inner door to allow authorized personal into a secured area.
Those who fail to properly authenticate are held captive until authorities respond.
A security camera may deter piggybacking, but does not directly stop it. Using weight
scales inside a mantrap will stop piggybacking, but they are not useful or effective
without the mantrap. The use of conventional keys as opposed to electronic locks
does little to prevent piggybacking and may actually make piggybacking more
prevalent.

References

• 12.3.2 Physical Security Facts

q_physical_security_piggyback_np6.question.fex
Question 9:
Correct
You are an IT consultant and are visiting a new client's site to become familiar with
their network. As you walk around their facility, you note the following:
• When you enter the facility, a receptionist greets you and directs you down
the hallway to the office manager's cubicle. The receptionist uses a
notebook system that is secured to her desk with a cable lock.
• The office manager informs you that the organization's servers are kept in
a locked closet. Only she has the key to the closet. When you arrive on
site, you will be required to get the key from her to access the closet.
• She informs you that server backups are configured to run each night. A
rotation of external USB hard disks are used as the backup media.
• You notice the organization's network switch is kept in an empty cubicle
adjacent to the office manager's workspace.
• You notice that a router/firewall-content filter all-in-one device has been
implemented in the server closet to protect the internal network from
external attacks.
Which security-related recommendations should you make to this client? (Select
two.)
Answer
Correct Answer:
Relocate the switch to the locked server closet.

Replace the USB hard disks used for server backups with a tape drive.
Correct Answer:
Control access to the work area with locking doors and card readers.

Use separate dedicated network perimeter security devices instead of an all-in-one

device.

Replace the key lock on the server closet with a card reader.

Explanation

In this scenario, you should recommend the client make the following changes:
• Relocate the switch to the locked server closet. Keeping it in a cubicle
could allow an attacker to configure port mirroring on the switch and
capture network traffic.
• Control access to the work area with locking doors and card readers.
Controlling access to the building is critical for preventing unauthorized
people from gaining access to computers. In this scenario, you were able
to walk unescorted into the work area without any kind of physical access
control other than the receptionist.
Because the office manager will control who has access to the server closet key, it
isn't necessary to implement a card reader on the server closet door. Using tape
drives instead of hard disks wouldn't increase the security of the backups. Using
separate perimeter security devices instead of an all-in-one device would be unlikely
to increase network security.

References

• 12.3.2 Physical Security Facts

q_physical_security_solutions_02_np6.question.fex

Question 10:
Correct
Which of the following is a secure doorway that can be used with a mantrap to allow
an easy exit but actively prevents re-entrance through the exit portal?
Answer

Electronic access control doors

Egress mantraps

Locked doors with interior unlock push bars

Correct Answer:
Turnstiles

Explanation

Turnstiles allow an easy exit from a secured environment but actively prevent re-
entrance through the exit portal. Turnstiles are a common exit portal used with
entrance portal mantraps. A turnstile can't be used to enter into a secured facility, as
it only functions in one direction.
Egress mantraps are not easy exit portals. Plus, they are a tremendously
unnecessary expense and administrative burden. Any form of door, including self-
locking doors with push bars or credential readers, can be hijacked to allow an
outsider to enter.

References

• 12.3.2 Physical Security Facts

q_physical_security_turnstiles_np6.question.fex
An organization's receptionist received a phone call from an individual claiming to be
a partner in a high-level project and requesting sensitive information. Which type of
social engineering is this individual engaging in?
Answer

Commitment
Correct Answer:
Authority

Persuasive

Social validation

Explanation

Authority social engineering entails an attacker either lying about having authority or
using their high status in a company to force victims to perform actions that exceed
their authorization level.
Persuasive social engineering entails an attacker convincing a person to give them
information or access that he or she shouldn't.
Social validation entails an attacker using peer pressure to coerce someone else to
bend rules or give information he or she shouldn't.
Commitment social engineering entails convincing someone to buy into an overall
idea and then demanding or including further specifics that were not presented up
front.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_authority_np6.question.fex

Question 2:
Correct
What is the primary countermeasure to social engineering?
Answer

A written security policy

Heavy management oversight

Traffic filters
Correct Answer:
Awareness
Explanation

The primary countermeasure to social engineering is awareness. If users are

unaware of the necessity for security and are not properly trained, they are
vulnerable to numerous social engineering exploits. Awareness training focused on
preventing social engineering should include methods for authenticating personnel
over the phone, assigning classification levels to information and activities, and
educating your personnel on which information should not be distributed.
A written security policy is a countermeasure against social engineering, but without
awareness training, it is useless. Heavy management oversight may provide some
safeguards that protect users from social engineering, but management is less
effective than awareness. Traffic filters are not countermeasures for social
engineering because they do not focus on solving the human problem inherent in
social engineering attacks.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_awareness_np6.question.fex

Question 3:
Correct
Match each social engineering description on the left with the appropriate attack type
on the right.
Phishing

An attacker sends an email pretending to be from a trusted organization, asking

users to access a website to verify personal information.
correct answer:
Whaling

An attacker gathers personal information about the target individual, who is a CEO.
correct answer:
Spear phishing

An attacker gathers personal information about the target individual in an

organization.
correct answer:
Dumpster diving

An attacker searches through an organization's trash for sensitive information.

correct answer:
Piggybacking
An attacker enters a secure building by following an authorized employee through
a secure door without providing identification.
correct answer:
Vishing

An attacker uses a telephone to convince target individuals to reveal their credit

card information.
correct answer:
Keyboard Instructions

Explanation

Specific social engineering attacks include the following:

Dumpster Diving
Dumpster diving is the process of looking in the trash for sensitive information that
has not been properly disposed of.
Tailgating and Piggybacking
Piggybacking and tailgating refer to an attacker entering a secure building by
following an authorized employee through a secure door and not providing
identification. Piggybacking usually implies consent from the authorized employee,
whereas tailgating implies no consent from the authorized employee.
Phishing
A phishing scam is an email pretending to be from a trusted organization, asking the
user to verify personal information or send money. In a phishing attack:
• A fraudulent message that appears to be legitimate is sent to a target.
• The message requests that the target visit a fraudulent website (which
also appears to be legitimate). Graphics, links, and websites look almost
identical to the legitimate websites they are trying to represent.
• The fraudulent website requests that the victim provide sensitive
information, such as an account number and password.
Below are descriptions of common phishing scams.
• A rock phish kit is a fake website that imitates a real website (such as
banks, PayPal, eBay, and Amazon). Phishing emails direct you to the fake
website to enter account information. A single server can host multiple
fake sites using multiple registered DNS names. These sites can be set up
and taken down rapidly to avoid detection.
• A Nigerian scam, also known as a 419 scam, involves emails that request
a small amount of money to help transfer funds from a foreign country. For
your assistance, you are to receive a reward for a much larger amount of
money that will be sent to you at a later date.
• In spear phishing, attackers gather information about the victim, such as
which online banks they use. They then send phishing emails for the
specific bank. Spear phishing's goal is to gain access to information that
will allow the attacker to gain commercial advantage or commit fraud.
Spear phishing frequently involves sending seemingly genuine emails to
all employees or members of specific teams.
• Whaling is another form of phishing that is targeted toward senior
executives and high-profile victims.
• Vishing is similar to phishing. But instead of an email, the attacker uses
Voice over IP (VoIP) to gain sensitive information. The term is a
combination of voice and phishing.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_definition_01_np6.question.fex

Question 4:
Correct
What is the definition of any attack involving human interaction of some kind?
Answer

Attacker manipulation

An authorized hacker
Correct Answer:
Social engineering

An opportunistic attack

Explanation

Social engineering refers to any attack involving human interaction of some kind.
Attackers who use social engineering try to convince a victim to perform actions or
give out information they wouldn't under normal circumstances.
An opportunistic attack is typically automated and involves scanning a wide range of
systems for known vulnerabilities, such as old software, exposed ports, poorly
secured networks, and default configurations.
An authorized hacker helps companies find vulnerabilities in their security
infrastructure.
Social engineers are master manipulators and use multiple tactics on their victims.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_definition_02_np6.question.fex

Question 5:
Correct
Dumpster diving is a low-tech way of gathering information that may be useful for
gaining unauthorized access or as a starting point for more advanced attacks. How
can a company reduce the risk associated with dumpster diving?
Answer

Mandate the use of Integrated Windows Authentication.

Secure all terminals with screensaver passwords.

Create a strong password policy.

Correct Answer:
Establish and enforce a document destruction policy.

Explanation

Dumpster diving is best addressed with a Document Destruction Policy. All sensitive
documents should be shredded or burned, and employees should be trained on the
proper use of disposal equipment and the policies governing the disposal of sensitive
information.
A strong password policy, authentication types, and screensaver passwords are not
enough to prevent the risks associated with dumpster diving. Username and
password complexity efforts are wasted if employees document and dispose of this
information in an unsecure fashion.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_dumpster_diving_np6.question.fex

Question 6:
Correct
You have just received a generic-looking email that is addressed as coming from the
administrator of your company. The email says that as part of a system upgrade, you
need enter your username and password in a new website so you can manage your
email and spam using the new service.
What should you do?
Answer

Open a web browser, type in the URL included in the email, and follow the directions
to enter your login credentials.
Correct Answer:
Verify that the email was sent by the administrator and that this new service is
legitimate.

Delete the email.

Click on the link in the email and follow the directions to enter your login information.

Click on the link in the email and look for company graphics or information before
you enter the login information.

Explanation

You should verify that the email is legitimate and has come from your administrator.
It is possible that the network administrator has signed up for a new service. If you
ignore the message or delete it, you might not get the benefits the company has
signed up for. However, the email might be a phishing attack. An attacker might be
trying to capture personal information. By verifying the email with the administrator,
you will be able to tell if it is legitimate.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_email_01_np6.question.fex

Question 7:
Correct
Which of the following is a common social engineering attack?
Answer

Distributing false information about your organization's financial status.

Logging on with stolen credentials.

Correct Answer:
Hoax virus information emails.

Using a sniffer to capture network traffic.

Explanation

Hoax virus information emails are a form of social engineering attack. This type of
attack preys on email recipients who are fearful and will believe most information if it
is presented in a professional manner. All too often, the victims of these attacks fail
to double-check the information or instructions with a reputable third-party antivirus
software vendor before implementing the recommendations. Usually, these hoax
messages instruct the reader to delete key system files or download Trojan horses.
Social engineering relies on the trusting nature of individuals to incentivize them to
take an action or allow an unauthorized action.

References
• 12.4.2 Social Engineering Facts
q_social_engineering_hoax_np6.question.fex

Question 8:
Correct
On your way into the back entrance of your work building one morning, a man
dressed as a plumber asks you to let him in so he can fix the restroom. What should
you do?
Answer

Tell him no and quickly close the door.

Correct Answer:
Direct him to the front entrance and instruct him to check in with the receptionist.

Let him in and help him find the restroom. Then let him work.

Let him in.

Explanation

You should direct him to the front entrance where he can check in with the proper
authorities in your organization. Letting him in without knowing if he should be there
could compromise security. Turning him away would be unprofessional.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_piggybacking_np6.question.fex

Question 9:
Correct
Which of the following are examples of social engineering attacks? (Select two.)
Answer

Port scanning
Correct Answer:
Dumpster diving
Correct Answer:
Shoulder surfing

Impersonation

War dialing
Explanation

Social engineering leverages human nature. Internal employees are often the targets
of trickery, and false trust can quickly lead to a serious breach of information
security. Shoulder surfing and dumpster diving are examples of social engineering.
Shoulder surfing is the act of looking over an authorized user's shoulder in hopes of
obtaining an access code or credentials. Social engineers often employ keystroke
loggers to capture usernames and passwords. These low-tech attack methods are
often the first course of action that a hacker pursues.
Port scanning and war dialing are technical attacks that seek to take advantage of
vulnerabilities in systems or networks.
Impersonation is pretending to be trustworthy and having a legitimate reason for
approaching the target. This is done with the purpose of asking for sensitive
information or access to protected systems.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_shoulder_01_np6.question.fex

Question 10:
Correct
A senior executive reports that she received a suspicious email concerning a
sensitive internal project that is behind production. The email was sent from
someone she doesn't know, and he is asking for immediate clarification on several of
the project's details so the project can get back on schedule.
Which type of attack BEST describes the scenario?
Answer
Correct Answer:
Whaling

MAC spoofing

Masquerading

Passive

Explanation

Whaling is a form of social engineering attack that targets senior executives and
high-profile victims. Social engineering is an attack that exploits human nature by
convincing someone to reveal information or perform an activity.
Masquerading is convincing personnel to grant access to sensitive information or
protected systems by pretending to be someone who is authorized and/or requires
that access. Passive social engineering attacks take advantage of the unintentional
actions of others to gather information or gain access to a secure facility. MAC
spoofing is changing the source MAC address on frames sent by the attacker. MAC
spoofing can be used to hide the identity of the attacker's computer or to
impersonate another device on the network.

References

• 12.4.2 Social Engineering Facts

q_social_engineering_whaling_np6.question.fex
12.5.10 Crack a Password with John the Ripper

Lab Report
Time Spent: 05:41

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions & Questions

 Crack the password for the Linux computer

 Q1: What is the password for the Linux computer?

 Crack the password for the zip file

 Q2: What is the password for the protected.zip file?

EXPLANATION
Complete this lab as follows:

1. Crack the root password on Support.

a. From the Favorites bar, select Terminal.
b. At the prompt, type cd /usr/share/john and press Enter to change directories to the folder containing
the John the Ripper password file.
c. Type ls and press Enter to list the files in the directory.
d. Type cat password.lst and press Enter to view the password list. This is an abbreviated list.
e. Type cd and press Enter to go back to root.
f. Type john /etc/shadow and press Enter to crack the Linux passwords.
Notice that the root password of 1worm4b8 was cracked.
g. Type john /etc/shadow and press Enter to attempt to crack the Linux passwords again.
Notice that it does not attempt to crack the password again. The cracked password is already stored in
the john.pot file.
h. Type cat ./.john/john.pot and press Enter to view the contents of the john.pot file.
i. Type john /etc/shadow --show and press Enter as an alternate method of viewing the previously
cracked password.
j. From the top right, select Answer Questions.
k. Answer Question 1.
2. Crack the password of the protected.zip file.
a. From the top left, select Floor 1 Overview.
b. Under IT Administration, select IT-Laptop.
c. From the Favorites bar, select Terminal.
d. At the prompt, type ls and press Enter to view the contents of the home directory. Notice the
protected.zip file you wish to crack.
e. Type zip2john protected.zip > ziphash.txt and press Enter to copy the hashes to a text file.
f. Type cat ziphash.txt and press Enter to confirm that the hashes have been copied.
g. Type john --format=pkzip ziphash.txt and press Enter to crack the password.
h. Type john ziphash.txt --show and press Enter to show the password.
i. From the top right, select Answer Questions.
j. Answer Question 2.
k. Select Score Lab.

Lab Report
Time Spent: 04:37

Score: 5/5 (100%) Pass Passing Score: 5/5 (100%)

TASK SUMMARY

Required Actions

 Enable DHCP snooping globally for SwitchA

 Enable DHCP snooping for VLAN1 on SwitchA

 Configure Fa0/24 as a trusted interface for DHCP snooping

 Enable dynamic ARP inspection for VLAN1 on SwitchA

 Save the configuration changes on SwitchA

EXPLANATION

Complete this lab as follows:

1. Enable DHCP snooping globally on SwitchA.

a. Select SwitchA.
b. In the terminal, press Enter to get started.
c. At the SwitchA> prompt, type enable and press Enter.
d. At the SwitchA# prompt, type config t and press Enter.
e. At the SwitchA(config)# prompt, type ip dhcp snooping and press Enter.
2. Enable DHCP snooping for VLAN1.
a. At the SwitchA(config)# prompt, type ip dhcp snooping vlan 1 and press Enter.
b. At the SwitchA(config)# prompt, type int fa0/24 and press Enter.
3. Configure the port that the DHCP server is connected to as a trusted interface for DHCP snooping.
a. At the SwitchA(config-if)# prompt, type ip dhcp snooping trust and press Enter.
b. At the SwitchA(config-if)# prompt, type exit and press Enter.
4. Enable dynamic ARP inspection for VLAN1.
a. At the SwitchA(config)# prompt, type ip arp inspection vlan 1 and press Enter.
b. Press Ctrl + Z.
5. Save the changes to the startup-config file.
a. At the SwitchA# prompt, type copy run start and press Enter.
b. Press Enter to begin building the configuration.

Lab Report
Time Spent: 01:52

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Lab Questions

 Q1: What is the MAC address of the first responding device?

 Q2: What is the MAC address of the duplicate responding device?

EXPLANATION
Complete this lab as follows:

1. Use Wireshark to capture packets on the enp2s0 interface for five seconds.
a. From the Favorites bar, select Wireshark.
b. Maximize the window for easier viewing.
c. Under Capture, select enp2s0.
d. Select the blue fin to begin a Wireshark capture.
e. After capturing packets for five seconds, select the red box to stop the Wireshark capture.
2. Analyze the Wireshark packets to determine whether ARP poisoning is taking place.
a. In the Apply a display filter field, type arp and press Enter to only show ARP packets.
b. In the Info column, look for lines containing the 192.168.0.2 IP address.
c. From the top right, select Answer Questions.
d. Answer the questions.
e. Select Score Lab.

Lab Report
Time Spent: 04:54

Score: 7/7 (100%) Pass Passing Score: 7/7 (100%)

TASK SUMMARY

Required Actions & Questions

 Q1: When a user tries to access the rmksupplies.com site, which IP address will they be redirected
to?

 Use Ettercap to begin unified sniffing on the enp2s0 interface

 Set Exec as the target machine

 Initiate DNS spoofing using the Ettercap plug-in

 Initiate ARP poisoning on remote connections

 Confirm the redirection to Exec

 Q2: Which of the following was a result of the DNS spoofing attack?

EXPLANATION
Complete this lab as follows:

1. From Exec, view normal access to the RMK Office Supplies website.
a. From the taskbar, select Google Chrome.
b. In the URL field, type www.rmksupplies.com and press Enter.
Notice that you are taken to the RMK Office Supplies website.
c. Close Google Chrome.
2. From Support, learn how Ettercap's DNS spoofing plug-in works by viewing the host file (etter.dns).
a. From the top left, select Floor 1 Overview.
b. Under Support Office, select Support.
c. From the Favorites bar, select Terminal.
d. From the Terminal prompt, type cd /etc/ettercap and then press Enter to change to the Ettercap
directory.
e. Type ls and then press Enter to view the current files.
f. Type cat etter.dns and then press Enter to view the contents of the etter.dns file.

Typing cat etter.dns | less lets you view the file one line at a time. If used, type q to end the
cat command.

g. At the bottom, locate the line that specifies where the RMK Office Supplies website will be redirected.
h. From the top right, select Answer Questions.
i. Answer Question 1.
j. Minimize the Answer Questions dialog.
3. Use Ettercap to begin unified sniffing on the enp2s0 interface.
a. From the Favorites bar, select Ettercap.
b. Select Sniff > Unified sniffing...
c. From the Network Interface drop-down list, select enp2s0.
d. Select OK.
4. Set Exec (192.168.0.30) as the target machine.
a. Select Hosts > Host list to view the hosts known to the tool.
None are shown.
b. Select Hosts > Scan for hosts to scan for hosts on the network.
A list of hosts is shown.
c. Under IP Address, select 192.168.0.30 (the Exec computer).
d. Select Add to Target 1 to assign it as the target.
5. Initiate DNS spoofing using the Ettercap plug-in.
a. Select Plugins > Manage the plugins.
b. Select the Plugins tab.
c. Double-click dns_spoof to activate it.
6. Initiate ARP poisoning on remote connections.
a. Select Mitm > ARP poisoning.
b. Select Sniff remote connections.
c. Select OK.
7. From Exec, attempt to access the RMK Office Supplies site to view the results of the DNS spoofing.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Exec.
c. From the taskbar, select Google Chrome.
d. In the URL field, type www.rmksupplies.com and press Enter.
e. From the top right, select Answer Questions.
f. Answer Question 2.
g. Select Score Lab.

Lab Report
Time Spent: 04:17

Score: 6/6 (100%) Pass Passing Score: 6/6 (100%)

TASK SUMMARY

Required Actions & Questions

 On IT-Laptop, launch a DHCP on-path (MITM) attack using Ettercap

 On Support: Show Details

 Q1: What is the IP address of Support's current default gateway?

 Q2: Which gateway addresses are provided in the DHCP ACK packets?

 Q3: Which packet contains the spoofed ACK packet?

 On Office1: Show Details

EXPLANATION
Complete this lab as follows:

1. From IT-Laptop, start unified sniffing on the enp2s0 interface.

a. From the Favorites bar, select Ettercap.
b. Select Sniff > Unified sniffing.
c. From the Network Interface drop-down list, select enp2s0.
d. Select OK.
e. Select Mitm > DHCP spoofing and then configure the Server Information as follows:
Netmask: 255.255.255.0.
DNS: 192.168.0.11.
f. Select OK.
2. Find the current default gateway for Support.
a. From the top left, select Floor 1 Overview.
b. Under Support Office, select Support.
c. From the Favorites bar, select Terminal.
d. Type route and press Enter.
e. From the top right, select Answer Questions.
f. Answer Question 1.
g. Minimize the Lab Questions dialog.
3. Start a Wireshark capture that filters for bootp packets.
a. From the Favorites bar, select Wireshark.
b. Under Capture, select enp2s0.
c. Select the blue fin to begin a Wireshark capture.
d. In the Apply a display filter field, type bootp and press Enter.
4. Request a new IP address from the DHCP server for the enp2s0 interface.
a. At the terminal prompt:
Type ip link set enp2s0 down and press Enter to bring the interface down.
Type ip link set enp2s0 up and press Enter to bring the interface back up.
b. Maximize Wireshark for easier viewing.
In Wireshark, under the Info column, notice there are two DHCP ACK packets. One is the legitimate
acknowledgment (ACK) packet from the DHCP server, and the other is the spoofed ACK packet.
5. Determine which DHCP ACK packet is the spoofed packet.
a. Select one of the DHCP ACK packets received.
b. In the middle panel, expand Bootstrap Protocol (ACK).
c. Expand Option: (3) Router.
Make note of the IP address used by the router.
d. Repeat steps 5a-5c for the second ACK packet.
e. From the top right, select Answer Questions.
f. Answer the Questions 2 and 3.
g. Minimize Wireshark and the Lab Questions dialog so you can see the terminal window.
h. At the terminal prompt, type route and press Enter.
Notice that the current gateway is now 192.168.0.46.
This is the address of the computer performing the on-path (man-in-the-middle) attack.
6. On Office1, view the current default gateway and the route to rmksupplies.com site.
a. From the top left, select Floor 1 Overview.
b. Under Office 1, select Office1.
c. Right-click Start and select Windows PowerShell (Admin).
d. At the PowerShell prompt, type tracert rmksupplies.com and press Enter.
Notice that the first hop is 192.168.0.5.
e. Type ipconfig and press Enter to view the IP address configuration for the computer.
The configuration for Office1 is:
IP address: 192.168.0.33
Default Gateway: 192.168.0.5
f. At the prompt, type ipconfig /release and press Enter to release the currently assigned addresses.
g. Type ipconfig /renew and press Enter to request a new IP address from the DHCP server.
Notice that the default gateway has changed to the attacker's computer, which has an IP address of
192.168.0.46.
h. Type tracert rmksupplies.com and press Enter.
Notice that the first hop is now 192.168.0.46 (the address of the attacker's computer).
7. Using Google Chrome, log into the rmksupplies.com Employee Portal.
a. From the taskbar, select Google Chrome.
b. Maximize the window for easier viewing.
c. In the URL field, enter rmksupplies.com and press Enter.
d. At the bottom of the page, select Employee Portal and login using the following:
Username: bjackson.
Password: $uper$ecret1.
e. Select Login.
You are logged in as Blake Jackson.
8. From IT-Laptop, find the captured username and password in Ettercap.
a. From the top left, select Floor 1 Overview.
b. Under IT Administration, select IT-Laptop.
c. Maximize Ettercap.
d. In Ettercap's bottom pane, find the username and password used to log in to the Employee Portal.
9. Score the lab.
a. From the top right, select Answer Questions to end the lab.
b. Select Score Lab.

Lab Report
Time Spent: 02:25

Score: 4/4 (100%) Pass Passing Score: 4/4 (100%)

TASK SUMMARY

Required Actions & Questions

 Q1: Which computers have port 3389 open?

 Q2: Which computers have port 5900 open?

 Disable and stop services on port 3389 on Office2 Show Details

 Disable and stop services on port 5900 on ITAdmin Show Details

EXPLANATION
While completing this lab, use the following information:

Ports to scan:
3389 - Remote Desktop Services (TermServices)
5900 - VNC Server (vncserver)
Computer identification:

IP Address Computer Name

192.168.0.30 Exec

192.168.0.31 ITAdmin

192.168.0.32 Gst-Lap

192.168.0.33 Office1

192.168.0.34 Office2

192.168.0.45 Support

192.168.0.46 IT-Laptop

Complete this lab as follows:

1. Using Zenmap, scan the network for open remote access ports.
a. From the Favorites bar, select Zenmap.
b. Maximize the windows for better viewing.
c. In the Command field, use nmap -p [port number] 192.168.0.0/24 to scan the port.
d. Select Scan (or press Enter) to scan the subnet for a given service.
e. Using the table in the scenario, identify the computer(s) with the open port using the IP address found.
f. From the top right, select Answer Questions.
g. Answer Question 1.
h. Repeat steps 1c-1e and then answer Question 2.
2. For computers that have a remote access service port open, disable and then stop the applicable service
from running.
a. From the top left, select Floor 1 Overview.
b. Select the computer with the remote access service port open. If needed, minimize or move the Lab
Questions dialog.
c. Right-click Start and select Computer Management.
d. From the left pane, expand and select Services and Applications > Services.
e. Maximize the window for better viewing.
f. Double-click the service (Remote Desktop Services or VNC Server) that needs to be stopped.
g. Using the Startup type drop-down menu, select Disabled.
h. Under Service status, select Stop.
i. Select OK.
j. Repeat step 2a-2i.
k. From the top right, select Answer Questions.
l. Select Score Lab.

You would also want to remove or uninstall these services.

Lab Report
Time Spent: 02:09

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Enable service

 Disable service

EXPLANATION
Complete this lab as follows:

1. Enable the Anaconda service.

a. From the Favorites bar, select Terminal.
b. At the Terminal prompt, type systemctl enable anaconda.service and then press Enter.
c. Type systemctl is-enabled anaconda.service and then press Enter to check the service's status.
2. Disable the VMware Tools service.
a. Type systemctl disable vmtoolsd.service and press Enter.
b. Type systemctl is-enabled vmtoolsd.service and press Enter to check the service's status.

Lab Report
Time Spent: 05:33

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions

 Configure the password policy Show Details

 Configure the account lockout policy Show Details

EXPLANATION
In this lab, your task is to edit the Local Security Policy and configure settings as follows:

Policy Location Policy Setting

Enforce password history 10

Maximum password age 90

Minimum password age 14

Account Policies/Password Policy
Minimum password length 8

Passwords must meet complexity

Enabled
requirements

Account lockout threshold 5

Account Policies/Account Lockout
Account lockout duration 60
Policy
Reset account lockout counter after 10

Complete this lab as follows:

1. Using Windows Administrative Tools, access the Local Security Policy.

a. Select Start.
b. Locate and expand Windows Administrative Tools.
c. Select Local Security Policy.
d. Maximize the window for easier viewing.
2. Configure the password policies.
a. From the left pane, expand Account Policies and then select Password Policy.
b. From the center pane, expand the Policy column for better viewing.
c. Double-click the policy to be configured.
d. Configure the policy settings.
e. Click OK.
f. Repeat steps 2c-2e to configure the additional password policies.
3. Configure the account lockout policies.
a. From the left pane, select Account Lockout Policy.
b. From the center pane, expand the Policy column.
c. Double-click the policy to be configured.
d. Configure the policy settings (as needed, answer any prompts shown).
e. Click OK.
f. Repeat steps 3c-3e to configure the additional lockout policies.

Lab Report
Time Spent: 01:20

Score: 1/1 (100%) Pass Passing Score: 1/1 (100%)

TASK SUMMARY

Required Actions

 Change your password without using the usermod -p command

EXPLANATION
Complete this lab as follows:

1. Open the Terminal.

a. From the Favorites bar, select Terminal.
2. Change your password to V3rySecure1@.
a. From the Terminal's prompt, type passwd and press Enter.
b. When prompted, enter your current password of P@ssw0rd (use a zero) and then press Enter.

As you type in the password, the cursor will not move. Continue entering the password
anyway.

c. At the New password prompt, type V3rySecure1@ and then press Enter.
d. Retype V3rySecure1@ as the new password and then press Enter.

Lab Report
Time Spent: 02:02

Score: 2/2 (100%) Pass Passing Score: 2/2 (100%)

TASK SUMMARY

Required Actions & Questions

 Q1: What is your username?

 Change Pascal Bullock's password

EXPLANATION
Complete this lab as follows:

1. Find your username.

a. From the Favorites bar, select Terminal.
b. Type whoami at the prompt.
c. From the top right, select Answer Questions.
d. Answer the question.
2. Change Pascal Bullock's password.
a. At the prompt, type su -c "passwd pbullock" and then press Enter.
b. Type P@ssw0rd and then press Enter.
This is the password for the root user.
c. At the New password prompt, type 1234asdf and then press Enter.
This is the new password for the schawla user account.
d. At the Retype new password prompt, type 1234asdf and then press Enter.
e. Select Score Lab.

Lab Report
Time Spent: 01:33

Score: 3/3 (100%) Pass Passing Score: 3/3 (100%)

TASK SUMMARY

Required Actions

 Import the latest firmware image for the Cisco switch

 Change the switch's active image to 1.2.7.76

 Reboot the switch

EXPLANATION
Complete this lab as follows:

1. Import a new firmware image for the Cisco switch.

a. From the right pane, under Quick Access, select Upgrade Device Software.
b. For File Name, select Choose File.
c. Browse to and select C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.
d. Select Open.
e. Select Apply.
f. Select OK.
g. Select Done.
2. Change the switch's active image to 1.2.7.76.
a. From the left pane, under Administration > File Management, select Active Image.
b. For Active Image After Reboot, use the drop-down menu to select 1.2.7.76.
c. Select Apply.
3. Reboot the switch to be able to start using the new firmware.
a. From the left pane, under Administration, select Reboot.
b. From the right pane, select Reboot.
c. Select OK.

Lab Report
Time Spent: 04:57

Score: 14/14 (100%) Pass Passing Score: 14/14 (100%)

TASK SUMMARY

Required Actions & Questions

 Isolate traffic with the net 192.168.0.0 filter.

 Q1: What is the effect of the net 192.168.0.0 filter in Wireshark?

 Isolate traffic with the host 192.168.0.45 filter.

 Q2: What is the effect of the host 192.168.0.45 filter in Wireshark?

 Isolate traffic with the ip.src==192.168.0.45 filter.

 Q3: What is the effect of the ip.src==192.168.0.45 filter in Wireshark?

 Isolate traffic with the ip.dst==192.168.0.45 filter.

 Q4: What is the effect of the ip.dst==192.168.0.45 filter in Wireshark?

 Isolate traffic with the tcp.port==80 filter.

 Q5: What is the effect of the tcp.port==80 filter in Wireshark?

 Isolate traffic with the eth contains 11:12:13 filter.

 Q6: What is the effect of the eth contains 11:12:13 filter in Wireshark?

 Isolate traffic with the tcp contains password filter.

 Q7: What is the captured password?

EXPLANATION
Complete this lab as follows:

1. Begin a Wireshark capture.

a. From the Favorites bar, select Wireshark.
b. Maximize the window for easier viewing.
c. Under Capture, select enp2s0.
d. Select the blue fin to begin a Wireshark capture.
2. Apply the net 192.168.0.0 filter.
a. In the Apply a display filter field, type net 192.168.0.0 and press Enter.
Look at the source and destination addresses of the filtered packets.
b. Select the red square to stop the Wireshark capture.
c. In the top right, select Answer Questions.
d. Answer Question 1.
3. Apply the host 192.168.0.45 filter.
a. Select the blue fin to begin a Wireshark capture.
b. In the Apply a display filter field, type host 192.168.0.45 and press Enter.
Look at the source and destination addresses of the filtered packets.
c. Answer Question 2.
4. Apply the ip.src==192.168.0.45 filter.
a. In the Apply a display filter field, type ip.src==192.168.0.45 and press Enter.
Look at the source and destination addresses of the filtered packets.
b. Answer Question 3.
5. Apply the ip.dst==192.168.0.45 filter.
a. In the Apply a display filter field, type ip.dst==192.168.0.45 and press Enter.
Look at the source and destination addresses of the filtered packets.
b. Answer Question 4.
6. Apply the tcp.port==80 filter.
a. In the Apply a display filter field, type tcp.port==80 and press Enter.
Look in the Info column of the filtered packets.
b. Answer Question 5.
7. Apply the eth contains 11:12:13 filter.
a. In the Apply a display filter field, type eth contains 11:12:13 and press Enter.
Look at the source and destination addresses of the filtered packets.
b. Answer Question 6.
8. Apply the tcp contains password filter.
a. In the Apply a display filter field, type tcp contains password and press Enter.
b. Select the red box to stop the Wireshark capture.
c. From the bottom pane, locate the password.
d. Answer Question 7.
e. Select Score Lab.

Copyright © 2023 TestOut Corp. Copyright © The Computing Technology Industry Association, Inc. All rights
reserved.
While browsing the internet, you notice that the browser displays ads linked to recent
keyword searches you performed.
Which attack type is this an example of?
Answer

Logic bomb

Zombie
Correct Answer:
Adware

Worm

Explanation

Adware monitors actions that denote personal preferences and sends pop-ups and
ads that match those preferences. Adware:
• Is usually passive.
• Is privacy-invasive software.
• Is installed on your machine when you visit a particular website or run an
application.
• Is usually more annoying than harmful.
A logic bomb is designed to execute only under predefined conditions and lays
dormant until the condition is met.
A worm is a self-replicating virus.
A zombie is a computer that's infected with malware in order to allow remote
software updates and control by a command and control center, which is called a
zombie master.

References

• 12.5.2 Malware Facts

q_malware_adware_np6.question.fex

Question 2:
Correct
What should you try first if your antivirus software does not detect and remove a
virus?
Answer

Set the read-only attribute of the file you believe to be infected.

Correct Answer:
Update your virus detection software.
Search for and delete the file you believe to be infected.

Scan the computer using another virus detection program.

Explanation

Virus detection software can only search for viruses listed in its known virus data file.
An outdated file can prevent the virus detection software from recognizing a new
virus.

References

• 12.5.2 Malware Facts

q_malware_anti_virus_05_np6.question.fex

Question 3:
Correct
Which of the following best describes spyware?
Answer
Correct Answer:
It monitors the actions you take on your machine and sends the information back to
its originating source.

It is a program that attempts to damage a computer system and replicate itself to

other computer systems.

It is a malicious program that is disguised as legitimate software.

It monitors user actions that denote personal preferences and then sends pop-ups
and ads to the user that match their tastes.

Explanation

Spyware monitors the actions you take on your machine and sends the information
back to its originating source.
Adware monitors user actions that denote personal preferences and then sends pop-
ups and ads to the user that match their taste.
A virus is a program that attempts to damage a computer system and replicate itself
to other computer systems.
A Trojan horse is a malicious program that is disguised as legitimate software.

References

• 12.5.2 Malware Facts

q_malware_spyware_01_np6.question.fex
Question 4:
Correct
What is the main difference between a worm and a virus?
Answer
Correct Answer:
A worm can replicate itself, while a virus requires a host for distribution.

A worm tries to gather information, while a virus tries to destroy data.

A worm is restricted to one system, while a virus can spread from system to system.

A worm requires an execution mechanism to start, while a virus can start itself.

Explanation

A worm is a self-replicating program that uses a network to replicate itself to other

systems. A worm does not require a host system to replicate.
Both viruses and worms can cause damage to data and systems, and both spread
from system to system, although a worm can spread itself, while a virus attaches
itself to a host for distribution.

References

• 12.5.2 Malware Facts

q_malware_worm_virus_np6.question.fex

Question 5:
Correct
Which of the following BEST describes the key difference between DoS and DDoS?
Answer
Correct Answer:
Attackers use numerous computers and connections.

Results in the server being inaccessible to users.

The target server cannot manage the capacity.

Sends a large number of legitimate-looking requests.

Explanation

The DoS attacks that you probably hear the most about are distributed denial-of-
service attacks (DDoS attacks). The key difference is these attacks use numerous
computers and numerous internet connections across the world to overload the
target systems. DDoS attacks are usually executed through a network of devices
that the attacker has gained control of.
DoS attacks use a single connection to attack a single target. With all DoS attacks,
the attacker sends a large number of legitimate-looking requests to the server in a
way that the server cannot determine which requests are valid and which are not.
This barrage of requests overwhelms the system to the point that the server cannot
manage the capacity, resulting in the server being inaccessible to other users.

References

• 12.5.5 Denial of Service

q_dos_diffference_02_np6.question.fex

Question 6:
Correct
Which type of denial-of-service (DoS) attack occurs when a name server receives
malicious or misleading data that incorrectly maps hostnames to IP addresses?
Answer

SYN flood
Correct Answer:
DNS poisoning

Spam

ARP poisoning

Explanation

DNS poisoning occurs when a name server receives malicious or misleading data
that incorrectly maps hostnames to IP addresses. In a DNS poisoning attack:
• Incorrect DNS data is introduced into a primary DNS server.
• The incorrect mapping is made available to client applications through the
resolver.
• Traffic is directed to incorrect sites.
ARP poisoning corrupts the ARP cache or sends incorrect ARP data that spoofs
MAC addresses, causing devices to send frames to the wrong host or an
unreachable host.
Spam sent in great amounts can consume bandwidth or fill a mailbox, leaving no
room for legitimate traffic.
The SYN flood exploits the TCP three-way handshake.

References
• 12.5.5 Denial of Service
q_dos_dns_poisioning_03_np6.question.fex

Question 7:
Correct
Which of the following is an attack that either exploits a software flaw or floods a
system with traffic in order to prevent legitimate activities or transactions from
occurring?
Answer

On-path attack

Brute force attack

Correct Answer:
Denial-of-service attack

Privilege escalation

Explanation

A denial-of-service attack either exploits a software flaw or floods a system with

traffic in order to prevent legitimate activities or transactions from occurring.
A brute force attack tries every valid key or code sequence in an attempt to discover
a password or encryption key. Brute force attacks will always be successful given
enough time (however, enough time could be millennia).
An on-path attack involves a third party placing themselves between two legitimate
communication partners in order to intercept and alter their transmissions.
Privilege escalation is a user stealing or obtaining high-level privileges on a
computer system.

References

q_password_attacks_dumpster_np6.question.fex

Question 11:
Correct
As you are helping a user with a computer problem, you notice that she has written
her password on a note stuck to her computer monitor. You check your company's
Password Policy and find that the following settings are currently required:
• Minimum password length = 10
• Minimum password age = 4
• Maximum password age = 30
• Password history = 6
• Account lockout clipping level = 3
• Require complex passwords that include numbers and symbols
Which of the following is the best action to take to make remembering passwords
easier so that the user no longer has to write their password down?
Answer

Decrease the minimum password length.

Remove the complex password requirement.

Correct Answer:
Implement end user training.

Increase the maximum password age.

Increase the account lockout clipping level.

Explanation

The best solution is to implement end user training. Instruct users on the importance
of security and teach them how to create and remember complex passwords.
Making any other changes would violate the Password Policy and reduce every
password's overall security.

References

• 12.5.9 Password Attack Facts

q_password_attacks_user_training_np6.question.fex
A router on the border of your network detects a packet with a source address from
an internal client, but the packet was received on the internet-facing interface.
Which attack form is this an example of?
Answer

Snooping

Sniffing

Spamming
Correct Answer:
Spoofing

Explanation

This scenario is an example of spoofing, which is the act of changing or falsifying

information in order to mislead or re-direct traffic. In this scenario, the received
packet cannot be valid and from the stated source.
Snooping is the act of spying on private information or communications. One type of
snooping is sniffing. Sniffing is the act of capturing network packets in order to
examine their contents.
Spamming is sending a victim unwanted and unrequested email messages.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_01_np6.question.fex

Question 2:
Correct
What is spoofing?
Answer
Correct Answer:
Changing or falsifying information in order to mislead or re-direct traffic.

Sending a victim unwanted and unrequested email messages.

Capturing network packets in order to examine the contents.

Spying on private information or communications.

Explanation
Spoofing is the act of changing or falsifying information in order to mislead or re-
direct traffic. For example, an email-based spoofing attack changes the source email
address so that it is impossible to backtrack the message to its original source. Other
examples of spoofing attacks are Smurf and fraggle attacks. These attacks send
ICMP or UDP echo requests that have spoofed source addresses to an intermediary
system. The echo responses are returned to the stated source address, which is not
the sender's real address but that of the intended victim. A land attack is another
example of an attack that utilizes spoofing. A land attack is when a SYN packet (the
first packet of the TCP three-way handshake) is sent to a server, but the source
address is spoofed as the target server's address.
Snooping is the act of spying on private information or communications. One type of
snooping is sniffing. Sniffing is the act of capturing network packets in order to
examine the contents.
Spamming is sending a victim unwanted and unrequested email messages.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_02_np6.question.fex

Question 3:
Correct
Which type of activity changes or falsifies information in order to mislead or re-direct
traffic?
Answer
Correct Answer:
Spoofing

Snooping

Spamming

Sniffing

Explanation

Spoofing changes or falsifies information in order to mislead or re-direct traffic.

Snooping is the act of spying on private information or communications. One type of
snooping is sniffing. Sniffing captures network packets in order to examine the
contents.
Spamming is sending a victim unwanted and unrequested email messages.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_03_np6.question.fex

Question 4:
Correct
Which of the following is the term used to describe what happens when an attacker
sends falsified messages to link their MAC address with the IP address of a
legitimate computer or server on the network?
Answer
Correct Answer:
ARP poisoning

Port mirroring

MAC spoofing

MAC flooding

Explanation

Address Resolution Protocol (ARP) poisoning is when an attacker sends fake ARP
messages to link their MAC address with the IP address of a legitimate computer or
server on the network. Once their MAC address is linked to an authentic IP address,
the attacker can receive any messages directed to the legitimate address. As a
result, the attacker can intercept, modify, or block communications to the legitimate
MAC address.
Port mirroring creates a duplicate of all network traffic on a port and sends it to
another device.
MAC flooding is when an attacker intentionally floods a Content Addressable
Memory (CAM) table with Ethernet frames, each originating from different MAC
addresses. Once the table starts to overflow, the switch responds by broadcasting all
incoming data to all ports, basically turning itself into a hub instead of a switch.
MAC spoofing bypasses access control lists on servers or routers by either hiding a
computer on a network or by allowing the computer to impersonate another device.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_arp_01_np6.question.fex

Question 5:
Correct
Which of the following attacks can also be used to perform denial of service (DoS)
attacks?
Answer
Hijacking

Null session

MAC flooding
Correct Answer:
ARP spoofing

Explanation

ARP spoofing (poisoning) associates the attacker's MAC address with the IP
address of a victim's device. When computers send an ARP request to get the MAC
address of a known IP address, the attacker's system responds with its MAC
address. ARP spoofing can also be used to perform denial of service (DoS) attacks
by redirecting communications to fake or nonexistent MAC addresses.
MAC flooding overloads a switch's MAC forwarding table to make the switch function
like a hub. The attacker floods the switch with packets, each containing different
source MAC addresses. The flood of packets fills up the forwarding table and
consumes so much of the memory in the switch that it causes it to enter a state
called fail-open mode in which all incoming packets are broadcast out all ports (as
with a hub) instead of just to the correct ports.
A null session is the ability to log on using a blank username and password.
With hijacking, an attacker steals an open session, inserting himself or herself into
the session in place of the original client.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_arp_02_np6.question.fex

Question 6:
Correct
Using sniffers has become one way for an attacker to view and gather network
traffic. If an attacker overcomes your defenses and obtains network traffic, which of
the following is the BEST countermeasure for securing the captured network traffic?
Answer

Use intrusion detection countermeasures.

Eliminate unnecessary system applications.

Explanation

A false server intercepting communications from a client by impersonating the

intended server is a form of an on-path attack.
Convincing an employee to reveal his or her logon credentials over the phone is an
example of a social engineering attack.
Constructing an IP packet that is larger than the valid size is a land attack.
Planting malicious code that waits for a triggering event before activating is a logic
bomb.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_on_path_01_np6.question.fex

Question 10:
Correct
Which of the following attack types consists of capturing packets as they travel from
one host to another with the intent of altering the contents?
Answer

Passive logging
Correct Answer:
On-path

Spoofing

Spamming

Explanation

Capturing packets between two existing communication partners is a type of on-path

attack. As this attack's name implies, traffic is intercepted somewhere in the middle
of the communication. The best way to protect against on-path attacks is to use
session encryption or line encryption solutions.
Passive logging is a means of recording information about network traffic or system
operations without affecting either in any way.
Spamming is sending a victim unwanted and unrequested email messages.
Spoofing changes or falsifies information in order to mislead or re-direct traffic.

References

• 12.6.2 Session and Spoofing Attack Facts

q_session_spoof_attacks_on_path_02_np6.question.fex
A network switch is configured to perform the following validation checks on its ports:
• All ARP requests and responses are intercepted.
• Each intercepted request is verified to ensure that it has a valid IP-to-MAC
address binding.
• If the packet has a valid binding, the switch forwards the packet to the
appropriate destination.
• If the packet has an invalid binding, the switch drops the ARP packet.
Which security feature was enabled on the switch to accomplish this task?
Answer

Port security
Correct Answer:
Dynamic ARP inspection

IGMP snooping

DHCP snooping

Explanation

Dynamic ARP inspection (DAI) is designed to prevent on-path attacks by validating

ARP packets on the network. When DAI is enabled, the switch performs several
validation checks on an untrusted port. For example:
•All ARP requests and responses are intercepted.
•Each intercepted request is verified to ensure that it has a valid IP-to-MAC
address binding.
• If the packet has a valid binding, the switch forwards the packet to the
appropriate destination.
• If the packet has an invalid binding, the switch drops the ARP packet.
DHCP snooping filters out untrusted DHCP messages.
IGMP snooping allows a switch to control which ports get IGMP traffic for a specific
group.
Port security restricts which hosts can connect to a switch port by MAC address.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_arp_inspection_np6.question.fex

Question 2:
Correct
A network switch detects a DHCP frame on the LAN that appears to have come from
a DHCP server that is not located on the local network. In fact, it appears to have
originated from outside the organization's firewall.
As a result, the switch drops the DHCP message from that server.
Which security feature was enabled on the switch to accomplish this?
Answer

Port security

IGMP snooping
Correct Answer:
DHCP snooping

Dynamic ARP inspection

Explanation

Some switches provide DHCP snooping as a security feature, which filters untrusted
DHCP messages. An untrusted DHCP message is received from outside the
network or firewall. DHCP snooping acts like a firewall between DHCP clients and
your DHCP servers. The switch maintains a DHCP snooping binding table that
matches MAC addresses with DHCP messages. When DHCP snooping is enabled,
the switch drops DHCP messages if the frame from the DHCP server is received
from outside the network or firewall. It also drops DHCP messages if the source
MAC address and the DHCP client MAC address do not match in the DHCP
snooping binding table.
IGMP (Internet Group Management Protocol) snooping allows a switch to control
which ports get IGMP traffic for a specific group.
Port security restricts which hosts can connect to a switch port based on MAC
address.
Dynamic ARP inspection is designed to prevent on-path attacks by validating ARP
packets on the network.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_dhcp_snooping_np6.question.fex

Question 3:
Correct
You are in the process of implementing a Network Access Protection (NAP)
infrastructure to increase your network's security.
You are currently configuring the remediation network that non-compliant clients will
connect to in order to become compliant. The remediation network needs to be
isolated from the secure network.
Which technology should you implement to accomplish this task?
Answer

Port security
Virtual private network (VPN)

Data encryption using PKI

Correct Answer:
Network segmentation

Explanation

Implementing network segmentation would isolate the remediation server from the
rest of the network while still allowing the remediation server to contact the NAP
infrastructure.
A virtual private network (VPN) is used to create a secure connection between two
hosts or two sites over an unsecure network.
Encrypting data transmissions using PKI would only protect transmitted data, not
isolate the remediation network.
Port security is used to identify allowed and denied devices that connect to a switch
port. Doing this would not isolate the remediation network.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_nap_01_np6.question.fex

Question 4:
Correct
Match the Network Access Protection (NAP) component on the left with its
description on the right.
Generates a Statement of Health (SoH) that reports the client configuration for health
requirements.

NAP client
correct answer:
Runs the System Health Validator (SHV) program.

NAP server
correct answer:
Is clients' connection point to the network.

Enforcement server (ES)

correct answer:
Contains resources accessible to non-compliant computers on a limited-access
network.
Remediation server
correct answer:
Keyboard Instructions

Explanation

NAP uses the following components:

• The NAP client generates a Statement of Health (SoH) that reports the
client configuration for health requirements.
• A NAP server runs the System Health Validator (SHV).
• The enforcement server (ES) is the clients' connection point to the
network.
• The remediation server contains resources accessible to non-compliant
computers on a limited-access network.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_nap_02_np6.question.fex

Question 5:
Correct
You manage a network that uses switches. In the lobby of your building are three
RJ45 ports connected to a switch.
You want to make sure that visitors cannot plug their computers in to the free
network jacks and connect to the network, but you want employees who plug in to
those same jacks to be able to connect to the network.
Which feature should you configure?
Answer

VLANs

Mirroring
Correct Answer:
Port authentication

Bonding

Spanning Tree

Explanation

Use port authentication to prevent unauthorized access through switch ports. Port
authentication is provided by the 802.1x protocol and allows only authenticated
devices to connect to the LAN through the switch. Authentication uses usernames
and passwords, smart cards, or other authentication methods. For example:
• When a device first connects, the port is set to an unauthorized state.
Ports in unauthorized states can only be used for 802.1x authentication
traffic.
• After the server authenticates the device or the user, the switch port is
placed in an authorized state, and access to other LAN devices is allowed.
With VLANs, you assign each port to a specific VLAN. If the ports in the lobby were
assigned to one VLAN, you could control the type of access through the switch for
those ports, but you could not modify the access based on user. If you use a VLAN,
both visitors and employees would have the same access through those ports.
Spanning Tree is a protocol on a switch that allows it to maintain multiple paths
between switches within a subnet. Spanning Tree runs on each switch and is used to
select a single path between any two switches. Mirroring sends traffic from all switch
ports to a switch port that you designate. Bonding allows multiple switch ports to be
used at the same time to reach a specific destination.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_port_authentication_np6.question.fex

Question 6:
Correct
Which type of security uses MAC addresses to identify devices that are allowed or
denied a connection to a switch?
Answer
Correct Answer:
Port security

Traffic shaping

MAC spoofing

Secure Sockets Layer

Explanation

Port security uses the MAC address to identify allowed and denied devices.
Traffic shaping is the practice of modifying the flow of data through a network to
assure a certain level of performance.
Secure Sockets Layer (SSL) is a protocol that secures IP traffic.
MAC spoofing is a technique attackers use to gain access to a network through MAC
filtering.
References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_port_security_01_np6.question.fex

Question 7:
Correct
Match the port security MAC address type on the left with its description on the right.
A MAC address that is manually identified as an allowed address.

SecureConfigured
correct answer:
A MAC address that has been learned and allowed by the switch.

SecureDynamic
correct answer:
A MAC address that is manually configured or dynamically learned and is saved in
the config file.

SecureSticky
correct answer:
Keyboard Instructions

Explanation

MAC addresses are stored in RAM in the CAM table and are identified with the port
and by a MAC address type. Port security uses the following three MAC address
types:
• A SecureConfigured address is a MAC address that has been manually
identified as an allowed address.
• A SecureDynamic address is a MAC address that has been dynamically
learned and allowed by the switch.
• A SecureSticky address is a MAC address that is manually configured or
dynamically learned and saved.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_port_security_02_np6.question.fex

Question 8:
Correct
Which of the following is a best practice for router security?
Answer
Correct Answer:
Disable unused protocols, services, and ports.

Install only the required software on the system.

Apply the latest patches and service packs.

Ensure that a host-based firewall is running.

Explanation

Best practices for router security include:

• Block any unused ports.
• Use VLANs to isolate network traffic.
• Change the default VLAN.
• Disable unused routing protocols, services, and ports.
• Disable IP direct broadcast and IP proxy ARP.
• Disable Telnet, FTP, and TFTP.
Best practices for hardening servers include:
• Install only the required software on the system.
• Disable or uninstall unnecessary software.
• Avoid combining services on a server.
• Install anti-malware software on all servers and workstations.
• Ensure that a host-based firewall is running.
• Apply the latest patches and service packs.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_router_np6.question.fex

Question 9:
Correct
You have a company network with a single switch. All devices connect to the
network through the switch.
You want to control which devices will be able to connect to your network. For
devices that do not have the latest operating system patches, you want to prevent
access except to a special server that holds the patches the computers need to
download.
Which of the following components should be part of your solution? (Select two.)
Answer

Honeypot
Correct Answer:
Remediation servers
Correct Answer:
802.1x authentication

Extranet

Screened subnet

Explanation

Network Access Control (NAC) controls access to a network by not allowing

computers to use network resources unless they meet certain predefined security
requirements. NAC can be used with 802.1x port authentication on a switch to allow
or deny access. Only a client that is determined by the NAC agent to be healthy is
given access to the network. An unhealthy client who has not met all the checklist
requirements is either denied access or given restricted access to a remediation
network, where remediation servers can help the client become compliant. For
example, remediation servers might include antivirus software and definition files for
installation. If and when the unhealthy client's status changes to healthy, he or she is
given access to the network.
A screened subnet is a buffer network that sits between a private network and an
untrusted network (such as the internet). They are created with router and firewall
rules to allow or block traffic, and they use information in the packet to allow or deny
the packets.
An extranet is a privately controlled network that is distinct from, but located
between, the internet and a private LAN. An extranet is often used to grant resource
access to business partners, suppliers, and even customers outside of the
organization.
A honeypot is a device or virtual machine that entices intruders by displaying a
vulnerable trait or flaw or by appearing to contain valuable data.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_server_01_np6.question.fex

Question 10:
Correct
Which of the following are best practices for hardening a server? (Select three.)
Answer

Set the account lockout threshold.

Establish time-of-day restrictions.

Correct Answer:
Apply the latest patches and service packs.
Disable inactive accounts.
Correct Answer:
Ensure that a host-based firewall is running.

Require multiple authentication factors.

Correct Answer:
Disable or uninstall unnecessary software.

Explanation

Best practices for hardening servers include:

• Install only the required software on the system.
• Disable or uninstall unnecessary software.
• Avoid combining services on a server.
• Install anti-malware software on all servers and workstations.
• Ensure that a host-based firewall is running.
• Apply the latest patches and service packs.
Best practices for hardening user accounts include:
• Require multiple authentication factors.
• Set the account lockout threshold.
• Establish time-of-day restrictions.
• Remove old accounts.
• Disable inactive accounts.
• Set an automatic account expiration.

References

• 13.1.2 Network Hardening Techniques Facts

q_network_hardening_server_02_np6.question.fex
Which of the following is an example of two-factor authentication?
Answer

A passphrase and a PIN

A username and a password

A fingerprint and a retina scan

Correct Answer:
A token device and a PIN

Explanation

Two-factor authentication (2FA) uses two different types of authentication (such as a

combination of Type 1, Type 2, and Type 3 authentication). Of the examples listed
here, a token device (Type 2) combined with a PIN (Type 1) is the only example of
two-factor authentication.
Strong authentication uses two or more authentication credentials, but they are of
the same type. A fingerprint and a retina scan uses two pieces of Type 3
authentication, while a passphrase and a PIN uses two pieces of Type 1
authentication.
A username and a password supplies only a single value for authentication (the
password). The username is used for identification, not authentication.

References

• 13.2.2 Authentication Facts

Something you do
correct answer:
Keyboard Instructions

Explanation

Something you know authentication requires you to provide a password or some

other data. This is the weakest type of authentication. Examples of something you
know authentication controls are:
• Passwords, codes, or IDs
• PINs
• Passphrases (long, sentence-length passwords)
Something you have (also called token-based authentication) is authentication based
on something users have in their possession. Examples of something you have
authentication controls are:
• Swipe cards
• Photo IDs
• Smart cards
• Hardware tokens
Something you are authentication uses a biometric system. A biometric system
attempts to identify a person based on metrics or a mathematical representation of
the subject's biological attribute. This is the most expensive and least accepted form
of authentication, but it is generally considered to be the most secure. Common
attributes used for biometric systems are:
• Fingerprints
• Hand topology (side view) or geometry (top-down view)
• Palm scans
• Retina scans
• Iris scans
• Facial scans
• Voice recognition
Somewhere you are (also known as geolocation) is a supplementary authentication
factor that uses physical location to verify a user's identity. Examples of
implementations include:
• An account is locked unless the user has passed through the building's
entrance using an ID card.
• If the user is within RFID range of the workstation, authentication requests
are allowed.
• GPS or Wi-Fi triangulation location data is used to determine a device's
location. If the user and the device are in a specified location,
authentication requests are allowed. If not, the device is locked.
Something you do is a supplementary authentication factor that requires an action to
verify a user's identity. Example implementations include:
• Analyzing a user's handwriting sample against a baseline sample before
allowing authentication.
• Analyzing a user's typing behaviors against a baseline sample before
allowing authentication.

References

• 13.2.2 Authentication Facts

q_authentication_factors_np6.question.fex

Question 3:
Correct
Which of the following is the strongest form of multi-factor authentication?
Answer
Correct Answer:
A password, a biometric scan, and a token device

Two-factor authentication

A password and a biometric scan

Two passwords

Explanation
A password, a biometric scan, and a token device together are the strongest form of
multi-factor authentication listed here. Multi-factor authentication is any combination
of two or more of the same or different authentication factors. The three common
authentication factor types are something you know (such as a password),
something you have (such as a smart card or a token device), or something you are
(such as a biometric quality like a fingerprint).
The other three options are all weaker forms of multi-factor authentication. A
password and a biometric scan is a multi-factor authentication system, but it is also
an example of two-factor authentication. Two-factor authentication is any
combination of two or more different authentication factors. Two passwords is an
example of multi-factor authentication, but since it uses two of the same type of
factors, it is not a true two-factor authentication method.

References

• 13.2.2 Authentication Facts

q_authentication_multi_factor_np6.question.fex

Question 4:
Correct
Which of the following actions typically involve the use of 802.1x authentication?
(Select two.)
Answer
Correct Answer:
Controlling access through a wireless access point.

Authenticating remote access clients.

Authenticating VPN users through the internet.

Correct Answer:
Controlling access through a switch.

Controlling access through a router.

Explanation

802.1x is an authentication method used on a LAN to allow or deny access based on

port or network connection. 802.1x is used for port authentication on switches and
authentication to wireless access points. It requires an authentication server for
validating user credentials, which is typically a RADIUS server.
Remote access authentication is handled by remote access servers or a combination
of remote access servers and a RADIUS server. VPN connections can be controlled
by remote access servers or by a special device called a VPN concentrator.

References
• 13.2.6 Authentication Protocol Facts
q_authentication_protocol_802_1x_01_np6.question.fex

Question 5:
Correct
You are a contractor that has agreed to implement a new remote access solution
based on a Windows Server 2016 system for a client. The customer wants to
purchase and install a smart card system to provide a high level of security to the
implementation.
Which of the following authentication protocols are you MOST likely to recommend
to the client?
Answer

MS-CHAP

PPP
Correct Answer:
EAP

CHAP

Explanation

Of the protocols listed, only EAP (Extensible Authentication Protocol) provides

support for smart card authentication.
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) and Challenge-
Handshake Authentication Protocol (CHAP) use a three-way handshake for
authentication purposes. These protocols do not support the use of smart cards.
Point-to-Point Protocol (PPP) is a remote access protocol that uses usernames and
passwords for authentication. PPP does not support the use of smart cards.

References

• 13.2.6 Authentication Protocol Facts

q_authentication_protocol_eap_01_np6.question.fex

Question 6:
Correct
Which EAP implementation is MOST secure?
Answer
Correct Answer:
EAP-TLS

EAP-FAST
LEAP

EAP-MD5

Explanation

EAP-TLS uses Transport Layer Security (TLS) and is considered one of the most
secure EAP standards available. A compromised password is not enough to break
into EAP-TLS-enabled systems because the attacker must also have the client's
private key.
EAP-MD5 offers minimal security and is susceptible to dictionary and on-path
attacks. Lightweight Extensible Authentication Protocol (LEAP) does a poor job of
protecting user authentication credentials and is also susceptible to dictionary
attacks. EAP-FAST is a replacement for LEAP that uses a protected access
credential (PAC) to establish a TLS tunnel through which client authentication
credentials are transmitted. While more secure than EAP-MD5 and LEAP, EAP-
FAST can still be compromised if the attacker intercepts the PAC.

References

• 13.2.6 Authentication Protocol Facts

q_authentication_protocol_eap_tls_np6.question.fex

Question 7:
Correct
With Kerberos authentication, which of the following terms describes the token that
verifies the user's identity to the target system?
Answer

Voucher

Hashkey
Correct Answer:
Ticket

Coupon

Explanation

The tokens used in Kerberos authentication are known as tickets. Tickets perform a
number of functions, including notifying the network service of the user who has
been granted access and authenticating the identity of the person when they attempt
to use that network service.
The terms coupon and voucher are not associated with Kerberos or any other
commonly implemented network authentication system.
The term hashkey is sometimes used to describe a value that has been derived from
some piece of data (if the value is used to access a service). The term hashkey is
not associated with Kerberos, however.

References

• 13.2.6 Authentication Protocol Facts

q_authentication_protocol_kerberos_01_np6.question.fex

Question 8:
Correct
Which of the following is a feature of MS-CHAPv2 that is not included in CHAP?
Answer

Three-way handshake
Correct Answer:
Mutual authentication

Hashed shared secret

Certificate-based authentication

Explanation

MS-CHAPv2 allows for mutual authentication in which the server authenticates to the
client.
Both CHAP and MS-CHAP use a three-way handshake process for authenticating
users with usernames and passwords. The password (or shared secret) value is
hashed, and the hash (not the shared secret) is sent for authentication.

References

• 13.2.6 Authentication Protocol Facts

q_authentication_protocol_ms_chap_np6.question.fex

Question 9:
Correct
Which of the following is a mechanism for granting and validating certificates?
Answer
Correct Answer:
PKI

AAA
RADIUS

Kerberos

Explanation

Certificates are obtained from public-key infrastructure (PKI), which is a system that
provides a trusted third party to vouch for user identities. PKI is made up of
certificate authorities (CAs), which are entities trusted to issue, store, and revoke
certificates.
Both RADIUS and TACACS+ are protocols for centralized authentication,
authorization, and accounting during remote access.
Kerberos is an authentication and authorization method that uses tickets.

References

• 13.2.6 Authentication Protocol Facts

q_authentication_protocol_pki_01_np6.question.fex

Question 10:
Correct
Which of the following is a platform-independent authentication system that
maintains a database of user accounts and passwords to centralize the maintenance
of those accounts?
Answer
Correct Answer:
RADIUS

EAP

RRAS

NAS

Explanation

Remote Authentication Dial-In User Service (RADIUS) is an authentication system

that allows the centralization of remote user account management.
Routing and Remote Access Service (RRAS) is a software component on a
Windows Server system that provides remote access capabilities for users.
A Network Access Server (NAS) is a server or other system that acts as a gateway
for remote user connections. The NAS passes authentication requests to the
RADIUS server, which then checks the credentials of the user attempting to connect.
(NAS is also an acronym for network attached storage.)
Extensible Authentication Protocol (EAP) is an authentication protocol that supports
the use of devices such as smart cards. It does not maintain a database of user
accounts and passwords.

References

• 13.2.6 Authentication Protocol Facts

q_authentication_protocol_radius_01_np6.question.fex
You want to make sure that all users have passwords over eight characters in length
and that passwords must be changed every 30 days.
What should you do?
Answer

Configure account lockout policies in Group Policy.

Correct Answer:
Configure account policies in Group Policy.

Configure expiration settings in user accounts.

Configure day/time settings in user accounts.

Explanation

Configure account (password) policies in Group Policy to enforce rules about

Explanation

The minimum password age setting prevents users from changing the password too
frequently. After the password is changed, it cannot be changed again for at least 10
days.
The maximum password age setting determines how frequently a password must be
changed. The minimum password length setting controls the minimum number of
characters that must be in the password. Password history is used to prevent
previous passwords from being reused.
References

• 13.3.7 Linux User Commands and Files Facts

q_linux_user_cmds_password_04_pol_np6.question.fex

Question 5:
Correct
Upon running a security audit in your organization, you discover that several sales
employees are using the same domain user account to log in and update the
company's customer database.
Which action should you take? (Select two. Each response is part of a complete
solution.)
Answer

Implement a Group Policy Object (GPO) that implements time-of-day login

restrictions.
Correct Answer:
Train sales employees to use their own user accounts to update the customer
database.
Correct Answer:
Delete the account that the sales employees are currently using.

Apply the Group Policy Object (GPO) to the container where the sales employees'
user accounts reside.

Implement a Group Policy Object (GPO) that restricts simultaneous logins to one.

Explanation

You should prohibit the use of shared user accounts. Allowing multiple users to
share an account increases the likelihood of the account being compromised.
Because the account is shared, users tend to take security for the account less
seriously. In the scenario, the following tasks need to be completed:
• The existing shared user account needs to be deleted. Until you delete the
account, users can continue to use it for authentication. You could just
change the password on the account, but there is a high chance that the
new password would be shared again.
• Train sales employees to use their own user accounts to update the
customer database. Ensure that these accounts have the level of access
required to access the database.
Applying time-of-day login restrictions to a Group Policy Object does not address the
issue in this scenario.

References

• 13.3.7 Linux User Commands and Files Facts

q_linux_user_cmds_user_accounts_01_np6.question.fex

Question 6:
Correct
You have hired 10 new temporary employees to be with the company for three
months.
How can you make sure that these users can only log on during regular business
hours?
Answer
Correct Answer:
Configure day/time restrictions in user accounts.

Configure account policies in Group Policy.

Configure account expiration in user accounts.

userdel
Correct Answer:
usermod

Explanation

Use the following utilities to lock a user account:

•passwd -l disables (locks) an account. This command inserts !! before the
password in the /etc/shadow file.
• usermod -L disables (locks) an account. This command inserts ! before
the password in the /etc/shadow file.
The useradd command creates new user accounts, and userdel deletes user
accounts from the system.
The ulimit command limits computer resources.

References

• 13.3.7 Linux User Commands and Files Facts

q_linux_user_cmds_user_accounts_06_np6.question.fex

Question 10:
Correct
You suspect that the gshant user account is locked.
Enter the command you would use in Command Prompt to display the account's
status.

Explanation

Use passwd -S gshant to display the status of the gshant user account.
• LK indicates that the user account is locked.
• PS indicates that the user account has a password.
Viewing the /etc/shadow file also displays whether the user account is disabled. The
second field for each entry in the /etc/password file is the password field. For
example:
• $ preceding the password identifies the password as an encrypted entry.
• ! or !! indicates that the account is locked and cannot be used to log in.
• * indicates a system account entry, which cannot be used to log in.

References

• 13.3.7 Linux User Commands and Files Facts

q_linux_user_cmds_user_accounts_07_np6.question.fex
You have a Windows 10 system. You have used the Settings app to access
Windows Update. From this location, how long can you pause updates?
Answer

14 days
Correct Answer:
7 days

30 days

365 days

organization current with the latest security upgrades and features. Except for
Windows 10 Home, Windows Update for Business can be used with all versions of
Windows 10.
WUfB is not compatible with Windows 10 Home, Windows 8, Windows 8 Home, or
any earlier operating system releases.

References

• 13.4.5 Update Deployment and Management Facts

q_updated_management_business_02_np6.question.fex
Question 4:
Correct
Your Windows system is a member of a domain. Windows Update settings are being
controlled through Group Policy.
How can you determine whether a specific security update from Windows Update is
installed on the computer?
Answer

Run the netsh winhttp import proxy source command.

Run the wuauclt.exe /listupdates command.

Check the Local Security Policy.

Correct Answer:
Go to Programs and Features in Control Panel.

Explanation

To check a computer for a specific update, you click the View update history link
in Windows Update. You can also click View installed updates in Programs and
Features (both available through the Control Panel).
The Wuauclt.exe command is the client component for Windows Update. One of
this program's functions is to check for updates using settings configured locally or
through Group Policy. You can run the wuauclt /detectnow command to force the
computer to check for updates immediately. However, there is no option for seeing
which updates have been installed.
The netsh winhttp import proxy source command imports Internet Explorer's
Internet Options settings directly.
The Local Security Policy shows you the update settings you can control locally. In
this scenario, because Group Policy is being used, these settings wouldn't tell you
anything about the computer's configuration.

References

• 13.4.5 Update Deployment and Management Facts

Question 8:
Correct
What is WindowsUpdate.log?
Answer

A log file that deploys updates to device groups over a deployment timeline.

A log file that analyzes Windows Update Service, BITS, and Windows Network
Diagnostics Service.

A log file that allows you to see enforced policies on your Windows 10 machine.
Correct Answer:
A log or record of all notable changes made to a Windows system.

Explanation

WindowsUpdate.log is a log or record of all notable changes made to a Windows

system. Every detail of each update implemented by the Windows Update service is
recorded by the Windows System in the log.
Windows Update Troubleshooter is a tool that analyzes three different services,
which are Windows Update Service, Background Intelligent Transfer Service (BITS),
and Windows Network Diagnostics Service. This troubleshooter looks for problems,
like pending restarts, and helps you to solve them.
Update rings allow you to deploy updates to device groups over a deployment
timeline.
View configured updates is an option in the Windows Update settings you can use
to see the policies enforced on your Windows machine.

References

• 13.4.5 Update Deployment and Management Facts

q_updated_management_log_np6.question.fex

Question 9:
Correct
Dan wants to implement reconnaissance countermeasures to help protect his DNS
service. Which of the following actions should he take?
Answer
Correct Answer:
Install patches against known vulnerabilities and clean up out-of-date zones, files,
users, and groups.
Limit the sharing of critical information in press releases, annual reports, product
catalogs, or marketing materials.

Review company websites to see which type of sensitive information is being

shared.

Implement policies that restrict the sharing of sensitive company information on

employees' personal social media pages.

Explanation

Installing patches against known vulnerabilities and cleaning up out-of-date zones,

files, users, and groups are good DNS reconnaissance countermeasures.
Reviewing company websites to see which type of information is being shared about
sensitive information is conforming to an Internet Information Sharing Policy.
Implementing policies that restrict the sharing of sensitive company information on
employees' personal social media pages is conforming to an Employee Social Media
Information Sharing Policy.
Limiting the sharing of critical information in press releases, annual reports, product
catalogs, and marketing materials is conforming to a Printed Materials Information
Sharing Policy.

References

• 13.4.5 Update Deployment and Management Facts

q_updated_management_patches_np6.question.fex

Question 10:
Correct
Which of the following tools can you use to troubleshoot and validate Windows
updates? (Select three.)
Answer
Correct Answer:
PowerShell

Windows Server Troubleshooter

Correct Answer:
Windows Update Troubleshooter

Device Manager

Windows Transfer Service

Windows Defender
Correct Answer:
Windows Server Update Service (WSUS)

Explanation

You can use PowerShell to look at and compile Windows Update logs. Doing so
creates a file that's deposited on to your desktop.
Windows Server Update Service (WSUS) is a role you can add to a server to
manage updates. Rather than have all your organization's PCs go to Microsoft to get
their updates, you can have the updates deposited in to the WSUS server.
Windows Update Troubleshooter analyzes Windows Update Service, Background
Intelligent Transfer Service (BITS), and Windows Network Diagnostics Service.
The other answers are not tools you can use to troubleshoot and validate Windows
updates.

References

• 13.4.5 Update Deployment and Management Facts

q_updated_management_tools_np6.question.fex
A web server on your network hosts your company's public website. You want to
make sure that an NIC failure doesn't prevent the website from being accessible on
the internet.
Which solution should you implement?
Answer

QoS

Spanning Tree

Traffic shaping
Correct Answer:
Ethernet bonding

Explanation

Ethernet bonding (also called NIC teaming) logically groups two or more physical
connections to the same network. If one NIC fails, the second one with a connection
to the same network can still be used.
Spanning Tree is a protocol on a switch that allows it to maintain multiple paths
between other switches within a subnet.
A traffic shaper (also called a bandwidth shaper) is a device that's capable of
modifying the flow of data through a network. This happens in response to network
traffic conditions.
Quality of Service (QoS) refers to a set of mechanisms that try to guarantee timely
delivery or minimal delay of important or time-sensitive communications.

References

• 14.1.3 Optimization Facts

q_optimization_bonding_01_np6.question.fex

Question 2:
Correct
What is the purpose of using Ethernet bonding? (Select two.)
Answer

Increases read and write operations between the system bus and network adapters.
Correct Answer:
Provides a failover solution for network adapters.

Enables Dual Remote Access (DRA) over a WAN link.

Provides increased bus speeds.
Correct Answer:
Increases network performance.

Explanation

In a true fault-tolerant strategy, you must consider all the system components.
Ethernet bonding (also called adapter teaming) is a fault-tolerant strategy that uses
multiple network adapters configured as a failover solution. In the event of a NIC
failure, other adapters automatically provide link redundancy.
Multiple adapters can also increase performance by distributing the network load.

References

• 14.1.3 Optimization Facts

q_optimization_bonding_02_np6.question.fex

Question 3:
Correct
Which of the following components do switches use to optimize network
performance by performing switching operations in hardware rather than using the
CPU and software?
Answer

A caching engine

Ethernet bonding

A traffic shaper
Correct Answer:
An application-specific integrated circuit

Explanation

Switches use specialized hardware called an application-specific integrated circuit

(ASIC), which performs switching functions in hardware rather than using the CPU
and software. ASIC allows switches to perform the switching function at wire speed.
Caching engines store frequently accessed content for faster access. Content is
retrieved from the local network instead of the internet.
Ethernet bonding creates two or more physical connections to the same network by
bonding NICs or switch ports together. Ethernet bonding provides increased
performance and some fault tolerance.
A traffic shaper (also called a bandwidth shaper) is a device that's capable of
modifying the flow of data through a network. This happens in response to network
traffic conditions.
References

• 14.1.3 Optimization Facts

q_optimization_circuit_np6.question.fex

Question 4:
Correct
You have a website that uses multiple servers for different types of transactions. For
example, one server is responsible for static web content, while another is
responsible for secure transactions.
You would like to implement a device to speed up access to your web content. The
device should be able to distribute requests between the various web servers using
specialized hardware, not just software configurations. In addition, SSL sessions
should use the hardware components in the device to create the sessions.
Which type of device should you use to accomplish this?
Answer

Circuit-level gateway

Proxy server

Bandwidth shaper
Correct Answer:
Content switch

Explanation

Use a content switch to perform these functions. Switches use specialized hardware
modules to perform common tasks. For example, you can have a switch with a
special hardware module that's used for SSL connections. Using the hardware
module in a specialized switch is faster than using the CPU or software in another
device.
A bandwidth shaper (also called a traffic shaper) is a device that's capable of
modifying the flow of data through a network. This happens in response to network
traffic conditions.
A proxy server is a server that sits between a client and a destination device and can
be configured to filter requests based on URL. However, a proxy server uses
software and not hardware to perform these tasks.
A circuit-level gateway uses the session information to make filtering decisions for
allowed or denied traffic.

References

• 14.1.3 Optimization Facts

q_optimization_content_np6.question.fex
Question 5:
Correct
Which of the following statements about DSCP are true? (Select two.)
Answer

It uses a priority value between 0 and 7.

The network switch assigns priority values.

Correct Answer:
Classification occurs at Layer 3.

Classification occurs at Layer 2.

Correct Answer:
It uses the DiffServ field to add precedence values.

Explanation

The Differentiated Services Code Point (DSCP) classification system has the
following characteristics:
• Classification occurs at Layer 3.
• Precedence values are inserted in an IP packet's DiffServ field.
• Up to 64 different classifications are possible, but most networks use only
the following ones:
o Default Best Effort
o Expedited Forwarding (EF) - low loss, low latency
o Assured Forwarding (AF) - assured delivery under prescribed
conditions
o Class Selector - maintains backward compatibility with the IP
Precedence field

References

• 14.1.3 Optimization Facts

q_optimization_dscp_np6.question.fex

Question 6:
Correct
Which type of switch optimizes network performance by using ASIC to perform
switching at wire speed?
Answer

Layer 2 switch
Correct Answer:
Multilayer switch
Unmanaged switch

Layer 1 switch

Explanation

A multilayer switch uses specialized hardware called an application-specific

integrated circuit (ASIC) to perform switching functions in hardware rather than using
the CPU and software. ASIC allows switches to perform the switching function at
wire speed.
Layer 2 switches use the CPU and software to forward frames. Unmanaged switches
are also called Layer 2 switches.
A Layer 1 switch is another name for a hub, which does not perform any traffic
inspection. Rather, the switch sends out received packets on all ports.

References

• 14.1.3 Optimization Facts

q_optimization_multilayer_np6.question.fex

Question 7:
Correct
Match the Class of Service (CoS) priority on the left with its corresponding value on
the right.
0

Background
correct answer:
1

Best effort
correct answer:
2

Excellent effort
correct answer:
3

Critical applications
correct answer:
4

Video (< 100ms latency)

correct answer:
5

Voice (< 10ms latency)

correct answer:
6

Internetwork control
correct answer:
7

Network control
correct answer:
Keyboard Instructions

Explanation

Class of Service (CoS) marks individual frames with a priority value between 0 and
7:
• 0 - Background
• 1 - Best effort
• 2 - Excellent effort
• 3 - Critical applications
• 4 - Video (< 100ms latency)
• 5 - Voice (< 10ms latency)
• 6 - Internetwork control
• 7 - Network control

References

• 14.1.3 Optimization Facts

q_optimization_qos_01_np6.question.fex

Question 8:
Correct
Which Class of Service (CoS) priority value should be assigned to a video
conference call?
Answer

1
5

0
Correct Answer:
4

Explanation

A priority value of 4 should be assigned to the video data stream. Each CoS priority
value goes with a specific traffic type:
• 0 - Best effort (default)
• 1 - Background
• 2 - Excellent effort
• 3 - Critical applications
• 4 - Video (< 100ms latency)
• 5 - Voice (< 10ms latency)
• 6 - Internetwork control
• 7 - Network control

References

• 14.1.3 Optimization Facts

q_optimization_qos_02_np6.question.fex

Question 9:
Correct
You are in the process of implementing a network access protection (NAP)
infrastructure to increase your network's security.
You are currently configuring the remediation network that non-compliant clients will
connect to in order to become compliant. You need to isolate the remediation
network from the secure network.
Which technology should you implement to accomplish this task?
Answer

Port security

Data encryption using PKI

Correct Answer:
Network segmentation
Virtual private network (VPN)

Explanation

Implementing network segmentation would isolate the remediation server from the
rest of the network while still allowing the remediation server to contact the NAP
infrastructure.
A virtual private network (VPN) creates a secure connection between two hosts or
two sites over an unsecured network.
Encrypting data transmissions using PKI would only protect transmitted data, not
isolate the remediation network.
Port security identifies allowed and denied devices that connect to a switch port.
Doing this would not isolate the remediation network.

References

• 14.1.3 Optimization Facts

q_optimization_segmentation_np6.question.fex

Question 10:
Correct
Your organization uses a time-keeping application that only runs on Windows 2000
and does not run on newer OS versions. Because of this, there are several Windows
2000 workstations on your network.
Last week, you noticed unusual activity on your network coming from the
workstations. After further examination, you discover that they were victims of a
malicious attack and were being used to infiltrate the network.
You find out that the attackers were able to gain access to the workstations because
of the legacy operating system being used. Your organization still needs to use the
Windows 2000 workstations (which need to be connected to the internet) but you
want to make sure that the network is protected from future attacks.
Which solution should you implement to protect the network while also allowing
operations to continue as normal?
Answer
Correct Answer:
Configure VLAN membership so that the Windows 2000 workstations are on their
own VLAN.

Install antivirus software on the Windows 2000 workstations, and configure them to
automatically download and install updates.

Create a dedicated network for the Windows 2000 workstations that's completely
isolated from the rest of the network, including a separate internet connection.
Implement a host-based firewall on each Windows 2000 workstation, and configure
them to automatically download and install updates.

Explanation

The best solution is to place the Windows 2000 workstations in their own VLAN. If
you use VLAN network segmentation, the workstations will still have access to the
internet, but network access can be heavily restricted. This greatly reduces the
damage a workstation can cause if it were to become compromised again.
Legacy operating systems, such as Windows 2000, are easy targets for attackers.
This is because these operating systems use outdated protocols and have known
exploits.
Installing antivirus software or a host-based firewall would do very little to protect the
entire network. In addition, legacy operating system are no longer supported with
updates or patches, so enabling automatic updates would offer no benefit.
Creating a dedicated network for the workstations would affect normal operations
and also increase the network management load.

References

• 14.1.3 Optimization Facts

q_optimization_vlan_np6.question.fex
A user reports that she can't connect to the internet. After some investigation, you
find that the wireless router has been misconfigured. You're responsible for
managing and maintaining the wireless access point.
What should you do next?
Answer

Determine if escalation is needed.

Document the problem.

Fix the problem.

Correct Answer:
Create an action plan.

Explanation

At this point, you should create an action plan and account for side effects.
Identifying the effects ahead of time helps you put measures in place to eliminate or
reduce any potential negative consequences.
Escalation isn't necessary because you're already in charge of managing the
wireless access point, and the problem is isolated to that device. Fix the problem
only after creating the action plan and identifying possible side effects. Document the
problem and the solution after the problem has been fixed and the solution has been
verified.

References

• 14.2.1 Troubleshooting Methodology

• 14.2.2 Troubleshooting Methodology Facts
q_trouble_meth_action_np6.question.fex

Question 2:
Correct
A user reports that she can't connect to a server on your network. You check the
problem and find out that all users are having the same problem.
What should you do next?
Answer

Identify the affected areas of the network.

Correct Answer:
Determine what has changed.

Establish the most probable cause.

Create an action plan.

Explanation

At this point, you have identified the symptoms and the scope of the problem. In this
scenario, you have determined that the problem affects all users. The next step is to
determine what might have changed that could have caused the problem.
You have already identified the affected area because you know that the problem
affects all users. Before you can choose a probable cause, do additional work to see
what might have changed. After selecting a probable cause, determine if escalation
is required. Then create an action plan and fix the problem.

References

• 14.2.2 Troubleshooting Methodology Facts

q_trouble_meth_changed_np6.question.fex

Question 3:
Correct
Users report that the network is down. As a help desk technician, you investigate
and determine that a specific router is configured so that a routing loop exists.
What should you do next?
Answer

Create an action plan.

Correct Answer:
Determine if escalation is needed.

Fix the problem.

Document the problem.

Explanation

After identifying the most probable cause, escalate the problem if it is beyond your
ability to fix or if it is out of your scope of management. For example, the problem
might be on a router configuration that you are not authorized to correct. When
forwarding the problem on to someone else, be sure to describe the nature of the
problem, the actions you have already taken, and the symptoms that lead you to
believe the problem is outside of your area of responsibility.
If you decide that escalation is not necessary, you can then create an action plan
that includes the fix and identify possible side effects of implementing it. After the
solution has been implemented, verify that it works and that there were no
unforeseen consequences. Finally, document the problem and the solution.

References
• 14.2.1 Troubleshooting Methodology
• 14.2.2 Troubleshooting Methodology Facts
q_trouble_meth_escalation_np6.question.fex

Question 4:
Correct
A user reports that he can't connect to a specific website. You go to the user's
computer and reproduce the problem.
What should you do next?
Answer

Determine if escalation is necessary.

Correct Answer:
Identify the affected areas of the network.

correct answer:
Step 2

Establish a theory of probable cause.

correct answer:
Step 3

Test the theory to determine the cause.

correct answer:
Step 4

Establish a plan of action.

correct answer:
Step 5

Implement the solution or escalate.

correct answer:
Step 6

Verify full system functionality.

correct answer:
Step 7

Document findings, actions, and outcomes.

correct answer:
Keyboard Instructions
Explanation

The following is a general approach to network troubleshooting:

1. Identify the problem.
2. Establish a theory of probable cause.
3. Test the theory to determine the cause.
4. Establish a plan of action to resolve the problem and identify potential
effects.
5. Implement the solution or escalate as necessary.
6. Verify full system functionality and, if applicable, implement preventative
measures.
7. Document findings, actions, and outcomes.

References

• 14.2.1 Troubleshooting Methodology

• 14.2.2 Troubleshooting Methodology Facts
q_trouble_meth_steps_np6.question.fex

Question 8:
Correct
You are a network administrator for your company. A frantic user calls you one
morning exclaiming that nothing is working. What should you do next in your
troubleshooting strategy?
Answer

Establish what has changed.

Recognize the potential side effects of the problem.

Identify the affected area.

Correct Answer:
Establish the symptoms.

Explanation

Currently, you have no idea which problem the user is having. For all you know, it
could be anything large or small. You need to establish the symptoms first.

References

• 14.2.2 Troubleshooting Methodology Facts

q_trouble_meth_symptoms_np6.question.fex

Question 9:
Correct
You are a network administrator for your company. A user calls and tells you that
after stepping on the network cable in her office, she can no longer access the
network.
You go to the office and see that some of the wires in the Cat 5 network cable are
now exposed. You make another cable and attach it from the wall plate to the user's
computer.
What should you do next in your troubleshooting strategy?
Answer

Document the solution.

Establish what has changed.

Use the arp command to view the MAC addresses associated with IP addresses that
the local workstation has contacted recently. When a workstation uses ARP to find
the MAC address of an IP address, it places that information in its ARP table.
Use the arping command to send an ARP request to a specified IP
address. arping works much like ping in that the host with the specified IP address
responds.
netstat shows IP-related statistics, including incoming and outgoing connections and
active sessions, ports, and sockets.
SSH (Secure Shell) is a remote console that's similar to Telnet except that it uses
encryption that hides certain information, such as user credentials, on the other end
of the transmission.

References

• 14.3.2 Command Line Troubleshooting Utility Facts

q_cli_utilities_arp_02_np6.question.fex

Question 2:
Correct
You are troubleshooting a connectivity problem on a Linux server. You're able to
connect to another system on the local network but not to a server on a remote
network.
You suspect that the default gateway information for the system may be configured
incorrectly. Which of the following commands would you use to view the default
gateway information on the Linux server?
Answer
Correct Answer:
ifconfig

ipconfig
Telnet

dig

Explanation

Use the ifconfig command on systems running Linux to view information on the
TCP/IP configuration for network adapters.
Use ipconfig to view network configuration information on Windows systems.
Use the dig command on Linux and Unix systems to query Domain Name Service
(DNS) servers.
Telnet is a remote console that allows access to devices within a network.

References

• 14.3.2 Command Line Troubleshooting Utility Facts

q_cli_utilities_ifconfig_02_np6.question.fex

Question 3:
Correct

Which TCP/IP utility gives you the following output?

Answer

arp -a
Correct Answer:
ipconfig

ping
netstat -a

Explanation

The ipconfig command shows a computer's TCP/IP configuration information.

netstat -a shows you the status of all connections and listening ports.
The ping command shows you the results of four echo request/reply contacts with a
destination host.
The arp -a switch shows you current ARP cache tables.

References

• 14.3.2 Command Line Troubleshooting Utility Facts

q_cli_utilities_ipconfig_02_np6.question.fex

Question 4:
Correct
Examine the following output:
Active Connections
Proto Local Address Foreign Address State
TCP SERVER1:1036 localhost:4832 TIME_WAIT
TCP SERVER1:4798 localhost:1032 TIME_WAIT
TCP SERVER1:1258 pool-141-150-16-231.mad.east.ttr:24076 CLOSE_WAIT
TCP SERVER1:2150 cpe-66-67-225-118.roc.res.rr.com:14100 ESTABLISHED
TCP SERVER1:268 C872c-032.cpe.net.cale.rers.com:46360 ESTABLISHED
TCP SERVER1:2995 ip68-97-96-186.ok.ok.cox.net:23135 ESTABLISHED
Which of the following utilities produced this output?
Answer

dig

ifconfig

q_cli_utilities_traceroute_np6.question.fex

Question 7:
Correct
A security analyst is using tcpdump to capture suspicious traffic detected on port 443
of a server. The analyst wants to capture the entire packet with hexadecimal and
ASCII output only. Which of the following tcpdump options will achieve this output?
Answer

-SA port 443

src port 443

-SXX port 443

Correct Answer:
-SX port 443

Explanation

-SX is the command line option for both full packet capture and hexadecimal and
ASCII output of port 443.
src port captures source port traffic, but this won't capture the entire packet or
output the hexadecimal and ASCII codes.
-SA captures full packets, but only ASCII output is included.
-SXX performs the same function as -SX, but it also gives the Ethernet header.

References

• 14.3.4 TCPDump Facts

q_use_tcpdump_sx_np6.question.fex

Question 8:
Correct
You want to make sure that a set of servers will only accept traffic for specific
network services. You have verified that the servers are only running the necessary
services, but you also want to make sure that the servers will not accept packets
sent to those services.
Which tool should you use?
Answer

IPS

System logs

Packet sniffer

IDS
Correct Answer:
Port scanner

Explanation

Use a port scanner to check for open ports on a system or firewall. Compare the list
of opened ports with the list of ports allowed by your network design and security
policy. Typically, a port is opened when a service starts or is configured on a device.
Open ports for unused services expose the server to attacks directed towards that
port.
Use a packet sniffer to examine packets on your network. With a packet sniffer, you
can identify packets directed towards specific ports, but you won't be able to tell if
those ports are open. Examine system logs to look for events that have happened on
a system, which might include a service starting, but would not likely reflect open
ports.
An intrusion detection system (IDS) is a special network device that can detect
attacks and suspicious activity. A passive IDS monitors, logs, and detects security
breaches, but takes no action to stop or prevent the attack. An active IDS (also
called an intrusion protection system, or IPS) performs the functions of an IDS, but it
can also react when security breaches occur.

References

• 14.3.6 Software Troubleshooting Utilities Facts

q_software_utilities_port_scanner_np6.question.fex

Question 9:
Correct

You have been asked to perform a penetration test for a company to see if any
sensitive information can be captured by a potential hacker. You used Wireshark to
capture a series of packets. Using the tcp contains Invoice filter, you found one
packet.
Using the captured information shown, which of the following is the name of the
company requesting payment?
Answer
Correct Answer:
ACME, Inc
Home Shop

Wood Specialist

Big 7, Inc

Explanation

By looking at the beginning of the packet, you see that Robert Scam is sending an
email with a subject line of ACME, Inc Invoice #1543. So, you now know that the
name of the company requesting payment is ACME, Inc.

References

• 14.3.10 Wireshark Facts

q_trouble_wireshark_data_02_np6.question.fex

Question 10:
Correct

With Wireshark, you've used a filter to capture only the desired packet types. Using
the information shown in the image, which of the following BEST describes the
effects of using the host 192.168.0.34 filter?
Answer

Only packets on the 192.168.0.34 network are captured.

Correct Answer:
Only packets with 192.168.0.34 in either the source or destination address are
captured.

Only packets with 192.168.0.34 in the source address are captured.

Only packets with 192.168.0.34 in the destination address are captured.

Explanation

Wireshark's host filter lets you only capture where the specified IP address is in
either the source or the destination address.
The IP address of 192.168.0.34 is a specific address for an individual device. It is not
an address for the entire network.

References

• 14.3.10 Wireshark Facts

q_trouble_wireshark_filter_02_np6.question.fex

Small Organization Set Up in CISCO Packet Tracer
No ratings yet
Small Organization Set Up in CISCO Packet Tracer
5 pages
Assignment 1 (Topologies, Medium)
No ratings yet
Assignment 1 (Topologies, Medium)
13 pages
Unit II - Networking - Computer Networks
No ratings yet
Unit II - Networking - Computer Networks
121 pages
Networktopology
No ratings yet
Networktopology
12 pages
CN 1
No ratings yet
CN 1
53 pages
Network System Administration and Security
No ratings yet
Network System Administration and Security
137 pages
Network Topologies: Lesson Overview
No ratings yet
Network Topologies: Lesson Overview
4 pages
NW Topo
No ratings yet
NW Topo
28 pages
Network Topologies: Application Notes
No ratings yet
Network Topologies: Application Notes
8 pages
A Guide To Network Topology
No ratings yet
A Guide To Network Topology
5 pages
cnnnNOTES 1
No ratings yet
cnnnNOTES 1
11 pages
Lec.2 Network Simulation
No ratings yet
Lec.2 Network Simulation
4 pages
Top Ologies
No ratings yet
Top Ologies
4 pages
Mcse Note Topology by Wahidullah Shahaadat
No ratings yet
Mcse Note Topology by Wahidullah Shahaadat
30 pages
Chapter 1 - Introduction and Background
No ratings yet
Chapter 1 - Introduction and Background
15 pages
Network Topology
No ratings yet
Network Topology
5 pages
Network: Chapter 2: Types of Network
No ratings yet
Network: Chapter 2: Types of Network
8 pages
Intro To Comp Netwks
No ratings yet
Intro To Comp Netwks
1,765 pages
Physical Topology
No ratings yet
Physical Topology
4 pages
2.0-2 Network Topology
No ratings yet
2.0-2 Network Topology
10 pages
Network Topology
No ratings yet
Network Topology
16 pages
Network Topologies
No ratings yet
Network Topologies
32 pages
2.2-2 Network Topology
100% (1)
2.2-2 Network Topology
11 pages
Topology
No ratings yet
Topology
24 pages
03 Network Physical Structures
No ratings yet
03 Network Physical Structures
17 pages
R20PC323
No ratings yet
R20PC323
29 pages
Network Topology 1
No ratings yet
Network Topology 1
10 pages
Lec 4
No ratings yet
Lec 4
31 pages
Network Topologies
No ratings yet
Network Topologies
11 pages
Network Basics: Network Topology: Node: A Node
No ratings yet
Network Basics: Network Topology: Node: A Node
3 pages
Network Topology - Computer System Servicing
No ratings yet
Network Topology - Computer System Servicing
39 pages
Cns Practical 2
No ratings yet
Cns Practical 2
10 pages
Topologies
No ratings yet
Topologies
8 pages
What Is Topology
No ratings yet
What Is Topology
7 pages
Security in Networks Concepts
No ratings yet
Security in Networks Concepts
80 pages
UNIT I Modified New
No ratings yet
UNIT I Modified New
67 pages
LAN Topolologies and Security Issues: by Alex Gett
No ratings yet
LAN Topolologies and Security Issues: by Alex Gett
37 pages
Different Types of Data Communications Connections: 1. Point-to-Point
No ratings yet
Different Types of Data Communications Connections: 1. Point-to-Point
20 pages
Introduction To Networks-4
No ratings yet
Introduction To Networks-4
6 pages
Unit 1 DCN
No ratings yet
Unit 1 DCN
105 pages
11-12-18 Practice Exam Review
No ratings yet
11-12-18 Practice Exam Review
153 pages
Work Topology
No ratings yet
Work Topology
20 pages
Topologies
No ratings yet
Topologies
10 pages
CSE Fundamental - Topology
No ratings yet
CSE Fundamental - Topology
14 pages
TLE ICT 10 - Network Topologies - Activity Sheet
No ratings yet
TLE ICT 10 - Network Topologies - Activity Sheet
7 pages
NETWORKING
No ratings yet
NETWORKING
9 pages
CCN Module I
No ratings yet
CCN Module I
60 pages
Topology in Network Design: Backbone
No ratings yet
Topology in Network Design: Backbone
9 pages
Topology in Network Design: Backbone
No ratings yet
Topology in Network Design: Backbone
9 pages
Type of Topology
No ratings yet
Type of Topology
5 pages
Unit 3 FOC Network Topology
No ratings yet
Unit 3 FOC Network Topology
7 pages
Network Standards
No ratings yet
Network Standards
28 pages
Khawaja Fareed University of Engineering and Information Technology Rahim Yar Khan
No ratings yet
Khawaja Fareed University of Engineering and Information Technology Rahim Yar Khan
5 pages
Classrom PPT For Topologies
No ratings yet
Classrom PPT For Topologies
8 pages
Different Kinds of Network Topology in Computer Networks
No ratings yet
Different Kinds of Network Topology in Computer Networks
4 pages
Network Topology
No ratings yet
Network Topology
7 pages
Physical Topology and Logical Topology
No ratings yet
Physical Topology and Logical Topology
3 pages
Feleke Network Topology Lecture 2
No ratings yet
Feleke Network Topology Lecture 2
27 pages
Topology in Network Design
No ratings yet
Topology in Network Design
12 pages
Networks Topologies
No ratings yet
Networks Topologies
17 pages
CCNA Interview Questions You'll Most Likely Be Asked
From Everand
CCNA Interview Questions You'll Most Likely Be Asked
Vibrant Publishers
No ratings yet
Netfilter Connection Tracking System PDF
No ratings yet
Netfilter Connection Tracking System PDF
6 pages
Firewalls
No ratings yet
Firewalls
25 pages
Pa 5200 Series
No ratings yet
Pa 5200 Series
2 pages
Unit 3 Eee
No ratings yet
Unit 3 Eee
17 pages
CCS113 Mdterm
No ratings yet
CCS113 Mdterm
45 pages
OSI Seven Layers Model Explained With Examples
100% (1)
OSI Seven Layers Model Explained With Examples
10 pages
Datos
No ratings yet
Datos
52 pages
JNCIS SP Part1 - 2013 04 26 PDF
100% (1)
JNCIS SP Part1 - 2013 04 26 PDF
192 pages
Csf3223 Networking Final Exam Notes - 240723 - 001609
No ratings yet
Csf3223 Networking Final Exam Notes - 240723 - 001609
26 pages
CH 13
No ratings yet
CH 13
21 pages
CCNA2 Commands Summary
No ratings yet
CCNA2 Commands Summary
10 pages
DHCP
No ratings yet
DHCP
89 pages
HCIA Transmission
No ratings yet
HCIA Transmission
68 pages
Juniper Netscreen - VPN Troubleshooting
No ratings yet
Juniper Netscreen - VPN Troubleshooting
8 pages
f5 Distributed Cloud Mesh Ds
No ratings yet
f5 Distributed Cloud Mesh Ds
6 pages
EX7
No ratings yet
EX7
14 pages
Award Course Catalog PDF
No ratings yet
Award Course Catalog PDF
112 pages
C# (Bluetooth Connectivity Code)
No ratings yet
C# (Bluetooth Connectivity Code)
3 pages
Lab 9-10
No ratings yet
Lab 9-10
6 pages
Rg-Est310 V2 - 20231226
No ratings yet
Rg-Est310 V2 - 20231226
10 pages
Question Paper
No ratings yet
Question Paper
115 pages
Lab - WLAN
No ratings yet
Lab - WLAN
13 pages
Automation Runtime SG4 G3.10: B&R Revision Information
No ratings yet
Automation Runtime SG4 G3.10: B&R Revision Information
20 pages
Internet Networking Module - 8
No ratings yet
Internet Networking Module - 8
34 pages
Introduction To Computer Networks: Btech6 Sem
No ratings yet
Introduction To Computer Networks: Btech6 Sem
70 pages
Mikrotik Advanced OSPF Rev2 PDF
No ratings yet
Mikrotik Advanced OSPF Rev2 PDF
359 pages
C++ Sockets TCP
No ratings yet
C++ Sockets TCP
28 pages
BGP Summary 1591587590
No ratings yet
BGP Summary 1591587590
1 page
AWS SolutionsArchitect-Associate Version 4.0 PDF
No ratings yet
AWS SolutionsArchitect-Associate Version 4.0 PDF
8 pages