|
When multiple routes to a destination exist, what is used to select the best possible route? |
Metric |
|
What information does the next hop entry in a routing table identify? |
The first router in the path to the destination network. |
|
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The router is also configured with a static route of 0.0.0.0 with a mask of 0.0.0.0. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet? |
Forward the packet to the next hop router specified by the route to network 0.0.0.0. |
|
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. There is no default route configured on the router. The router receives a packet addressed to network 10.1.0.0/16. What will the router do with the packet? |
Drop the packet. |
|
Which of the following is a characteristic of static routing when compared to dynamic routing? |
All routes must be manually updated on the router. |
|
Which of the following tasks do routers perform? (select 2) |
Maintain information about paths through an inter-network. Route data based on logical network addresses. |
|
Which of the following routing protocols uses relative link cost as the metric? |
OSPF |
|
Which of the following routing protocols is used by routers on the internet for learning and sharing routes? |
BGP |
|
Which of the following routing protocols divides the network into areas, with all networks required to have an area 0 (area 0 identifying the backbone area)? |
OSPF |
|
Which of the following routing protocols is classified as a hybrid routing protocol? |
EIGRP |
|
What are the main differences between the OSPF and IS-IS routing protocols? |
OSPF requires an area 0, while IS-IS does not. |
|
Which of the following protocols has a limit of 15 hops between any two networks? |
RIP |
|
Under which of the following circumstances might you implement BGP on your company network and share routes with Internet routers? |
If the network is connected to the Internet using multiple ISPs. |
|
Which of the following statements about RIP is true? |
RIP uses hop counts as the cost metric. |
|
Which of the following best describes OSPF? |
OSPF is a classless link state routing protocol. |
|
You have a network connected to the internet. Your routers will not share routing information about your private network with internet routers. Which of the following best describes the type of routing protocol you would use? |
IGP |
|
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24 and 192.168.4.0/24. The next hop router for network 192.168.3.0/24 has changed. You need to make the change with the least amount of effort possible. What should you do? |
Wait for convergence to take place. |
|
You have a network configured to use the OSPF routing protocol. Which of the following describes the state when all OSPF routers have learned about all other routes in the network? |
Convergence. |
|
Which of the following routing protocols uses paths, rules, and policies instead of a metric for making routing decisions? |
BGP. |
|
Which of the following techniques allows incoming traffic addressed to a specific port to move through a NAT router and be forwarded to a specific host? |
Port forwarding. |
|
Your computer has an IP address of 161.13.5.15. Your ocmputer is on a: |
Public network. |
|
Which of the following IP addresses is a valid IP address for a host on a public network? |
142.15.6.1 |
|
Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server? |
169.254.0.1-169.254.255.254 |
|
Which of the following associates a port number with a host on a private network? |
PAT |
|
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access? |
Static NAT |
|
You are the network administrator for a small company that implements NAT to access the internet. You recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP Addresses to support these new servers, but you don’t want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these five servers? |
Static |
|
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connections to internal hosts. What type of network address translation (NAT) should you implement? |
Dynamic |
|
You have a computer that is connected to the internet through a NAT router. You want to use a private addressing scheme for your computer. Which of the following IP addresses could you assign to the computer? (Select all that apply.) |
192.168.12.253 10.0.12.15 172.18.188.67 |
|
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. All computers on your home network can connect to the internet. From you work office, you try to access your home computer using its IP address, but are unable to communicate with the server. You are able to connect to other hosts on the internet. Why can’t you access the server? |
Private addresses are not accessible through the internet. |
|
You work for a large multinational organization that has an extensive global network that is interconnected using WAN links and routers. Lately, users in one location have complained that they are unable to access resources stored on a server named FS23 in a South American branch office. To troubleshoot the issue, you have don the following: Verified that the server is up and running. You suspect that perhaps one of the routers between the two locations may be dropping packets. To test this theory, you enter the ping FS23 -f -l 1500 command on your workstation. The ping command returns the following command for each ping packet sent: "Packet needs to be fragmented but DF set." What does this mean? |
One of the intermediate routers in an MTU black hole. |
|
You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with the host on the same sub net, but not with hosts on a different subnet. No other computers are having a problem. Which of the configuration values would you most likely need to change? |
Default gateway |
|
You manage a network with multiple subnets connected to the internet. A user reports that she can’t access the server used in the accounting department. You check the problem and find out that her computer cannot access any server on that subnet. However, the computer does access other computers on other subnets as well as the internet. Which of the following is most likely the cause of the problem? |
Missing route on the default gateway router |
|
You manage a network with multiple subnets connected to the internet. A user reports that she can’t access the internet. You investigate the problem and find that she can access all hosts on the private network, but no hosts on the internet. Which of the following is likely the cause of the problem? |
Missing default rout on a router |
|
Examine the following output: 4 22 ms 21 ms 22 ms sttlwa01gr02.bb.ispxy.com [154.11.10.62] Which of these commands produce this output? |
tracert |
|
Which of the following utilities would you use to view the routing table? |
route |
|
Which of the following commands would display the output shown here? Route Table |
route print |
|
Which TCP/IP utility gives you the following output? 4 22 ms 21 ms 22 ms sttlwa01gr02.bb.ispxy.com [154.11.10.62] |
tracert |
|
You are the network administrator of a branch office of your company. the branch office network is part of a WAN that covers most of the United States. The office has two Windows 2000 servers, two UNIX servers, one Windows NT server, 90 Windows 98 clients, 40 Windows 2000 Professional clients, and five Macintosh clients. Users have been complaining that they are unable to access resources over the WAN at the main headquarters. You suspect that one of the routers between your office and the main headquarters is not working properly. What TCP/IP utility can you use to see if a router is working properly? |
tracert |
|
Which of the following is a firewall function? |
Packet filtering |
|
You would like to control internet access based on users, time of day, and website visited. How can you do this? |
Install a proxy server. Allow internet access only through the proxy server. |
|
Which of the following are true of a circuit proxy filter firewall? (select 2.) |
Verifies sequencing of session packets. Operates at the Session layer. |
|
Which of the following are true about reverse proxy? (select 2) |
Handles request from the internet to a server in a private network. Can perform load balancing, authentications, and caching. |
|
(‘Yellow banner’ – IMAGE) |
Reverse proxy server |
|
You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? |
IP address |
|
You have been given a laptop to use for work. YOu connect the laptop to your company network, use it form home, and use it while traveling. You want to protect the laptop from internet based attacks. Which solution should you use? |
Host-based firewall |
|
Which of the following are characteristics of a circuit-level gateway? (Select 2) |
Stateful Filters by session |
|
You connect your computer to a wireless network available at the local library. You find that you can access all the websites you want n the internet except for two. What might be causing the problem? |
A proxy server is blocking access to the websites. |
|
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply) |
Source address of a packet Destination address of a packet Port number |
|
Haley configures a website using Windows Server 2016 default values. what are the HTTP port and SSL port settings? |
80 for HTTP; 443 for SSL |
|
You have recently installed a new Windows Server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronizes the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. Which of the following ports are you most likely to open on the firewall? |
123 |
|
You are configuring a firewall to allow access to a server hosted on the demilitarized zone of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be cocnfigured to provide access, which applications are most likely to be hoisted on the server? |
Web server and email server |
|
You are monitoring network traffic on your network, and you see traffic between two network hosts on port 2427. Which kind of network traffic uses this port? |
The MGCP protocol is generating traffic, which VoIP uses to send voice data over a network. |
|
You are monitoring network traffic on your network, and you see traffic between two network hosts on port 1720. What is the source of this network traffic? |
Someone is using voice over IP (VoIP) to make a telephone call. |
|
An all-in-one security appliance is best suited for which type of implementation? |
A remote office with no on-site technician. |
|
Which of the following features are common functions of an all-in-one security appliance? (Select 2) |
Bandwidth shaping Spam filtering |
|
You recently installed a new all-in-one security appliance in a remote office,. You are in the process of configuring the device. You need to: Increase the security of the device. You want to configure the device so you can access it form the main office. You also want to make sure the device is as secure as possible. Which of the following tasks should you carry out? (select 2) |
Change the default username and password Configure the device’s authentication type to use Active Directory. |
|
Packet filtering firewall |
OSI layer 3 |
|
Circuit-level proxy |
OSI layer 5 |
|
Application level gateway |
OSI layer 7 |
|
Routed firewall |
OSI layer 3 |
|
Transparent firewall |
OSI layer 2 |
|
Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make availability to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? |
Network-based firewall |
|
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect thesercers? (Select two) |
Put the web server inside the DMZ Put the database server on the private network |
|
You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? |
IP address |
|
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all the apply) |
Destination address of a packet Source address of a packet Port Number |
|
Which of the following describes how access lists can be used to improve network security? |
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers. |
|
Which of the following is likely to be located in a DMZ? |
FTP server |
|
In which of the following situations would you most likely implement a demilitarized zone (DMZ)? |
You want to protect a public web server from attack. |
|
operates at layer 2 Does not count as a hop in the path between host Each interface connects to the same network segment. |
Virtual firewall |
|
Operates at layer 3 counts as a hop in the path between host Each interface connects to a different network |
Routed firewall |
|
When designing a firewall, what is the recommended approach for opening and closing ports? |
Close all ports; open only ports required by applications inside the DMZ. |
|
After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done? |
Open port 25 to allow SMTP service. |
|
You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: IP address: 192.168.23.8 Users complain that they can’t connect to the website when they type www.westsim.com. What is the most likely source of the problem? |
The HTTP port should be changed to 80. |
|
You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable? |
53 |
|
In the output of the netsat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing? |
Downloading a file. |
|
You want to allow users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should yo implement to provide this capability? |
FTP |
|
You are in the process of configuring an iSCSI storage area network (SAN) for your network. You want to configure a Window Server 2016 system to connect to an iSCSI target defined on a different server system. You also need to define iSCSI security settings, including CHAP and IPsec. Which tool should you use? |
iSCSI initiator |
|
Arrange the Fibre Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN. Install two Fiber Channel host bus adapters in each server that will access the shared storage on the SAN. |
Step 1 |
|
Arrange the Fibre Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN. Deploy two FC switches |
step 2 |
|
Arrange the Fibre Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN. Using fiber optic cables, connect each server to each FC switch by connecting one FC HBA to on FC switch and the other FC HBA to the other FC switch. |
Step 3 |
|
Arrange the Fiber Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN. Deploy the shared storage devices, such as an exgternal RAID device containing multiple hard disk drives and two FC HBAs. |
Step 4a |
|
Arrange the Fibre Channel (FC) SAN implementation tasks in the order they should be performed to build a redundant FC SAN. Using fiber optic cables, connect each storage device to each FC switch by connection one FC HBA to on FC switch and the other FC HBA to the other FC switch. |
Step 4b |
|
Which of the following does not accurately describe an iSCSI SAN? |
Requires special hardware and knowledge to implement. |
|
(‘Yellow banner’ image) Which network-based storage technology is being used? |
NAS with clustering |
|
Which of the following are typical components of a NAS device? (Select two) |
A minimal network OS One or more NICs |
|
In a SAN implementation, the servers that connect to shared storage devices are called ___________. |
initiators |
|
Which VoIP device helps establish the connection between two VoIP phones? |
VoIP server |
|
What are other names for a VoIP server? (Select two) |
VoIP PBX IP-PBX |
|
What is one benefit of placing VoIP gateways inn geographically separated branch offices that have an existing WAN connection? |
Long-distance PSTN charges can be reduced by switching VoIP calls to the PSTN in locations where only local call charges would be incurred. |
|
When would you consider changin the codec used in your VoIP system? (Select two) |
When sound quality is poor When VoIP data consumes too large a portion of your network bandwidth. |
|
How can QoS be configured so that large data transfers will not block VoIP calls by using too much network bandwidth? |
QoS can be configured on the network devices to give priotity to VoIP traffic. |
|
Upper management has asked you if there is a way to integrate phone calls, emails, and instant messaging into a single platform. Which of the following systems should you recommend? |
Unified communication |
|
Which of the following protocols is an open source protocol used by most manufactures of VoIP systems? |
Session initiation protocol (SIP) |
|
Which of the following protocols is used by VoIP to set up, maintain, and terminate a phone call? |
SIP |
|
Your company uses VoIP for phone calls. Recently, employees have been complaining about phone calls iwth unusual sound effects. Which type of problem is occurring on the VoIP system? |
Jitter |
|
You are on a phone call using VoIP. You notice that it takes several second for the person on the other end to respond to questions you ask. Which type of problem is occurring? |
Latency |
|
What is a soft phone? |
A software application that runs on a computer or other device that access a VoIP sever to make real-time phone calls. |
|
Which features are typically used with VoIP? (Select two) |
PoE VLAN |
|
Which of the following features is used with digital IP phones to supply power through a switch port? |
PoE |
|
In virtualization, what is the role of the hypervisor? |
A hypervisor allows virtual machines to interact with the hardware without going through the host operating system. |
|
What type of virtualization completely simulates a real physical host? |
Full virtualization |
|
What component is most likely to allow physical and virtual machines to communicate with each other? |
Virtual switch |
|
Which of the following are advantages of virtualization? (Select two) |
Easy system migration to different hardware Centralized administration |
|
You need to provide DHCP and file share services to a physical network. These services should be deployed using virtualization. Which type of virtualization should you implement? |
Virtual servers |
|
What key advantages does a virtual router have over a physical router? |
Multiple networks can be connected to a single interface. |
|
You want to be able to monitor and filter VM-to-VM traffic within a virtual network. What should you do? |
Implement a virtual firewall within the hypervisor |
|
Which of the following statements about virtual NICs are true? (Select two) |
Multiple virtual NICs can be added to a virtual machine Virtual NICs need the appropriate driver installed to function. |
|
Which of the following cloud computing solutions will deliver software applications to a client either over the internet or on a local area network? |
Saas |
|
Which of the following best describes the platform as a service (PaaS) cloud computing service model? |
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure. |
|
Which of the following are true regarding cloud computing? (Select three) |
Typical cloud computing providers deliver common business applications online that are accessed from another web service or software like a web browser. The term "cloud" is used as a synonym for the internet. Cloud computing is software, data access, computation, and storage services provided to clients through the internet. |
|
Provides cloud services to just about anyone |
Public cloud |
|
Provides cloud services to a single organization |
Private cloud |
|
Allows cloud services to be shared by several organizations |
Community cloud |
|
Integrates one cloud service with other cloud services |
High cloud |
|
You were recently hired by s small start-up company. the company is in a small office and has several remote employees. Yo have been asked to find a business service that would accommodate the current size of the company, but would also be able to scale as the company grows. The service needs to provide adequate storage as will as additional computing power. Which cloud service model should y ou use? |
IassS |
|
What is the speed of an OC-3 connection? |
155 Mbps |
|
To access the internet through the PSTN, what kind of connectivity device must you use? |
Modem |
|
Which of the following technologies uses variable-length packets, adds labels to packets as they enter the WAN cloud, and uses the labels to switch packets and prioritize traffic? |
MPLS |
|
Which of the following are characteristics of MPLS? (Select two) |
Supports variable-length data units Adds labels to data units |
|
Which of the following are characteristics of ATM? (Select two) |
Uses fixed-length cells of 53 bytes Adds labels to data units |
|
Which of the following are the WAN device provider’s responsibility to maintain? (Select four) |
PSE Local loop DCE CO |
|
Which network type divides transmitted data into smaller pieces and allows multiple communications on the network medium? |
Packet-switched |
|
Which network type establishes a dedicated physical connection between tow hosts in order to transmit time sensitive data? |
Circuit switched |
|
Which of the following WAN technologies provides packet switching over high quality digital lines at speeds greater than 1.544 Mbps? |
Frame Relay |
|
You are implementing internet connectivity for a new start up company. Your client will provide online storefronts for retailers. To do this, they have calculated that their internet connections must provide a data rate of at least 20-30 Mbps. Which type of service should you implement? |
T3 |
|
Which networking technology creates virtual links between two remote network endpoints by prefixing packets with a hear containing one or more labels? |
MPLS |
|
Which of the following describes the channels and data transfer rates used for ISDN BRI? (Select two) |
Tow B channels operating at 64 Kbps each One D channel operating 16 Kbps |
|
You are traveling throughout North America to many metropolitan and rural areas. Which single form on internet connectivity provides the greatest potential wherever you travel? |
PSTN |
|
What must you install between your network and a T1 line for your network to use the T1 line? |
CSU/DSU |
|
Which of the following devices is used on a WAN to convert synchronous serial signals into digital signals? |
CSU/DSU |
|
Your client has acquired several small companies and would like to connect them together into one network. Not all of the routers are Cisco devices, and compatibility is a concern. Which WAN encapsulation method should you recommend our client use? |
PPP |
|
Which of the following statements about the functionality of LCP are true? (Select three) |
Data can be compressed at the source and decompressed at the destination. Usernames and passwords may be required during the handshake. LCP provides multi link support. |
|
Which of the following are benefits of LCP? (Select three) |
Negotiates the use (or lack) of authentication before starting the session Provides load balancing across multiple links Monitors data dropped on the link and avoids frame looping. |
|
What connection order would two TCP/IP routers use to open a session with PPP? |
LCP, authentication, NCP |
|
PPP supports authentication, compression, and multiple Network layer protocols. Which of the following correctly sequences these functions when a PPP link is established. |
Negotiate compression settings, perform authentication, negotiate Network layer protocols. |
|
Which of the following protocols is used by PPP to enable support for multiple Network layer protocols? |
NCP |
|
Which of the following WAN technologies provides digital dial-up connections on two 64 kbps data channels? |
ISDN BRI |
|
A healthcare organization provides mobile clinics throughout the world. Which network technology should you select to transfer patient statistical data to a central database via the internet to ensure network connectivity for any clinic located anywhere in the world, even remote areas? |
Satelitte |
|
You are moving to an area where DSL will be available in the next six months. Which method of internet connectivity should you implement until DSL is available if your existing connectivity needs are minimal? |
PSTN |
|
Which of the following is most susceptible to interference related to atmospheric conditions? |
Satelitte |
|
Which of the following is a characteristic of SDLS? |
Supports data traffic only (no voice) |
|
Which of the following internet connection technologies requires that the location be within a limited distance of the telephone company central office? |
DSL |
|
Which of the following services are available regardless of whether the telephone company network is available? |
cable modem |
|
Which of the following internet services provides equal upload and download bandwidth? |
SDSL |
|
Which of the following are characteristics of VDSL? (Select two) |
Unequal download and upload speeds Supports both data and voice at the same time |
|
Which of the following cellular network types provide internet connectivity? (Choose four) |
EDGE HSPA+ 4G LTE |
|
Which type of internet services uses the DOCSIS specification? |
Coaxial cable |
|
Which of the following forms of networking are highly susceptible to eavesdropping and must be secured accordingly? |
Wireless |
|
Which of the following technologies does GSM use to allow multiple connections on the same frequency? |
Time division multiple access |
|
Which of the following cellular network types use MIMO to increase 3G data throughput? (Select two) |
LTE HSPA+ |
|
Which of the following describes the EDGE cellular technology? (Select two) |
Offers speeds of 400-1,000 Kbps The first internet-compatible technology |
|
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two) |
Radius TACAS+ |
|
You have decided to implement a remote access solution that used multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following is a required part of your configuration? |
Configure the remote access servers as RADIUS clients. |
|
Which of the following are characteristics of TACACS+? (Select two) |
Uses TCP Allows the possibility of three different servers, on each for authentication, authorization, and accounting. |
|
Which of the following are differences between RADIUS and TACACS+? |
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. |
|
Which of the following protocols can be used to centralize remote access authentication? |
TACACS |
|
RADIUS is primarily used for what purpose? |
Authenticating remote clients before access to the network is granted. |
|
Which of the following is a characteristic of TACACS+? |
Encrypts the entire packet, not just authentication packets. |
|
Which of the following ports are used with TACACS? |
49 |
|
You are configuring your computer to dial up to the internet. What protocol should you use? |
PPP |
|
Which of the following protocols or services is commonly used on cable internet connections for user authentication? |
PPPoE |
|
You have just signed up for internet access using a local provider that gives you a fiber optic line into your house. Form there, Ethernet and wireless connections are used to create a small network within your home. Which of the following protocols would be used to provide authentication, authorization, and accounting for the internet connection? |
PPPoE |
|
You want to set up a service that allows multiple users to dial in to the office server from modems on their home computers. What service should you implement? |
RAS |
|
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that serer that you need. You want toe connection to be as secure as possible. Which type of connection will you need? |
Remote access |
|
Which type of device is required to implement port authentication through a switch? |
RADIUS server |
|
You are troubleshooting physical layer issues with the Gi0/1 interface in a router. You need to view and analyze the numbers of collisions detected on the interface. Which command should you use? |
show interfaces gi0/1 |
|
You are troubleshooting physical layer issues with the Gi0/1 interface in a router. You suspect that a duplex mismatch error has occurred, and yo need to determine the duplex settings configured on the interface. Which commands could you use? (Choose 2. Each response is a complete solutions) |
show interfaces Gi0/1 status show interfaces Gi0/1 |
|
(‘yellow banner’ image) What is wrong with the fa0/1 interface in this example. |
a duplex mismatch exists with the device on the other end of the connection |
|
(‘yellow banner’ image) When you run the show interfaces command on switch1, you observe a significant number of runts on the Gi0/1 interface. What does this statistic indicate? |
Collisions are occuring |
|
A workstation is connected to a switch on the Gi0/2 interface using a straight-through cable. the Ethernet interface in the workstation has been manually configured to use a 100 Mbps link speed in full-duplex mode. Which of the following are true in this scenario? (Select three) |
The switch attempts to sense the link speed. If it can’t, the slowest link speed supported on the interface is selected. If the link speed is 1000 Mbps or faster, full-duplex is used. If the link speed is 10 Mbps, half-duplex is used. |
|
You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time. Which document would help yo identify past average network traffic? |
Baseline |
|
Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet? |
Wiring schematic |
|
You need to find out what kind of laws might apply to the design and operation of your network. Which type of document would you consult? |
Regulation |
|
When troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet. Which type of document would most likely have this information? |
Network diagram |
|
You are troubleshooting the connection of a computer in an office to the punch down block in the distribution closet. Which document would you consult to identify the termination of the cable on the punch down block based on the wall jack location in the office? |
Wiring schematic |
|
Which of the following documents would likely identify that drop cables on your network use the T568A standard? |
Wiring schematic |
|
You want to make sure that the correct ports on a firewall are open or closed. Which document should you check? |
Configuration document |
|
You are troubleshooting a workstation connection to the network. During your troubleshooting, you move the cable in the wiring closet to a different port on the patch panel. Which type of document should you update? |
Wiring schematic |
|
A new law was recently passed that states that all businesses must keep a history of the emails sent between members of the board of directors. You need to ensure that your organization compiles with this law. Which document type would you update first in response to this new law? |
Policy |
|
You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connection the computer to the network. Which type of document should you update? |
change documentation |
|
You plan on implementing a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? |
change management |
|
Which of the following terms describes a test lab environment that does not require the use of physical hardware? |
Virtual sandbox |
|
You manage a network with a wsingle switch. Allhosts connect to the netwrok through the swithch. You want to increase the security of devices that are part of the accounting department. You want to make sure that broadcast traffic sent by accounting computers is only received by other accounting computers, and you want to implement ACLs to control traffic sent to accounting computers though the network. What should you do? |
Use a router to configure a subnet for the accounting computers. |
|
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? |
Port Scanner |
|
What security mechanism can be used to detect attacks originating on the internet of from within an internal trusted subnet? |
IDS |
|
What actions can a typical passive intrusion detection system (IDS) take when it detects and attack? (Select two) |
The IDS logs all pertinent data about the intrusion An alert is generated and delivered via email, the console, or an SNMP trap. |
|
Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Select two) |
Listening to network traffic Monitoring the audit trails on a server |
|
An active IDS system often performs which of the following actions? (Select two) |
Update filters to block suspect traffic. Perform revers lockups to identify an intruder. |
|
Which of the following is the most common detection method used by an IDS? |
Signature |
|
You have just installed a new network-based IDS system that uses signature recognition. What should you do no a regular basis? |
Update the signature files. |
|
Which of the following are security devices that perform stateful inspection of packet data, looking for patterns that indicate malicious code? (Select two) |
IDS IPS |
|
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to unsure that the information is useful for maintaining a secure environment? |
Periodic reviews must be conducted to detect malicious activity or policy violations. |
|
You are concerned about attacks directed at your network firewall. You want to be able to identify attacks and be notified of attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use? |
IPS |
|
As a security precaution, you have implement IPsec between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? |
Host-based IDS |
|
You are concerned about protecting your network form network-based attacks from the internet, specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections). Which type of device should you use? |
Anomaly-based IDS |
|
creating fake resources such as honeypots, honey nets, and tar pits fulfills which of the following main intrusion detection and prevention goals? (select two) |
Reveals information about an attacker’s methods and gathers evidence for identification or prosecution purposes. Offers attackers a target that occupies their time and attention while distracting them form valid resources. |
|
What does a tar pit specifically do to detect and prevent intrusion into your network? |
Answers connection request in such a way that the attacking computer is stuck for a period of time. |
|
If maintaining confidentiality is the utmost importance to your organization, what is the best response when an intruder is detected on your network? |
Terminate the intruders session. |
|
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? |
Penetration testing |
|
What is the main difference between vulnerability scanning and penetration testing? |
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. |
|
What is the primary purpose of penetration testing? |
Test the effectiveness of your security perimeter. |
|
You have decided to perform a double blind penetration test. Which of the following actions should you perform first? |
Inform senior manager |
|
Which of the following activities are typically associated with a penetration test? (Select two) |
Running a port scanner Attempting social engineering |
|
Which of the following types of penetration test teams will provide you information that is most revealing of a real world hacker attack? |
Zero Knowledge team |
|
A security administrator is conducting a penetration test on a network. she connects a notebook system running Linux to the wireless network and then uses NMAP to probe carious network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario? |
Active fingerprinting |
|
A security administrator is conducting a penetration test on a network. she connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts. Which process did the administrator use in the penetration test in this scenario? |
Passive fingerprinting |
|
The tester has detailed information about the target system prior to starting the test. |
White box test |
|
The tester has the same amount of information that would bew available to a typical insider in the organization. |
Grey box test |
|
The tester has no prior knowledge of the target system. |
Black box test |
|
Either the attacker has prior knowledge about the target system or the administrator knows that the test is being performed. |
Single-blind test |
|
The tester does not have prior information about the system, and the administrator has no knowledge that the test is being performed. |
Double-blind test |
|
Identifying phone numbers with modems |
war dialing |
|
Scanning for wireless access points |
Wardriving |
|
Identifying operating system type and version number |
Banner grabbing |
|
Identifying services that can pass through a firewall |
Firewalking |
|
Generates a statement of health (SoH) that reports the client configuration for health requirements. |
NAP client |
|
Runs the System Health Validator (SHV) program. |
NAP server |
|
Is client’s connection point to the network. |
Enforcement server (ES) |
|
Contain resources accessible to non-compliant computers on the limited-access network. |
Remediation server |
|
Your company is s small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented? |
VLAN |
|
A network switch is configured to perform the following validation checks on its ports: -All ARP requests and responses are intercepted. Which security feature was enabled on the switch to accomplish this task? |
Dynamic ARP inspection |
|
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network,. You would like to implement a solution that prevents the laptops form connecting to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use? |
NAC |
|
A network utilizes a network access control (NAC) solution to protect against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called? |
Posture assesment |
|
Which of the following actions should you take to reduce the attack surface of a server? |
Disable unused services |
|
What type of security uses MAC addresses to identify devices that are allowed or denied a connection to a switch? |
Port security |
|
MAC address manually identified as an allowed address. |
SecureConfigured |
|
A MAC address that has been learned and allowed by the switch. |
SecureDynamic |
|
A MAC address that i manually configured or dynamically learned that is saved in the config file. |
SecureSticky |
|
You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers into the free network jacks and connect to the network, but you wan employees who plug into those same jacks should be able to connect to the network. What feature should you configure? |
Port authentication |
|
In which of the following situations would you use port security? |
You want to restrict the devices that could connect through a switch port. |
|
You are the network administrator for a city library. Throughout the library, there are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You’ve had problems with patrons bringing personal laptops into the library and disconnection the network cables from the library computers to connect their laptops to the internet. the library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. you want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can yo do to fix this problem? |
Configure port security on the switch |
|
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do no have the latest operating system patches, you want to prevent access to all network devices except for a special server that Which of the following components will be part of your solution? (Select two) |
Remediation servers 802.1x authentication |
|
A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organizations firewall. As a result, the switch drops the DHCP message from that server. Which security feature was enable on the switch to accomplish this? |
DHCP Snooping |
|
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? |
Test the hotfix, then apply it to all servers. |
|
Which of the following is the best recommendation for applying hotfixes to you servers? |
Apply only the hotfixes that apply to software running on your systems. |
|
Which of the following terms describes a Window operating system patch that corrects a specific problem and is released on a a short-term, periodic basis (typically monthly)? |
Hotfix |
|
Which of the following statements is true? A system image backup: |
Is saved as a .vhd file. |
|
Which of the following media types can you save backup files on? (Select two) |
External hard drives Network attached storage (NAS) |
|
In addition to performing regular backups, what must you do to protect your system from data loss? |
Regularly test restoration procedures. |
|
What should you store backup media off site? |
To prevent the same disaster from affecting both the network and the backup media. |
|
You just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires and ID card for access You backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with the username admin and the password admin. You used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two) |
Change the default administrative user name and password. Use an SSH client to access the router configuration. |
|
You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save the file on the server, and print files to a printer connected to a computer at home. Which protocol should you use? |
RDP |
|
Which of the following protocols or services would you associate with Window’s Remote Desktop Service network traffic? |
RDP |
|
You manage a server at work that has just been configured with anew application. Consequentially, the server has crashed several times during the last week. You think yo have resolved the problem, but you would like to be able to manage the server remotely just in case more issues occur. Which of the following protocols would you use for remote management? (Select two) |
VNC ICA |
|
You are considering using Wi-Fi triangulation to track the location of wireless devices within your organization. However, you have read on the internet that this type of tracking can prod cue inaccurate results. What is the most important consideration for getting reliable results when implementing this type of system? |
Signal strenghth |
|
Users take pictures of proprietary processes and procedures |
Specify where and when mobile devices can be possessed in your acceptable use policy |
|
Devices with a data plan can email stolen data. |
Specify where and when mobile devices can be possessed in your acceptable use policy |
|
Devices have no PIN or password configured. |
Enroll devices in mobile device management system. |
|
Anti-malware software is not installed. |
Implement a network access control (NAC) solution. |
|
A device containing sensitive data may be lost. |
Enroll devices in a mobile device management system. |
|
Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. to increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution) |
Configure and apply security policy settings in a mobile device management system. Enroll the devices in a mobile device management system. |
|
Your organization recently purchased 18 iPad tablets for use by the organization’s management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this?(Select two. Each option is part of a complete solution) |
Configure and apply security policy settings in a mobile device management system. Enroll the devices in a mobile device management system. |
|
Your organization’s security policy specifies that, regardless of ownership, any mobile device that connects to your internal network must have remote wipe enable. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Which of the following should you implement to ensure organizational data can be remote wiped while preserving personal data? |
Storage segmentation |
|
Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to our network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each Response is a separate solution.) |
Implement storage segmentation Enable device encryption |
|
Which of the following mobile device security consideration disables the ability to use the device after a short period of inactivity? |
Screen lock |
|
Which of the following are not reasons to remote wipe a mobile device? |
The device is inactive for a period of time. |
|
A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device? |
Remote wipe |
|
Many of the end users in Your organization are bringing their own personal mobile devices to work and are storing sensitive data on them. To prevent the data from being compromised, you create a could-based Microsoft Intune account and configure mobile device security policies. You no w need to apply those security policies to the end users’ mobile devices. What should you do? (Select two. Each option is part of a complete solution) |
Enroll the devices with the Intune service. Download and install the Intune client software on the mobile device. |
|
Which of the following enterprise wireless configuration strategies best keep public wireless access separate from private wireless access? |
Configure a quest access WLAN that uses open authentication and isolates quest WLAN traffic from other clients on the same access point. |
|
The owner of a hotel has contracted you to implement a wireless network to provide internet access for patrons. The owner has asked that you implement security controls so that only paying patrons are allowed to use the wireless network. She wants them to be represented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, they should then be allowed full access to the internet. If a patron does not provide the correct code, they should not be allowed to access the internet. Under no circumstances should patrons be able to access the internal hotel network where sensitive data is stored. What should you do? |
Implement a guest network |
|
Which of the following is the least effective power loss protection for computer systems? |
Surge protector |
|
You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage and a single connection to your ISP. You want to provide redundancy so that a failure in a single component does not cause the website to become unavailable. What should yo add to your configuration to accomplish this? |
Connect one server to the internet through a different ISP. |
|
Beside protecting a computer from under-voltages, a typical UPS also performs which two actions? |
Conditions the power signal Protects from over-voltages |
|
Components withing your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60%, and the temperature is 80 degrees. What should you do to help reduce problems? |
Add a separate A/C unit in the server room. |
|
You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network. Which of the following should you implement? |
Positive pressure system |
|
You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for virtualization. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a straight-through UTP cable that will run across the floor of the data center. To protect equipment from power failures, you also plan to install a UPS in the rack along with redundant power supplies for the server. Will this configuration work? |
No. You should not run a cable across the floor of the data center. |
|
You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for file storage and database server. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a straight-through UTP cable that will run through the suspended tile ceiling of the data center. To Provide power for the new devices, you had an electrician install several new 20-amp wall outlets near the new rack. Each device in the rack will be plugged directly into one of these new wall outlets. What is wrong with this configurations? (Select two) |
You should implement a UPS between the wall outlet and the network devices. You should implement redundant power supplies for the network devices. |
|
You have purchased a solar backup power device to provide temporary electric power to critical systems in your data center should the power provided by the electrical utility company go out. The solar panel array captures sunlight, converts it into direct current (DC) and sores i in large batteries. Th power supplies in the servers, switches, and routers in your data center require alternating current (AC) to operate. Which electrical device should you implement to convert the DC power stored in the batteries into AC power that can be used in the data center? |
Inverter |
|
You have been struggling to keep the temperature in your server room under control. To address this issue, you have decided to reconfigure the room to create hot and cold aisles. Which of the following are true concerning this configuration (Select two) |
The rear of your servers should face the hot aisle. The front of your servers should face the cold aisle. |
|
You’ve just installed a new 16U wall-mounted rack in your data center. You need to install the following equipment in ts rack: -A 4U redundant power supply Which of the following equipment will also fit in this rack along with the above equipment? |
2U UPS |
|
Your 24U rack currently houses two 4U server systems. To prevent overhearing, you’ve installed a rack-mounted environment monitoring device within the rack. Currently, the device shows that the temperature within the rack sis 70 degrees Fahrenheit (21 degrees Celsius). what should you do? |
Nothing. The temperature within the rack is within acceptable limits. |
|
You have been hired by a startup company to install a new data center. The company is small, so they have elected to use an unused employee break room as the data center. You are concerned about the physical security of the servers that will be installed int the data center. What should you do? (Select two) |
Install racks with locking doors. Install a biometric lock on the data center door. |
|
You are concerned about attacks directed at the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use? |
Packet sniffer |
|
You have a website that customers use to view product information and place orders. You would like to identify the maximum number of simultaneous sessions that this server can maintain before performance is negatively impacted. Which tool should you use? |
Load tester |
|
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device connected to the same hub that is connected to the router. When you run the software, you only see frames addressed too the workstation, not other devices. Which feature should you configure? |
Promiscuous mode |
|
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you ruin the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure? |
Mirroring |
|
You want to know what protocols are being used on your network. You’d like to monitor network traffic and sort traffic based on protocol. Which tool should you use? |
Packet sniffer |
|
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device. Which tool should you use? |
Protocol analyzer |
|
You have heard about a Trojan horse program where the compromised system sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker. Which log should you monitor? |
Firewall |
|
You have a small network of devices connected togegher using a switch. You want to capture the traffic that is sent form Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do? |
Run the packet sniffer application on Host B. |
|
Each of the following are tools used to check the health of a network. Which of these is typically used for managing and sending messages from one computer system to another? |
syslog |
|
Which of the following are reasons to use a protocol analyzer? (Select two) |
Identify users that are connecting to unauthorized websites. Find devices that might be using legacy protocols, such as IPX/SPX or NetBIOS. |
|
You have a WAN link that connects two sites. The WAN link is supposed to provide 1.5 Mbps of bandwidth. You want to perform a test to see the actual bandwidth of the link. Which tool should yo use? |
Throughput tester |
|
You have installed a new application on a network device. during testing, it appears as if the software is causing other services running on the device to stop responding. Which tool should you consult to identify the problems? |
Application log |
|
You manage a firewall that connects your private network to the internet. You would like to see a record of every packet that has been rejected by the firewall in the past moth. Which tool should you use? |
Event log |
|
You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would yo most likely examine? |
Performance |
|
Which of the following functions can a port scanner provide? |
Determining which ports are open on a network. |
|
You are the network administrator for a growing business. When you were hired, the organization was small, and only a single switch and router were required to support your users. During this time, you monitored log messages from your router and switch directly from each devices console. The organization has grown considerably in recent months. Now you manage with individual switches and three routers. It’s becoming more and more difficult to monitor these devices and stay on top of issues in a timely manner. What should yo do? |
Use syslog to implement centralized logging. |
|
Which of the following is a standard for sending log messages to a central logging server? |
Syslog |
|
Consider the following output generated by the show interface fa0/0 command generated on a router: FastEthernet0/0 is up, line protocol is up Which of the following statements are true about the fa0/0 interface? (Select 3) |
One cyclic redundancy check error has occurred. Several collisions have occurred. The interface is dropping incoming packets. |
|
Consider the following message generated on a router: *Aug 8 11:18:12.081: %LINEPROTO-5UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down. What facility generated this message? |
%LINEPROTO |
|
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do? |
Implement version 3 of SNMP. |
|
Which of the following are improvements to SNMP that are included within SNMP version 3? (Select two) |
Encryption of SNMP messages Authentication for agents and managers. |
|
Which protocol uses traps to send notifications from network devices? |
SNMP |
|
Because of an unexplained slowdown on your network, you decided to install monitoring software on several key network hosts to locate the problem. Yo will then collect and analyze the data from a central network host. Which protocol will the software use to detect the problem? |
SNMP |
Share This
Flashcard
