n10 008 Exam Simulation 3

lOMoARcPSD|18976918
N10-008 Exam Simulation 3
Network Security (Henry Ford College)
Studocu is not sponsored or endorsed by any college or university

Downloaded by Wayne Wayne (jaygalaxy01@gmail.com)
lOMoARcPSD|18976918
12/3/23, 3:09 PM N10-008 Exam Simulation
Simulated Exam December 2, 2023 Test ID: 274745042
Question #1 of 90 Question ID: 1537031
Your company is considering converting to the use of IPv6 addresses. What are the three types of Internet Protocol version 6
(IPv6) addresses? (Choose 3)
A) Broadcast
B) Multicast
C) Unicast
D) Dual-cast
E) Anycast
Explanation
Unicast, multicast, and anycast are types of IPv6 addresses.
Unicast address: This type of address is used to define a single destination interface. A packet sent to a unicast address is
delivered to the specific interface.
Multicast address: This type of address is used to define a group of hosts. When a packet is sent to a multicast address, it is
delivered to all the hosts identified by that address. Multicast addresses begin with the prefix FF00::/8. The second octet
identifies the range over which the multicast address is propagated.
FF01:0:0:0:0:0:0:1: Indicates all-nodes address for interface-local scope.
FF02:0:0:0:0:0:0:2: Indicates all-routers address for link-local.
Anycast address: This type of address is used to identify a set of devices. These addresses are also assigned to more than
one interface belonging to different nodes. A packet sent to an anycast address is delivered to just one of the interfaces, based
on which one is closest. For example, if an anycast address is assigned to a set of routers, one in India and another in the
U.S., the users in the U.S. will be routed to U.S. routers and the users in India will be routed to the router in India.
The broadcast option is incorrect because broadcast addresses are not supported by IPv6. Broadcast functionality is provided by
multicast addressing. Broadcast messages can be sent on a IPv4 network if you know the broadcast address for the network.
The dual-cast option is incorrect because this is not a valid IPv6 address type.
Objective:
Networking Fundamentals
Sub-Objective:
Given a scenario, configure a subnet and use appropriate IP addressing schemes.
References:
Unicast, Multicast and Anycast, http://www.omnisecu.com/tcpip/ipv6/unicast-multicast-anycast-types-of-network-communication-in-

ipv6.php
https://www.kaplanlearn.com/education/test/print/86319218?testId=274745042 1/94
lOMoARcPSD|18976918
You administer a network for your company. You determine that there is a network connectivity problem on one of the computers
on the network. You re-create the problem and determine that the problem is located in the NIC. You establish a theory of probable
cause. Which step should you take next to troubleshoot the problem?
A) Implement a correction plan.

B) Form a correction plan.
C) Provide feedback to the users of the computer.
D) Test the theory.
Explanation
The troubleshooting order according to the CompTIA Network+ blueprint is as follows:
1. Identify the problem.

a. Gather information.
b. Question users.
c. Identify symptoms.
d. Determine if anything has changed.
e. Duplicate the problem, if possible.
f. Approach multiple problems individually.
2. Establish a theory of probable cause.
a. Question the obvious.
b. Consider multiple approaches.
i. Top-to-bottom/bottom-to-top OSI model
ii. Divide and conquer
3. Test the theory to determine cause.
a. If the theory is confirmed, determine next steps to resolve the problem.
b. If the theory is not confirmed, re-establish new theory or escalate.
4. Establish a plan of action to resolve the problem and identify potential effects,
5. Implement the solution or escalate as necessary,
6. Verify full system functionality and, if applicable, implement preventive measures.
7. Document findings, actions, outcomes, and lessons learned.
You have already identified the problem, re-created the problem, and established a theory of probably cause. You should now test
the theory. In this scenario, the correction plan might involve running diagnostics on the network interface card (NIC) or simply
replacing the NIC. If the test confirms you theory, you should then proceed through the other troubleshooting steps.
Objective:
Network Troubleshooting
Sub-Objective:
Explain the network troubleshooting methodology.
lOMoARcPSD|18976918
References:
A Guide to Network Troubleshooting, https://www.comptia.org/content/guides/a-guide-to-network-troubleshooting
The cable used on your network is shown in the exhibit.
Which transmission medium is shown?
A) Twinaxial
B) STP
C) Coaxial
D) Fiber-optic
E) UTP
Explanation
Coaxial cable has an inner conductor surrounded by a shield. The inner conductor is separated from the shield using insulating
material.
Coaxial cable comes in two varieties: ThinNet and ThickNet. ThinNet cable is .64 centimeters (.25 inches) thick and carries signals
up to 185 meters (607 feet). ThickNet is 1.27 centimeters (.5 inches) thick and carries signals up to 500 meters (1,640 feet).
Like a coaxial cable, a twinaxial cable is a copper cable. However, unlike a coaxial cable, a twinaxial cable has two internal
conductors. Twinaxial cables are often seen as a cost-efficient method for very short and high-speed communication.
Shielded twisted pair (STP) cable is shown in the following exhibit:
lOMoARcPSD|18976918
Note the layer of shielding in the exhibit. This is the key to distinguishing between UTP and STP cable. Due to the shielding, STP
can support higher transmission rates over longer distances than UTP. STP is typically used in a Token Ring network.
The following is a table of network media comparisons:
lOMoARcPSD|18976918
Objective:
Sub-Objective:
Summarize the types of cables and connectors and explain which is the appropriate type for a solution.
References:
What is a Coaxial Cable and How is it Used?, https://www.ppc-online.com/blog/what-is-coaxial-cable-and-how-is-it-used
Which of the following would be used to help defend against a man-in-the-middle attack?
A) BPDU guard
B) Root guard
C) DHCP snooping
D) Flood guard
Explanation
DHCP snooping prevents an unauthorized DHCP server from issuing IP addresses to clients. The unauthorized or rogue DHCP
server is often used in man-in-the-middle attacks. A trusted server is identified on a specific switch port by configuring the DHCP
Snooping Trust State. This allows DHCP traffic to flow through the port. A DHCP server attached to a port that does not have a
properly configured trust state will have its traffic blocked.
Current Web communications can also be secured against eavesdropping, hijacking, and man-in-the-middle (MitM) attacks
through mutual certificate authentication via Transport Layer Security (TLS). The encryption negotiated by TLS between a Web
client and Web server provides protection against eavesdropping and hijacking, and the mutual authentication using certificates
that provides protection against MitM attacks.
Bridge Protocol Data Unit (BPDU) guard works with Spanning Tree Protocol (STP) and PortFast. When a switch receives a BPDU,
the BPDU guard disables the port on which PortFast has been configured. It prevents looping, not man-in-the-middle attacks.
Flood guard establishes the maximum number of MAC addresses that can be seen by an interface. The switch monitors the traffic
on the interface. If the network gets flooded with MAC addresses, the flood monitor can intervene by disabling ports and filtering
out traffic. Denial of Service (DoS) attacks may use traffic flooding to deny valid users the ability to interact with resources at an
acceptable level, pace, or throughput. It prevents DoS flooding attacks, not man-in-the-middle attacks.
Root guard protects the integrity of the root bridge in a spanning-tree environment. Root guard ensures that the switch you
designate as the root bridge remains in that role until changed by an administrator. It is the same thing as a BPDU guard, which
prevents looping.
Objective:
Network Security
lOMoARcPSD|18976918
Sub-Objective:
Given a scenario, apply network hardening techniques.
References:
Five Things To Know About DHCP Snooping, http://packetpushers.net/five-things-to-know-about-dhcp-snooping/
Which of the following would be the best recovery solution in the event that a network segment is unavailable?
A) Redundant circuits
B) Battery backup/UPS
C) Power generators
D) Dual power supplies
Explanation
Redundant circuits would be the best recovery solution in the event that a network segment becomes unavailable. The redundant
circuit can provide a backup route if a NIC, cable, router, or switch fails. You can create a redundant circuit buy installing an
additional NIC in a computer and connecting the second NIC to a different port on another switch.
Battery backups or uninterruptable power supplies (UPSs) provide temporary power to a limited number of systems. UPSs are
designed to provide enough power to allow an orderly shutdown of a system in the event of a power failure. Another infrastructure
device that helps mitigate the risks of downtime or power outages is a power distribution unit (PDU). PDUs arePDUs are devices
that areare fitted with multiple outputs that distribute electrical power to racks of computers or similar networking equipment. PDUs
provide a simpler solution to power metering by controlling power outlet flows and managingmanaging important external sensors.
Power generators activate when there is a loss of power to the entire office or facility. Power generators are usually gasoline or
diesel engines, and will run as long as they have fuel and do not break down. They provide power for much longer periods of time
than a battery backup or UPS, and are part of natural disaster recovery planning.
Dual power supplies provide redundancy in the event of a failure of one of the power supply units internally within a computer. The
failure of the power supply on a mission-critical server can be catastrophic. Equipping such a server with a dual power supply will
provide redundancy and increase uptime.
Objective:
Network Operations
Sub-Objective:
Explain high availability and disaster recovery concepts and summarize which is the best solution.
References:
Build Redundancy into Your LAN/WAN, http://www.itprotoday.com/management-mobility/build-redundancy-your-lanwan
lOMoARcPSD|18976918
Which term is used to describe the ability to respond to a single point of failure on a network?
A) RAID
B) Clustering
C) Fault tolerance
D) Loopback
Explanation
The ability to respond to a single point of failure on a network is called fault tolerance. Fault tolerance on servers involves
hardware RAID, UPS systems, power conditioning, backups, and clustering.
Fault tolerance refers to making sure that devices are safe from any kind of problem that might occur with them. It carries with it
the ideas of redundancy, backups, clustering, power conditioning, RAID, and UPS systems that can keep computers up and
running.
Clustering and RAID are associated with fault tolerance on servers, rather than fault tolerance on a network.
Loopback is a test in which data is sent from a source to a destination and then back to its source to determine if the path is
working properly and data is accurate.
Network fault tolerance amounts to redundancy in both the network gear and the backbone links that connect wiring closets
together. The key component for routers, switches, and hubs are redundant parts. Your goal with network gear is to look for single
points of failure (SPOFs), and provide redundancy to make sure the network remains up and functional. To ensure a company's
long term health in the event of a disaster, redundancy and offsite backups are two of the best tools to implement.
Firewalls are also critical to ensuring redundancy. Establishing multiple firewalls in a network greatly increases security in the event
that one is broken as well as can help secure different zones within a network and monitor the traffic sent between them greatly
reducing security concerns.
Objective:
Network Operations
Sub-Objective:
References:
What is fault tolerance, http://www.webopedia.com/TERM/F/fault_tolerance.html
In the context of physical security, which statement related to security guard personnel is most appropriate?
lOMoARcPSD|18976918
A) Security guard personnel are a cost effective countermeasure to reduce physical security
risk.
B) Security guard personnel are the most expensive countermeasure for reducing the
physical security risk.
C) Security guard personnel act as the last line of defense in securing the facility
infrastructure.
D) Security guard personnel are one of the administrative controls in a layered security
architecture.
Explanation
Security guard personnel are the most expensive countermeasure used to reduce physical security risks. The cost of hiring,
training, and maintaining them can easily outweigh the benefits. Security guard personnel, in combination with other physical
security controls and technical controls such as fences, gates, lighting, dogs, CCTVs, alarms, and intrusion detection systems, act
as the first line of defense in maintaining the security of a facility infrastructure.
Security guards are the best protection against piggybacking. Piggybacking is a physical cyber-attack where an unauthorized party
gains access to the premises by following an authorized employee in the door as they open it. A similar social engineering attack to
piggybacking is tailgating. Tailgating is when a malicious actor gains access to a restricted premises of an area by following after
someone who has just opened a door to a restricted area.The main difference is that piggybacking occurs with the authorized
user’s knowledge, while tailgating does not.
Mantraps (also known as access control vestibules) also provide protection against piggybacking. The last line of defense is the
remaining workforce of the company, excluding the security guards, in a layered security architecture. Personnel are an example of
physical security controls and not administrative controls.
Objective:
Network Security
Sub-Objective:
Explain the importance of physical security.
References:
Security Guards, http://homesecurity.about.com/od/homesecurity/a/Security-Guards.htm
Your company plans to redesign its network in the coming months. As part of this redesign, a guest network will be set up to allow
any guests to have Internet access. This guest network will be a public network that it isolated from your private corporate network.
What does this network segmentation provide?
A) improved network performance for internal personnel

B) high availability through redundancy
lOMoARcPSD|18976918
C) improved security through isolation

D) link aggregation
Explanation
Implementing a separate guest network will provide improved security through isolation. Because the guest network is isolated,
you can set up security controls to ensure that guests cannot communicate with the private corporate network.
None of the other solutions are provided by the network segmentation. Link aggregation occurs when two links work together to
provide better throughput. High availability through redundancy is ensured when redundant systems are implemented, such as
redundant WAN links or redundant RAID arrays. Improved network performance for internal personnel cannot be ensured based
on the implementation you have described. The only way to ensure improved network performance for internal personnel is to
implement Quality of Service (QoS) or some other technology that allows you to regulate traffic.
Objective:
Network Security
Sub-Objective:
References:
Network Virtualization--Guest and Partner Access Deployment Guide,

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/GuestAcc.html
Your company’s enterprise network includes multiple subnets, each of them using a different addressing class. You need to identify
IP addresses by matching the first two octets of the IP address with its corresponding class and type. Which address class below
is not matched to the first two octets of a correct IP address?
A) Class C private – 169.254.x.x.

B) Class A private − 10.6.xx.xx
C) Class A public − 77.24.x.x
D) Class B public − 143.91.xx.xx
Explanation
A Class C private address has 192.168.x.x as the first two octets.
169.254.x.x represents the first two octets of an APIPA address
The others are correct
Other classes of IP addresses can be matched to their first two octest:
Class B Private − 172.20.x.x
lOMoARcPSD|18976918
Class C Public − 204.29.xx.xx
Class A addresses are in the 0.0.0.0 through 126.255.255.255 range. Class B addresses are in the 128.0.0.0 through
191.255.255.255 range. Class C addresses are in the 192.0.0.0 through 223.255.255.255 range.
There are three reserved private IP address ranges:
Class A − 10.0.0.0 through 10.255.255.255

Class B − 172.16.0.0 through 172.31.255.255
Class C − 192.168.0.0 through 192.168.255.255
Automatic Private IP Addressing (APIPA) addresses are in the 169.254.0.0 through 169.254.255.255 range
Objective:
Sub-Objective:
References:
IP4 Address Classes, http://compnetworking.about.com/od/workingwithipaddresses/l/aa042400b.htm
Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column
on the right to match the protocol with the correct default port.
{UCMS id=5689560602247168 type=Activity}
Explanation
The protocols given use these default ports:
Port 20 − FTP
Port 23 − Telnet
Port 25 − SMTP
Port 53 − DNS
Port 80 − HTTP
FTP also uses port 21, but it was not listed in this scenario.
Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
lOMoARcPSD|18976918
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161/162
LDAP – 389
HTTPS – 443
SMB – 445
Syslog – 514
SMTP TLS – 587
LDAPS – 636
IMAP over SSL – 993
POP3 over SSL –995
Structured Query Language (SQL) Server – 1433
SQLnet –1521
H.323 – 1720
MGCP – 2427/2727
MySQL –3306
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
Objective:
Sub-Objective:
Explain common ports and protocols, their application, and encrypted alternatives.
References:
List of TCP and UDP Port Numbers, http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
You have recently been hired as a network administrator. Soon after starting at the new company, you realize that not all
appropriate network documentations has been created. Specifically, you need to set for the network rules, including the who, what,
and when of the rules. Which configuration management documentation should you create?
A) policies
B) baselines
lOMoARcPSD|18976918
C) procedures
D) regulations
Explanation
Policies set forth the network rules, including the who, what, and when of the rules. Policies tell what the rules are, who is covered
by the rule, and when the rule applies.
Baselines are primarily used to identify performance issues. They are actually performance statistics used for comparative
purposes. By establishing a performance baseline, you can ensure that performance issues are identified much more easily in the
future.
Procedures set forth the steps that must be taken to enforce the policies. Procedures tell how to achieve the desired results.
Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state
government. Regulations are established by entities outside the network owner.
Objective:
Network Operations
Sub-Objective:
Explain the purpose of organizational documents and policies.
References:
Difference between policy and procedure, http://www.differencebetween.net/miscellaneous/difference-between-policy-and-

procedure/
You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have
changed. Which change management documentation should you revise?
A) network baseline
B) logical network diagram
C) physical network diagram
D) wiring schematic
Explanation
You should only revise the physical network diagram. The physical network diagram includes cable lengths and types, server
names, IP addresses, server roles, network equipment locations, and number of network users. An example of a physical network
diagram is shown in the following exhibit:
lOMoARcPSD|18976918
You should not revise the logical network diagram. The logical network diagram includes server roles, domain architecture,
protocols used, and trust relationships. Server names and IP addresses are not included in the logical network diagram. An
example of a logical network diagram is shown in the following exhibit:
You should not revise the network baseline. A network baseline includes performance statistics for your network. Changing the IP
address scheme and server names will not affect the network baselines. A network baseline is not an exhibit, but a listing of
performance statistics.
lOMoARcPSD|18976918
You should not revise the wiring schematic. The wiring schematic emphasizes the flow of the network. It includes equipment
symbols and lines that indicate the flow. Changing the IP address scheme and server names will not affect the wiring schematic.
An example of a wiring schematic is shown in the following exhibit:
Objective:
Network Operations
Sub-Objective:
References:
What is a logical network diagram?, http://www.wisegeek.com/what-is-a-logical-network-diagram.htm
What is a network diagram?, http://www.wisegeek.com/what-is-a-network-diagram.htm
Which option is a method of providing physical security for a network?
A) the use of public keys
B) the use of passwords
C) the use of security badges
D) the use of message digests
Explanation
lOMoARcPSD|18976918
Physical security limits access to the physical components of a network. Of the choices listed, the use of security badges is a
method of providing physical security for a corporate network because only individuals with valid badges are allowed on company
premises or in particular company areas.
A public key is used in asymmetric encryption. A message encrypted with a public key can be decrypted with the corresponding
private key, which is kept secret. A message digest is a number produced by processing a file with a hashing algorithm, such as
MD5 or SHA. A message digest, also referred to as a hash, can be used to determine if a file has been changed since the original
message digest was created for the file. You would use an SHA or MD5 hash if you need to ensure that security updates that are
stored on a central server have not been changed. You would compare the hash value that you obtain to the hash value that the
company gives you. If the hash values do not match, the file has been compromised.
A password and a user name are typically required for authentication on a computer network. Public keys, passwords, and
message digests do not limit access to the physical components of a network; therefore, these three protective measures do not
provide physical security for a network.
For the Network+ exam, you must understand the following physical security controls:
Mantraps or access control vestibules − a set of double doors usually monitored by a security guard. Only one person is
allowed to enter the second set of doors when buzzed in by the security guard or by scanning their identification card.
Network closets − All networking devices, including routers and switches, should be protected from public access by placing
them in locked closets or rooms.
Video monitoring − Video monitoring, including IP cameras and closed-circuit television (CCTV), records all activities that occur
in the monitored areas. If tapes or DVDs are used, you should have a regular replacement schedule. A system that uses some
sort of hard drive is a better option because it will allow more storage. In most cases with video monitoring, once the recording
medium fills, new recorded data will overwrite older recorded data. So consider carefully any repercussions of any system you
may use.
Door access controls − Door access controls include any mechanism that is used to ensure that only authorized personnel can
enter through a specific door. The most popular door access control is a lock with a key. However, you can also use keypads
or cipher locks, which allow you to periodically change the entry code and may even allow you to issue different codes to
personnel to allow you to track entry and exit.
Proximity readers/key fob − requires the use of some sort of proximity or smart card to enter the building or data center.
Preventing access to a user with a valid card is as simple as disabling that user's card.
Biometrics − uses some sort of physical or behavioral characteristic to allow access. Users may scan their iris, retina,
fingerprint, or some other physical characteristic. Behavioral versions require the user to input a certain pattern, write a certain
phrase, or even input a certain phrase.
Objective:
Network Security
Sub-Objective:
References:
What is physical security?, https://searchsecurity.techtarget.com/definition/physical-security
lOMoARcPSD|18976918
Management has decided to implement a small private network for guests. The network will consist of Windows 7 computers that
will only be able to access the other computers on the private network. You recommend that the small private network use APIPA
addresses. Which is the following is a valid APIPA address?
A) 169.254.2.120
B) 172.16.4.36
C) 192.168.16.45
D) 10.1.1.131
Explanation
The 169.254.2.120 address is a valid Automatic Private IP Addressing (APIPA) address. By default, Windows XP and Windows 7
client computers are configured to use an APIPA address if the DHCP server does down. The addresses in the APIPA range are
169.254.0.0 through 169.254.255.255. These addresses are not routable and are therefore only usable on the local subnet.
The other addresses are all part of the three private IP address ranges, as shown below:
10.0.0.0 through 10.255.255.255

172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255
To prevent the use of APIPA addresses, you should change the default settings on the Alternate Configuration tab of the Internet
Protocol Version 4 Properties dialog box. On this tab, you can specifically configure a static IP address that the computer can use.
Private IP addresses can only be used on the private network. To connect to the Internet, computers that use private IP addresses
with need some sort of Network Address Translation (NAT) service. Public IP addresses allow computers to communicate on the
Internet without t using the single public address of the NAT server.
A challenge with basic NAT, however, is that it provides a one-to-one mapping of inside local addresses to inside global addresses,
meaning that a company would need as many publicly routable IP addresses as it had internal devices needing IP addresses.
Many routers support Port Address Translation (PAT), which allows multiple inside local addresses to share a single inside global
address (a single publicly routable IP address).
Objective:
Sub-Objective:
References:
Advanced IP Addressing, http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=5
lOMoARcPSD|18976918
Which of these devices can be used to divert incoming web traffic to specific servers based on its content?
A) VPN concentrator
B) AAA server
C) Load balancer
D) Wireless controller
Explanation
A load balancer can be used to divert incoming web traffic by content to specific servers. This will reduce the workload on the
primary server. The destination server is determined by data in Transport layer or Application layer protocols. Traffic distribution
can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest
response time.
A VPN concentrator provides enhanced capabilities to a VPN router, including adding data and network security. It also creates
and manages site-to-site VPN connections.
An authentication, authorization, accounting (AAA) server performs separate authentication, authorization, and accounting tasks. A
Remote Access Dial-In User Service (RADIUS) provides AAA services in a centralized location. Whenever using RADIUS or
similar remote access methods, organizations should establish remote access policies. These policies can be useful in determining
who can remotely gain access to a network, when they can access the network, where they can access the network from, and how
they can access the network.
Wireless controllers provide central management of wireless access points. Without wireless controllers, each access point must
be configured individually.
Objective:
Network Implementations
Sub-Objective:
Compare and contrast various devices, their features, and their appropriate placement on the network.
References:
Load balancer, https://f5.com/glossary/load-balancer
You have two Web servers, named WebSrv1 and WebSrv2. You need to configure the Web servers so that they share the Web
request load equally. What should you do?
A) Implement traffic shaping.

B) Implement an active/passive cluster.
lOMoARcPSD|18976918
C) Implement an active/active cluster.

D) Implement Quality of Service (QoS).
Explanation
You should implement an active/active cluster, also known as a load-balancing cluster. This will ensure that the two Web servers
share the Web request load equally.
All of the other technologies help with performance optimization, but would not balance the Web request load.
You should not implement an active/passive cluster, also known as a failover cluster. With active/passive, one of the Web servers
handles the Web request load. If the active server fails, then the passive server will take over the Web request load.
You should not implement traffic shaping. Traffic shaping is a specialized type of Quality of Service (QoS) feature where traffic from
each host is monitored. When traffic from the host is too high, packets are then queued. Traffic shaping can also define how much
bandwidth can be used by different protocols on the network.
You should not implement QoS. QoS provides varying levels of network bandwidth based on the traffic type. Each traffic type has
its own queue. Each traffic type queue is given its own priority. Traffic types with a higher priority are preferred over lower priority
traffic types.
High availability is an important concern regarding Web servers. Operating Web servers in a cluster environment could improve
availability. Providing two identical Web servers would improve availability and provide redundancy.
Redundancy is the process of adding additional network devices, equipment, and communication mediums within a network.
These extra devices ensure that even if one were to fail, there are multiple other devices that can keep the network running while
the problem is identified. High availability is designed to keep system running in the event of a disaster. Two additional ways to
help ensure redundancy are implementing multiple internet service providers and using diverse pathways. Multiple internet service
providers can provide redundancy if one of the providers loses service. Having multiple and diverse pathways within a network can
ensure that the network can still function and transmit information in the event that one pathway fails.
Objective:
Network Operations
Sub-Objective:
References:
Active/Active vs Active/Passive Clustering, https://www.jscape.com/blog/active-active-vs-active-passive-high-availability-cluster
You are analyzing communication over your network. You have captured all the packets sent to and from a server on your network.
You need to filter the packet capture to only IMAP4 protocol communications. Which port does this protocol use?
A) UDP port 143
lOMoARcPSD|18976918
B) TCP port 25
C) TCP port 143
D) UDP port 25
E) TCP port 110
F) UDP port 110
Explanation
Internet Message Access Protocol version 4 (IMAP4) is an Internet protocol for e-mail retrieval that uses TCP port 143. IMAP4
works at the Application layer of the OSI model.
Post Office Protocol version 3 (POP3) is an e-mail message retrieval protocol that uses TCP port 110. Simple Mail Transfer
Protocol (SMTP) is an e-mail message protocol that uses TCP port 25. POP3 and SMTP work at the Application layer of the OSI
model.
These protocols are connection-oriented protocols, and therefore require the use of TCP. UDP is a connectionless protocol. The
TCP header implements flags, while the UDP header does not. These flags are used to indicate information about the packet
transfer, such as connection state or other similar info. The Internet Protocol (IP) is the communications protocol for relaying data
across networks. Its routing function enables internetworking, and essentially establishes the Internet.
For the Network+ exam, you will also need to know about Ethernet headers. An Ethernet header identifies the details of the traffic
that is contained in any Ethernet traffic. By examining these Ethernet headers, it is possible to compare what the header displays
to what the data packet contains.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137-139
IMAP – 143
SNMP – 161/162
LDAP – 389
HTTPS – 443
SMB – 445
Syslog – 514
SMTP TLS – 587
LDAPS – 636
IMAP over SSL – 993
POP3 over SSL –995
lOMoARcPSD|18976918
Structured Query Language (SQL) Server – 1433

SQLnet –1521
H.323 – 1720
MGCP – 2427/2727
MySQL –3306
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
Objective:
Sub-Objective:
References:
Computer Network Glossary − Port Number: Ports 100-149, http://compnetworking.about.com/od/tcpip/l/blports_gl100.htm
Which unsecure protocol do Web browsers use to access documents on the World Wide Web?
A) FTP
B) IP
C) HTTP
D) ARP
Explanation
Hypertext Transfer Protocol (HTTP) is the set of rules for exchanging files, such as text, graphic images, sound, video, and other
multimedia files, on the World Wide Web. HTTP is an application protocol that works at the Application layer of the OSI model. The
HTTP files can contain references to other files that will elicit additional transfer requests when they are selected.
A Web browser is an HTTP client that sends requests to server machines. The browser builds an HTTP request and sends it to the
Internet Protocol address indicated by the URL. The HTTP daemon in the destination server machine receives the request and,
after any necessary processing, it returns the requested file. HTTP is considered to be unsecure. If you need to protect an HTTP
session, consider using HTTPS. HTTPS is a secure form of HTTP that uses Secure Socket Layer (SSL) to encrypt the HTTP
messages.
Internet Protocol (IP) receives segments from the higher-level protocols and adds source and destination information to each
segment. A segment with the source and destination information attached is called a "datagram." Datagrams are then transmitted
across the network to the receiving hosts. IP works at the Network layer of the OSI model. It is not responsible for Web browser
communication.
lOMoARcPSD|18976918
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol (IP) address to a physical machine address that
is recognized on the local network. ARP works at the Network layer of the OSI model. It is not responsible for Web browser
communication.
File Transfer Protocol (FTP) is a standard Internet protocol used to exchange files between computers on the Internet. Like HTTP,
which transfers Web pages that can be displayed and related files, FTP is an application protocol that uses TCP/IP protocols. FTP
is commonly used to transfer Web page files from a server to others via the Internet. It is also commonly used to download
programs and other files to your computer from other servers. FTP works at the Application layer of the OSI model. It is not
responsible for Web browser communication
The following protocols are considered unsecure protocols:
TELNET
HTTP
SLIP
FTP
TFTP
SNMPv1 and SNMPv2
If you use any of these protocols, you should use a version that includes SSL or some other cryptography. For example, secure
shell (SSH) is a secure alternative to Telnet.
For the Network+ exam, you must understand the following vulnerabilities:
Unnecessary running services − Disable all unnecessary services on every device. Hackers will search for all used services
and attempt to employ known vulnerabilities for those services.
Open ports − Close all ports that are not used. Hackers can also use these open ports to break into your network.
Unpatched/legacy systems − Older systems provide an easy target to hackers, especially those with unsupported operating
systems or applications. For example, Windows XP is no longer supported by Microsoft. Service packs and updates are no
longer issued for this operating system. You should get rid of legacy systems that run software that is no longer supported by
the vendor or else you should find a way to isolate them from the rest of the network.
Unencrypted channels − Unencrypted channels are paths along which data can be intercepted. While it would adversely affect
the performance of the network to encrypt every single channel, you should encrypt every single channel through which
confidential or private data is sent.
Clear text credentials − Some protocols send credentials over the network in clear text. This allows an attacker to intercept the
communications to obtain the credential information. You should eliminate the use of any protocols that use clear text
credentials by replacing them with more secure protocols.
TEMPEST/RF emanation − Tempest studied the susceptibility of some devices to emit electromagnetic radiation (EMR) in a
manner that can be used to reconstruct intelligible data. Radio frequency information can be captured in a similar manner. You
should use shielding to protect against these vulnerabilities.
Objective:
Sub-Objective:
References:
lOMoARcPSD|18976918
HTTP − Hypertext Transfer Protocol, https://developer.mozilla.org/en-US/docs/Web/HTTP
Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)?
A) firewall
B) router
C) active hub
D) passive hub
Explanation
A firewall is used to create a demilitarized zone (DMZ). A DMZ is a zone located between a company's internal network and the
Internet that usually contains servers that the public will be accessing. The DMZ implementation provides an extra security
precaution to protect the resources on the company's internal network. Usually two firewalls are used to create a DMZ. One
firewall resides between the public network and DMZ, and another firewall resides between the DMZ and private network. All
publicly accessible servers should be placed on the DMZ, including servers that personnel must remotely access.
A router is used to create individual subnetworks on an Ethernet network. Routers operate at the Network layer of the OSI model.
While a firewall can also be a router, it is referred to as a firewall when it functions to create a DMZ. An active hub is used to
connect devices in a star topology.
An active hub has circuitry that allows signal regeneration.
A passive hub connects devices in a star topology, but it does not provide any signal regeneration.
A firewall is classified as a rule-based access control device. Rules are configured on the firewall to allow or deny packet passage
from one network to another. In most cases, the access control list (ACL) for a firewall will include an implicit deny rule at the end
that will deny all connections that do not meet the requirements of the other configured rules. An allow rule grants users access. A
block rule denies users access. An implicit deny rule should be placed after the allow and block rules.
Firewalls can also be configured with explicit deny rules; however, this is not recommended. With explicit deny, the firewall will only
block packages that have be outlined within the rules list. This creates a security risk as if a package that is malicious can trick
these rules it will be able to access the network. Thus, using an implicit deny to block any unknown or explicitly approved packages
is recommended. The configuration of the rules is one of the biggest concerns for a firewall, because the rules can be very
complex.
Misconfiguration can easily lead to security breaches. Filters are created according to the company's security policy. To provide
maximum file security, firewalls should not run the Network Information System (NIS) file system. Compilers should be deleted
from firewalls.
Objective:
Network Security
lOMoARcPSD|18976918
Sub-Objective:
Explain common security concepts.
References:
Demilitarized Zone, http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm
You have decided to implement frame tagging in a port-based switching network. What does this technique ensure?
A) that the VLANs are implemented based on protocol

B) that a single VLAN can be distributed across multiple switches
C) that the VLANs are implemented based on port
D) that the VLANs are implemented based on subnet
Explanation
Frame tagging in a port-based switching network will ensure that a single VLAN can be distributed across multiple switches.
Frame tagging in a port-based switching network does not ensure that the VLANS are implemented based on protocol. To do this,
you should implement protocol-based switches.
Frame tagging in a port-based switching network does not ensure that the VLANs are implemented based on subnet. To do this,
you should implement subnet-based switches.
Frame tagging in a port-based switching network does not ensure that the VLANS are implemented based on port. Port-based
switches do this without frame tagging.
Objective:
Sub-Objective:
Given a scenario, configure and deploy common Ethernet switching features.
References:
Frame Tagging Explained, https://geek-university.com/ccna/frame-tagging-explained/
You have been handed a document that details the steps to take to update the network drivers. Which type of change
management document do you have?
A) regulations
lOMoARcPSD|18976918
B) baselines
C) policies
D) procedures
Explanation
Procedures set forth the steps that must be taken to enforce the network owner's policies, including updating the network drivers.
Procedures tell how to achieve the desired results. Baselines are primarily used to identify performance issues. They are actually
performance statistics gathered for comparative purposes. By establishing a performance baseline, you can ensure that
performance issues are identified much easier in the future.
by the rule, and when the rule applies.
For the Network+ exam, you also need to understand the following standard business documents:
Service level agreement (SLA) − defines the minimum level of service that will be provided. An SLA is often implemented
between an Internet service provider (ISP) and the company obtaining services from the ISP.
Memorandum of Understanding (MOU) − defines the roles and parameters of an agreement between two parties. It is often
not a legally binding document. Some companies will use MOUs to define services within the organization, such as the
services that will be provided by the IT department.
Master Service Agreement (MSA) − specifies payment terms, product warranties, intellectual property ownership, dispute
resolution, and other aspects between two parties. It will be used to govern all future statements of work (SOWs) between the
two parties.
Statement of work (SOW) − defines the activities, deliverables, and timeline that a vendor must provide for the specified work
for a client. For example, an SOW would be used if a company contracts with a third party to improve the availability of the
customer's services and applications, enabling the customer to minimize downtime to a few hours per quarter.
Disaster Recovery Plan (DRP) – A document that sets for the policies, tool, and procedures designed to enable the recovery or
continuation of vital infrastructure and systems following a natural or man-made disaster. The plan focuses on restoring the IT
systems that are needed to support critical business functions. DRPs are often seen as subsets of business continuity plans.
Business Continuity Plan (BCP) – A plan that is designed to ensure that the business can produce their products or continue
their work at acceptable levels following a disruptive incident. Unlike a DRP, a BCP targets incidents such as the loss of a key
member of an organization or how the organization responds in the event of a device falling or something that would causes a
similar network disruption.
Objective:
Network Operations
Sub-Objective:
References:
lOMoARcPSD|18976918
The Key Difference Between a Policy, Process, & Procedure (and Why it Matters For Your Business!),
https://www.sweetprocess.com/what-are-the-differences-between-a-policy-a-process-and-a-procedure-why-knowing-this-is-the-
key-to-scaling-and-automating-your-business/
Which technology is widely used in home automation, such as smart lights, locks, and thermostats?
A) Bluetooth
B) NFC
C) Z-Wave
D) Ant+
Explanation
Z-Wave is a wireless technology that is widely used in home automation, such as smart lights, locks, and thermostats. It creates a
wireless mesh network with a primary controller. Each device communicates with its nearest neighbor, much like routers
communicate with each other.
All of the other options facilitate the Internet of Things (IoT). However, Z-Wave is most commonly used in home automation
devices.
Ant+ is a multicast wireless technology that works with wearable devices, such as heart rate monitors and pedometers. The
sensors in those devices report information to a Garmin device.
Bluetooth networks are formed by pairing devices that are in close proximity. Bluetooth devices need to be within 10 meters of
each other. While it is a great technology for implementing personal area networks (PANs), it does not provide adequate distance
for full home automation.
Near Field Communication (NFC) allows communication between two devices that are very close to each, usually less than 2
inches. Security key fobs, patient ID bracelets, and touch-free smartphone payment systems are all applications of NFC.
Two other communication technologies are IR and RFID. InfraRed (IR) networks work on line-of-site and are often used in
television remote controls, physical intrusion detectors, and motion-detecting systems. Infrared is not used to control smart lights,
locks, and thermostats.
Radio frequency Identification (RFID) attaches a chip to a device and uses radio waves to track the location of the chip (and
consequently the device). Common applications are chips embedded into runners' bibs that allow for tracking during marathon
races, movement of products through a warehouse, and access control badges.
The IoT is comprised of smart devices, which is physical objects (like appliances, cars, doorbells, cameras, or thermostats) with
the ability to sense input, process it, and exchange data with other devices and systems over the Internet or short-range networks
like Z-Wave. The increased prevalence of smart devices brings increased network security concerns. As many of these smart
devices are not designed with security in mind, they often create vulnerabilities as they are introduced into a network. Managing
who can access these devices and change their configurations is critical to securing your networks. Additionally, routinely
lOMoARcPSD|18976918
monitoring these device logs can also provide useful information about potential misconfigurations as well as provide indicators of
a potential attack.
Objective:
Sub-Objective:
Explain the characteristics of network topologies and network types.
References:
What is Z-Wave?, https://www.smarthome.com/sc-what-is-zwave-home-automation
You need to collect management information on the routers and switches used on your company's network. You decide to use
SNMP. What is the name of the software component that runs on a managed device when you deploy this technology?
A) MIB
B) NMS
C) SNMP manager
D) SNMP agent
Explanation
The SNMP agent runs on a managed device, such as a router or switch. This agent collects management information. Network
management systems based upon SNMP contain two primary elements: a manager and agents. The manager is the console
through which a network administrator performs network management functions. Agents are the entities that interface to the actual
devices being managed. You would use an SNMP agent to monitor remote traffic through an access point. SNMP can monitor
almost any type of network device, such as hubs, servers, interface cards, repeaters, and bridges. Threshold alarms can be set for
all the parameters that the agent can monitor.
The management information is stored in the Management Information Base (MIB) on the agent or managed device. The
information in the MIB is then forwarded to the SNMP manager, where the network management application resides. The SNMP
manager is also referred to as the Network Management Server (NMS).
Managed devices will run the Simple Network Management Protocol (SNMP) agent. Unmanaged devices are not configured to run
this software. By using SNMP to manage devices, you can simplify administrative effort using a single management console
located at the SNMP manager. Often SNMP data is used to perform device diagnostics.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use the appropriate statistics and sensors to ensure network availability.
lOMoARcPSD|18976918
References:
SNMP Components, http://docs.oracle.com/cd/E11036_01/alsb30/operations/snmpcomponents.html
A user in the Engineering department is unable to log on to the network. The network has eight subnets and uses TCP/IP. There
have been no other complaints from other departments. Which steps should help you isolate the cause of the problem? (Choose
2)
A) Establish whether other local-segment users are having the same problem.
B) Replace all the patch cables.
C) Configure a WINS server.
D) Ping the server.
Explanation
When troubleshooting a problem, you should try the obvious or quick fixes first. This is especially true when you are attempting to
correct a problem remotely with a non-technical and often impatient end user.
A logical first place to start troubleshooting would be to determine if the condition is network-wide or workstation-specific. You
should have other similar users attempt to perform the same actions. If they are able to do so, the problem is a local condition.
Next, you should ping the server from the user's computer.
A WINS server is only needed when you are using NetBIOS names for resolution. The patch cables should only be replaced if
more than one computer is experiencing the problem and only after determining that the cables are the problem.
Objective:
Sub-Objective:
Explain the network troubleshooting methodology.
References:
Chapter 13: Network Troubleshooting, https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/bts/7-

0/troubleshooting/guide/tg70/13tg01.pdf
You need to check for open circuits and short circuits on your network. Which tool should you use?
A) toner probe
B) protocol analyzer
lOMoARcPSD|18976918
C) butt set
D) cable tester
Explanation
A cable tester will check for open circuits and short circuits on your network. A cable tester typically includes an electric current
source, a volt meter, and an interface for connecting to the cable. An open circuit occurs when a needed connection is missing. A
short circuit occurs when an unidentified connection exists. A cable tester could be used if access to resources has slowed
considerably. It also tests the proper grounding of cabling.
A butt set is used to test telephone lines. It would be useful if you need to determine where a telephone line is plugged into a
punch block.
A toner probe is used to identify a single cable on the network. It would be useful if you need to determine where a network cable
is plugged into a punch block. It is the best tool to use to locate a bad Cat5 cable.
A protocol analyzer is software that enables you to view information about the network communications protocols that are used on
a network. Protocol analyzers can see this information by intercepting data packets as they move in and out of the network.
For the Network+ exam, you must also be familiar with the following troubleshooting tools:
Speed test sites − These sites are used to determine the speed of your Internet connection. They are a great method to help
you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please
see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm.
Looking glass sites − These sites view routing information from a server's perspective using Border Gateway Protocol (BGP)
routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses.
Wi-Fi analyzer − These tools are used to analyze the signal strength of your wireless access points. For a list of possible
FREE Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-
devices/
Objective:
Sub-Objective:
Given a scenario, troubleshoot common cable connectivity issues and select the appropriate tools.
References:
Cable tester, https://www.computerhope.com/jargon/c/cabletest.htm
Your company uses a single global IP address that maps to the company's local IP addresses. When requests are sent from the
internal network to destinations outside the company, those requests are mapped from the IP address of the local host that made
the request to the global IP address.
Which term describes this process?
lOMoARcPSD|18976918
A) Network File System (NFS)
B) Network Access Server (NAS)
C) Network Address Translation (NAT)
D) Network Access Point (NAP)
Explanation
NAT is a service that translates one or more global IP addresses to local IP addresses. This mapping is done through the NAT
router. For example, if a request is sent from the internal network to a destination outside the company, that request will be
mapped to the global IP address and then sent outside the company's network. To the outside world, only the global IP address is
known. NAT increases the security of a network because it hides the IP addresses of internal hosts from the Internet or other
public network.
NFS is an application that allows a network client to access and manipulate a file on another network client remotely.
NAP is one of the main connection points of the Internet's backbone.
NAS is a server used by an Internet Service Provider (ISP) to connect its clients to the Internet.
For the Network+ exam, you also need to understand Destination NAT (DNAT) and Static NAT (SNAT). DNAT transparently
changes the destination IP address of an end route packet and performs the inverse function for any replies. SNAT is a
counterpoint to DNAT.
Port forwarding or port mapping, an application of NAT, redirects a request from one address and port number combination to
another while the packets are traversing a network gateway, such as a router or firewall. Port forwarding allows remote computers
to connect to a specific computer or service within a private network. When using port forwarding, the UDP protocol can be used to
transmit data packets between networks and devices. UDP forwarding allows network administrators to use one IP address for all
external commications on the internet.
Objective:
Sub-Objective:
References:
Network Address Translation, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214107,00.html
You need to implement a wireless network for a client. You have two 802.11a, two 802.11b, and two 802.11g wireless access
points.
You need to implement three wireless networks that can communicate with each other. Which wireless access points should you
use?
lOMoARcPSD|18976918
A) the 802.11b and 802.11g wireless access points
B) the 802.11a and 802.11b wireless access points
C) the 802.11a and 802.11g wireless access points
D) You can use all of them together.
Explanation
You should use the 802.11b and 802.11g wireless access points. These two standards operate at the 2.4 GHz frequency and can
be used interchangeably. If you deploy all of these access points, you will need to ensure that each of them uses a different
channel to prevent interference between them.
You cannot use 802.11a wireless access points with 802.11b or 802.11g wireless access points. 802.11a wireless access points
operate at the 5 GHz frequency. Therefore, a solution that includes 802.11a will only provide two wireless access points.
The maximum data rate is often referred to as maximum bandwidth. Channel bandwidth is the amount of bandwidth within a single
channel used by the frequency.
802.11a has a maximum bandwidth of 54 Mbps, with each channel being between 20-80 MHz.
802.11b has a maximum bandwidth of 11 Mbps, with each channel being 22 MHz.
802.11g has a maximum bandwidth of 54 Mbps, with each channel being 20 MHz.
802.11n has a maximum bandwidth of 600 Mbps, with each channel being 20-40 MHz.
802.11ac has a maximum bandwidth of 900 Mbps, with each channel being between 20-80 MHz.
802.11a has a maximum bandwidth of 54 Mbps, with each channel being between 20-80 MHz.
802.11b has a maximum bandwidth of 11 Mbps, with each channel being 22 MHz.
802.11g has a maximum bandwidth of 54 Mbps, with each channel being 20 MHz.
802.11n has a maximum bandwidth of 600 Mbps, with each channel being 20-40 MHz.
802.11ac has a maximum bandwidth of 900 Mbps, with each channel being between 20-80 MHz.
Objective:
Sub-Objective:
Given a scenario, install and configure the appropriate wireless standards and technologies.
References:
Comparison of IEEE 802.11a, IEEE 802.11b and IEEE 802.11g, http://www.codeproject.com/Articles/13253/Comparison-of-IEEE-

a-IEEE-b-and-IEEE
Your company implements a honeypot as intrusion prevention. Management is concerned that this honeypot would be considered
entrapment and has asked you to ensure that entrapment does not occur. Which situation should you prevent?
A) open services on a honeypot
lOMoARcPSD|18976918
B) downloads on a honeypot
C) Web browsing on a honeypot
D) open ports on a honeypot
Explanation
You should prevent downloads on a honeypot. Allowing downloads on a honeypot is a possible example of entrapment if it is used
to make formal trespassing charges. Entrapment occurs when a hacker is tricked into performing an illegal activity. Entrapment is
illegal.
Opening port and services and allowing Web browsing on a honeypot are not examples of entrapments. They are enticements.
Enticement allows the administrator to monitor activity to increase security and perhaps trace the attack. Enticement is legal. A
honeynet is a group of honeypots that work together.
Objective:
Network Security
Sub-Objective:
References:
Honeypot (computing), https://en.wikipedia.org/wiki/Honeypot_(computing)
Which one of the following mitigation techniques reduces the attack profile of a device or network?
A) Honeypot
B) File integrity monitoring
C) Penetration testing
D) Role separation
Explanation
Role separation involves dividing server duties amongst two or more servers to reduce an attack profile. For example, if a server
running the Active Directory, DNS, and DHCP roles went down, all those services would be unavailable. If, on the other hand,
Server A hosted Active Directory, Server B hosted DNS, and Server C hosted DHCP, an attack that brought Server B down would
not affect the other services. Because fewer services are hosted on a single device or network, there are fewer services to attack.
Attack profiles are also referred to as attack surfaces. Other ways to reduce the attack surface include disabling scripting types,
closing unneeded ports, and turning off unneeded virtual servers.
Penetration testing is using hacking methodologies and tools to test the security of a client’s network on behalf of the client.
Penetration testing can also be provided by in-house experts. Penetration testing does not affect an attack profile.
lOMoARcPSD|18976918
File integrity monitoring helps to identify unauthorized changes to files. The monitoring process looks at such events as if or when
a file was changed, who made the change, the nature of the change and what can be done to restore the file to the pre-change
state. File integrity monitoring does not affect an attack profile.
Honeypots and honeynets are closely related concepts. A honeypot is a file or object on a network designed to lure in a hacker,
often to divert attention from other resources. An example would be a directory called “Passwords” containing useless passwords.
The hacker would spend a lot of time on unsuccessful login attempts. A honeynet is a network of honeypots. Honeypots and
honeynets increase the attack surface by providing false targets for an attacker.
Objective:
Network Security
Sub-Objective:
References:
Using Role Separation, https://www.ibm.com/docs/en/informix-servers/14.10?topic=separation-using-role
Which of the following can use RFID to identify the location of the object?
A) Asset tags
B) Key fobs
C) Biometrics
D) Locks
Explanation
Asset tags, also referred to as asset tracking tags, can be labels with barcodes or QR codes, or can include radio frequency
identification (RFID) chips that provide electronic tracking. Asset tracking tags are used to assign a number to particular piece of
equipment (an asset) and use that number to monitor where the asset is. They can be used in conjunction with geolocation and
geofencing.
A key fob can assist with implementing authentication by using something you have. Credentials are embedded in the key fob.
When the key fob is placed next to a sensor, access is either granted or denied based on the credentials. Other items similar in
function to a key fob are smart cards and USB dongles.
Biometrics is used in authentication by using something you are. Fingerprints, iris and retina scans, and even voice prints can be
used to authenticate your identity.
Locks are often the simplest form of physical security. However, because locks are so simple, they are often overlooked as a
security solution. Many companies fail to secure their facility by having adequate locks. Locks do not include RFID chips.
lOMoARcPSD|18976918
Objective:
Network Security
Sub-Objective:
References:
RFID Tags, https://www.hidglobal.com/products/rfid-tags
You have decided to implement 802.1q. What does this standard do?
A) It implements MAC filtering.

B) It implements STP.
C) It forwards traffic based on priorities.
D) It implements VLAN trunking.
Explanation
If you implement 802.1q, you are implementing VLAN trunking. It allows traffic from all VLAN to cross a single cable between two
switches. If 802.1q were not implemented, each separate VLAN would require its own port connection.
Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two
ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the
communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you
should configure a trunk on a switch port for both switches, including the new switch in the room and the switch to which the new
switch connects.
The 802.1d standard implements Spanning Tree Protocol (STP), which prevents looping.
MAC filtering allows traffic to be permitted or denied based on the device's MAC address. MAC filtering is just one type of traffic
filtering that you can configure on devices. You can also configure traffic filtering based on other criteria, such as device name or
port used.
Quality of Service (QoS) forwards traffic based on pre-configured priorities.
Objective:
Sub-Objective:
References:
IEEE 802.1q, http://en.wikipedia.org/wiki/IEEE_802.1Q
lOMoARcPSD|18976918
You need to perform some administrative maintenance on a Cisco router. You decide to connect your notebook computer to the
console port on the router. Which type of cable should you use?
A) crossover cable
B) rollover cable
C) straight-through cable
D) patch cable
Explanation
You should use a rollover cable (also called a console cable) to connect to the console port on any Cisco device. The pin
configuration for a rollover cable is easy to remember because of the cable’s name. The cable pin configuration is "rolled over" so
that pin 1 on end 1 matches pin 8 on end 2, pin 2 on end 1 matches pin 7 on end 2, and so on, until a complete reversal is made.
In other words, the wires are in reverse order on opposite ends.
A crossover cable connects two legacy or non-MDIX compliant devices, such as two computers, two hubs, or two switches.
A patch cable and a straight-through cable are the same thing. This is the standard cable used to connect networking devices.
Objective:
Sub-Objective:
References:
How to Identify an RJ-45 Rollover Cable,

http://www.cisco.com/en/US/docs/cable/cmts/ubr10012/installation/guide/u10kcbl.html#wp1006093
Which protocol is NOT capable of preventing a man-in-the-middle attack?
A) rsh
B) HTTPS
C) IPSec
D) SSH
Explanation
lOMoARcPSD|18976918
The remote shell (rsh) protocol is used to log on to remote computers and can be easily exploited by a man-in-the middle (MITM)
attack because it neither provides encryption nor authentication of data. In a MITM attack, an intruder captures the traffic of an
established connection to intercept the messages being exchanged between the sender and the receiver. The rsh protocol does
not provide security because the traffic flows in clear text and not ciphertext. You can defend against a MITM attack by using
strong encryption.
Secure shell (SSH) provides security by authenticating before the exchange of secret keys. SSH is also known as encrypted telnet
because it provides encryption of traffic exchanged between the sender and the receiver. Because encryption is used, SSH can
prevent MITM attacks better than rsh can.
HTTP Secure (HTTPS) is based on the secure socket layer (SSL) protocol. SSL is a two-layered protocol that contains the SSL
Record Protocol and the SSL Handshake Protocol. SSL handshake provides an authentication mechanism before the exchange of
credentials and prevents attacks, such as man-in-the-middle attacks, and uses certificates to validate the identities of both parties.
HTTPS is used for online transactions.
Internet Protocol Security (IPSec) is a security framework established to secure communication over insecure networks, such as
the Internet. IPSec deploys an Internet key exchange (IKE) for key exchange and management. IKE manages the first phase of
the key negotiation agreement and the secure exchange of keys as a part of the IPSec framework. IPSec prevents man-in-the-
middle attacks through encryption and authentication.
Objective:
Network Security
Sub-Objective:
Compare and contrast common types of attacks.
References:
What is a Man-in-the-Middle Attack and How Can You Prevent It?, https://www.globalsign.com/en/blog/what-is-a-man-in-the-
middle-attack/
Which open standard creates a redundancy group to share an IP address?
A) HSRP
B) CARP
C) LACP
D) NAT
Explanation
Common Address Redundancy Protocol (CARP) is an open standard that creates a redundancy group to share an IP address.
Hot Standby Router Protocol (HSRP) is a Cisco standard similar to CARP.
lOMoARcPSD|18976918
Link Aggregation Control Protocol (LACP) is a standard that assigns multiple physical links to a logical interface.
Network Address Translation (NAT) is a standard that translates private IP addresses into public IP addresses. It allows multiple
private address devices to share a single public address.
Another important element that you will need to understand for the Network+ exam is RFC 1918. RFC 1918 was used to create the
standards for assigning IP address within a private network to various pieces of networking equipment. It facilitated the expansion
of usable IP addresses under IPv4 to prevent the exhaustion of public addresses available.
Objective:
Sub-Objective:
References:
Common Address Redundancy Protocol, https://www.techopedia.com/definition/25696/common-address-redundancy-protocol-

carp
You have been given a drawing that shows the flow of communication in your network, with symbols to indicate each piece of
equipment’s function. Which configuration management documentation have you been given?
A) physical network diagram

B) wiring schematic
C) logical network diagram
D) network baseline
Explanation
You have been given a wiring schematic. Schematics include the flow of network communication and symbols to indicate
equipment function. They use horizontal and vertical lines to show how the system flow functions, not the physical layout of the
devices in the network.
lOMoARcPSD|18976918
A wiring diagram emphasizes network connections and uses horizontal and vertical lines to represent network wires. Components
are represented by pictures instead of symbols.
A logical network diagram represents how the data will logically be transported through the network. It does not usually show the
actual interfaces and physical wires. It does include routing tables.
A physical network diagram represents the physical location of the network devices and how they are connected.
A network baseline is not really a type of diagram. It is actually performance statistics gathered for comparative purposes. By
establishing a network performance baseline, you can ensure that performance issues can be identified much more easily in the
future.
The naming conventions used in schematics and diagrams should allow quick identification of different components and devices.
Make sure to establish a standardized naming convention across your network.
Objective:
Network Operations
Sub-Objective:
References:
Types of Electrical Diagrams or Schematics, http://www.tpub.com/content/doe/h1016v1/css/h1016v1_105.htm
A user is experiencing network connectivity issues after a faulty NIC was replaced. You want the user to have excellent throughput,
so you configure the NIC for full-duplex (auto configuration off). The corresponding switch port is configured as auto-config, so you
lOMoARcPSD|18976918
should be OK, but the throughput is lower than expected. What is the issue?
A) TX/RX reverse
B) Duplex/speed mismatch
C) Bottlenecks
D) Incorrect pin-out
Explanation
When you manually set a device to full-duplex (auto-config off), the device will assume it should use half-duplex transmission.
Duplex/speed mismatch is a misconfiguration of an NIC, switch port, or router port. Duplex refers to whether the traffic is talk
only/listen only or bidirectional traffic, like a phone call. Speed relates to the data transfer rate, such as 100mbs or 1000mbs. If one
port is configured at half duplex and the other port is configured at full duplex, the user will notice a severe drop in performance,
because the network will operate at the slower half duplex speed.
Incorrect pin-out can be an issue if the wires in the UTP/STP cable are not laid out in accordance to the 568A or 568B standards.
Also, if the RJ-45 jack was not crimped properly or if one of the ends of the individual wires did not seat properly, you could have
an improper pinout. Communication will fail entirely if this occurs.
Bottlenecks occur where there is speed degradation in network traffic, like a traffic jam. The bottleneck can occur due to equipment
failure, an increase in network traffic, or a misconfiguration. TX/RX reverse can occur when patch cables are created, and the
transmit (Tx) and receive (Rx) pairs are criss-crossed or mismatched. Even though STP and UTP cables have four pairs of wires,
100Base-TX only uses two pairs, with one pair used for data transmission (Tx) and the other pair used for data reception (Rx). If
the pairs are not aligned properly on both RJ-45 jacks, you can get a TX/RX reverse.
Objective:
Sub-Objective:
References:
Network Enemy #1: Duplex Mismatch, https://www.pathsolutions.com/network-enemy-1-duplex-mismatch/
The owner of a coffee shop wants you to install a wireless network for employees and customers to increase the shop's business.
He is not tech-savvy, and cannot understand why you want to change a WEP setting, even though you tell him it is not secure
enough. What feature of WEP can you explain in lay terms that will help him understand?
A) Preshared key
B) WPA2
C) Authentication and authorization
lOMoARcPSD|18976918
D) Shared or open authentication
Explanation
Shared authentication and open authentication were the two insecure methods of authentication under WEP. Under Shared Key
Authentication (SKA), all of the clients used the same key, making the key very vulnerable to being cracked. This would be like
giving every customer the keys to your business and once inside, they can do anything they want.
Authentication for wireless can be configured to OSA or open system authentication (no authentication), shared key authentication
(SKA), pre-shared key (PSK), or 802.1x/EAP. An open wireless network does not require any form of authentication key, which is
like leaving the front door open.
In a wireless network, a preshared key (PSK) is an encryption method used with WPA Personal or WPA2 personal. PSK is
appropriate for Small Office Home Office networks. A user will request access to the wireless network, supply a passphrase, which
is then used with the Service Set Identifier (SSID) to generate a unique encryption key.
Wi-Fi Protected Access version 2 (WPA2) is the successor to WPA, which was the successor to WEP. WPA2-Personal uses a
preshared key (PSK), while WPA2-Enterprise uses Extensible Authentication Protocol (EAP).
Authentication and authorization are two of the three security principles in Authentication, Authorization, and Accounting (AAA).
Authentication is validating that a user is who they say they are. This is, in essence, an identity check. Validation is often
accomplished with the user supplying a user name and a password, but there are other methods available, such as biometrics.
Once authenticated, the next step is determining to which network resources should be granted to the user. This process is called
authorization.
Accountability or accounting is holding personnel accountable for their actions. Accounting is accomplished by comparing the audit
logs with the authorization settings and the security policy in order to determine compliance or violation. These audit logs are
designed to keep a chronological and security-relevant collection of various records that revolve around a specific operation,
device, or event. Teams should consistently and thoroughly review these logs to ensure compliance and to monitor for suspicious
behaviors.
For the Network+ exam, you will also need to understand the importance of traffic logs. Traffic logs record information about the
datasets that are traveling within, into, and out of a network. These logs will detail when data packages are being sent, who is
sending them, and other relevant information, such as through any given port. These logs can be very useful in log reviews to
determine if there is an suspicious behavior taking place, help make a more secure network by identifying open ports, or give
indication that an attack may be imminent.
Objective:
Sub-Objective:
References:
WEP Open Key Vs WEP Shared Key, http://wirelessnetworkssecurity.blogspot.com/2013/01/wep-open-key-vs-wep-shared-

key.html
lOMoARcPSD|18976918
You administer computers on an Ethernet 100Base-TX network, which uses the TCP/IP network communications protocol. The
network uses an unsubnetted Class A IP address range. A computer on the network named Admin1 has the IP address
12.10.100.3, and a computer on the network named Marketing1 is configured with the IP address 12.10.100.4. Both computers are
configured with the subnet mask 255.0.0.0 and the default gateway address 12.10.100.5. The network is connected to the Internet.
RemoteWkst is a computer on a remote network that is connected to the Internet. Normally, Marketing1 and Admin1 can connect
to RemoteWkst.
You recently discovered that Marketing1 can connect to Admin1 and Admin1 can connect to Marketing1, but neither of these
computers can connect to RemoteWkst. You suspect that there is a problem with one of the routers between RemoteWkst and the
network you administer.
Which TCP/IP utility should you use to troubleshoot this connectivity problem?
A) the tracert utility

B) the arp utility
C) the nslookup utility
D) the ipconfig utility
Explanation
To test the routers between your network and RemoteWkst, you should use the tracert utility. To use the tracert utility, you should
type the tracert command at a command prompt and either an IP address or a Domain Name System (DNS) name variable after
the command, as in the following example: tracert dnsname or tracert ipaddress. The tracert utility will then display the IP
address and DNS name of every node that a data packet passes through on its way to the remote computer. The tracert command
will also display the time required for a data packet to travel through each node, and an error message if a router on the path is
experiencing problems. In this scenario, the tracert command will display an error message if a router is experiencing a problem
between either Admin1 or Marketing1 and RemoteWkst. If you receive a Request Timed Out message from tracert when you trace
the route to external resources, it is possible that the firewall is blocking echo reply in and echo request out messages. You would
need to reconfigure the firewall to allow these messages. The traceroute command is the Linux equivalent of the tracert command.
The Address Resolution Protocol (ARP) is used in TCP/IP to resolve media access control (MAC) addresses to IP addresses. MAC
addresses are configured on each NIC on an Ethernet network so that the nodes can be identified on the network. ARP enables
the MAC addressing that Ethernet requires to interoperate with the IP addressing that TCP/IP requires. You can use the arp utility
to view and manage the ARP cache on a computer. The ARP cache contains the IP address-to-MAC address resolutions on a
computer. To use the arp utility, you can issue the arp command with various switches at a command prompt. An example of the
output of the arp -a command is shown in the following exhibit:
lOMoARcPSD|18976918
You can use the ipconfig utility to view IP configurations, such as IP address, subnet mask and default gateway. You can also use
the ipconfig utility to release and renew DHCP leases. You can issue the ipconfig command with various switches at a command
prompt. The ipconfig utility will show that Admin1 and Marketing1 are configured with valid IP addresses on the network and a valid
subnet mask. The ifconfig command is the Linux equivalent of the ipconfig command.
You can use the nslookup utility to troubleshoot problems with DNS on computers that support the utility, such as Windows Server
computers. You can issue the nslookup command with various switches and variables, shown in the following exhibit:
For example, suppose you can connect to a remote computer by using the remote computer's IP address, but you cannot connect
to the same remote computer by using its host name. In this situation, you can use the nslookup utility to troubleshoot the DNS
name resolution problem. The dig utility is the UNIX equivalent to the nslookup utility. Both these tools can be used to resolve the
FQDN of a Web server.
For the Network+ exam, you also need to understand the show mac address-table command that is used to display information
about the MAC address table on a Cisco device. The parameters that can be used with this command are as follows:
You will only be able to run this command on a Cisco device.
Objective:
lOMoARcPSD|18976918
Sub-Objective:
Given a scenario, use the appropriate network software tools and commands.
References:
The Tracert Command, https://www.dummies.com/programming/networking/network-administration-the-tracert-command/
You notice that the new cabling that was purchased is rated as "plenum." Which statement is true about the cable?
A) It is rated for speeds of 1000 Mbps.

B) It is less fire-resistant than a riser cable.
C) It cannot be tapped without detection.
D) It will not produce toxic gas when it burns.
Explanation
A plenum-rated cable will not produce toxic gas when it burns; therefore, it can be used in plenum areas, such as ventilation ducts
and other areas that carry breathable air. When deciding whether or not to use plenum-rated cables, you should consider the
ceiling airflow condition. Workstation models, window placement, or floor composition will not affect the decision on whether to use
plenum cabling.
The coating of non-plenum cables produces toxic gas when it burns. Most fire codes require plenum-rated cable in any area that
carries breathable air.
Plenum cable is more fire-resistant than riser-rated cable, not less. Both plenum and riser-rated cables are more fire-resistant than
general purpose cables, but the fire code requirements are the most stringent for plenum cables.
Unlike plenum-rated cables, riser-rated cables are suited to go into non-plenum spaces and between the floors of buildings.
Usually, riser cables are installed in between the walls of buildings as well as areas that do not pose danger in the event of a fire.
Riser cables are typically installed in vertical runs to form the telecommunications backbone of a commercial building’s network.
Objective:
Sub-Objective:
References:
Plenum cable, http://www.tech-faq.com/plenum-cable.shtml
lOMoARcPSD|18976918
Your network uses a single switch that divides your network into three virtual LANs (VLANs). The devices in each VLAN are
connected to a single port on the switch.
You plan to implement a second switch on your network. You need to ensure that the VLANs that were originally implemented are
spread across both switches. What should you do?
A) Create a protocol-based VLAN on both switches.

B) Create a subnet-based VLAN on both switches.
C) Create a port-based VLAN on both switches.
D) Implement frame tagging on both switches.
Explanation
You need to implement frame tagging on both switches to ensure that the VLANs that were originally implemented are spread
across both switches. Tagging is a technique that adds a small header to the frame as it is passed between devices in order to
maintain the original VLAN broadcast domain. In normal Ethernet, there is no tagging. Tagging is implemented only when trunking
VLANs between devices is involved. If you only have one switch, an untagged VLAN is just fine. If you have two or more switches
and you want all of the VLANs to talk with each other, they will all need the same tag.
You should not create a port-based, protocol-based, or subnet-based VLAN on both switches. The original switch is already
configured to use port-based switching. Port-based switching alone will not ensure that the VLANs that were originally
implemented are spread across both switches. Neither will protocol-based or subnet-based switching.
Objective:
Sub-Objective:
References:
VLAN Tagging: Understanding VLANs Ethernet Frames, http://www.firewall.cx/networking-topics/vlan-networks/219-vlan-

tagging.html
A company has an 802.11b wireless network deployed to allow mobile devices to connect to the network. Which frequency band is
used in this network?
A) 2.9 GHz
B) 5 GHz
C) 900 MHz
D) 2.4 GHz
lOMoARcPSD|18976918
Explanation
802.11b wireless local area networks (WLANs) use the 2.4-GHz frequency band. 802.11g WLANs also use this frequency band.
802.11b WLANs use 2.4-GHz frequency band with Direct Sequence Spread Spectrum (DSSS). DSSS supports a maximum data
rate of 11 Mbps.
802.11a WLANs use 5-GHz frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports maximum
data rate of 54 Mbps.
802.11n WLANs can operate in both the 2.4-GHz frequency band and the 5-GHz frequency band. It will allow you to use both
802.11a and 802.11g devices. It will also support legacy devices. In 802.11n networks, you can modify the spectrum that is used.
An 802.11a device that connects to an 802.11n network will use an 802.11a-ht connection type. An 802.11g device that connects to
an 802.11n network will use an 802.11g-ht connection type.
While wireless networks allow computers to connect to your network using a wireless connection, they also allow cell phones,
laptops, tablets, gaming devices, media devices, and other mobile devices to connect to a network.
Objective:
Sub-Objective:
References:
Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=2
What is the main purpose of a VPN concentrator?
A) to provide dynamic IP addresses
B) to manage Internet requests and cache Web content
C) to terminate the VPN tunnels
D) to resolve host names and IP addresses
Explanation
The main purpose of a VPN concentrator is to terminate the VPN tunnels.
The main purpose of a DNS server is to resolve host names and IP addresses.
The main purpose of a DHCP server is to provide dynamic IP addresses.
The main purpose of a proxy server is to manage Internet requests and cache Web content.
lOMoARcPSD|18976918
For the Network+ exam, you will also need to understand the difference between a split tunnel and a full tunnel. A spilt tunnel
divides internet traffic and sends some it through an encrypted VPN tunnel and routes the other data through a different tunnel
separately on an open network. The purpose of a split tunnel is to allow a user to chose which applications will be secured and
which can connect normally. A full tunnel differs in that all information is sent through an encrypted tunnel while utilizing the VPN.
While this is a less risky option, it is also more costly.
Objective:
Network Security
Sub-Objective:
Compare and contrast remote access methods and security implications.
References:
What is a VPN Concentrator?, https://nordvpn.com/blog/vpn-concentrator/
You are the network administrator for a healthcare organization. Recently several federal and state government laws have been
enacted which will affect network operations. Which change management documentation should record this information?
A) regulations
B) baselines
C) policies
D) procedures
Explanation
Baselines are primarily used to identify performance issues. They are actually performance statistics used for comparative
purposes. By establishing a performance baseline, you can ensure that performance issues are identified much easier in the
future.
by the rule, and when the rule applies. Procedures set forth the steps that must be taken to enforce the policies, including updating
the network drivers. Procedures tell how to achieve the desired results.
Standards are reference models to make sure products of different vendors can work together in a network. Change management
documentation is very important. When anything on your network changes, you need to properly document this change. This
change includes wiring changes, hardware changes, software changes, and so on. If change documentation is overlooked,
network technicians and administrators may make the wrong assumptions about the network.
lOMoARcPSD|18976918
Objective:
Network Operations
Sub-Objective:
References:
Regulation, http://en.wikipedia.org/wiki/Regulation
You are documenting the network layout for your company. You have discovered a firewall that has two network interfaces. Which
firewall architecture have you discovered?
A) dual-homed firewall
B) screened host
C) bastion host
D) screened subnet
Explanation
A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other
interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that
network segregation occurs.
A bastion host is a computer that resides on a network that is locked down to provide maximum security. These types of hosts
reside on the front line in a company's network security systems. The security configuration for this entity is important because it is
exposed to un-trusted entities. Any server that resides in a demilitarized zone (DMZ) should be configured as a bastion host. A
bastion host has firewall software installed, but can also provide other services.
A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The
router acts as a screening device, and the firewall is the screen host.
A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides
between the public network and DMZ, and the other resides between the DMZ and private network.
Objective:
Sub-Objective:
References:
Firewall Topologies, http://www.firewall.cx/firewall_topologies.php
lOMoARcPSD|18976918
An employee shows you a Web site that publishes the SSIDs and passwords for private wireless networks in your area. The
information on your company's wireless network is included. Of which type of attack is this an example?
A) WPA cracking
B) WEP cracking
C) war chalking
D) evil twin
Explanation
This scenario is an example of war chalking. War chalking originally occurred when hackers wrote SSID and security information
on the side of buildings. This attack has steadily evolved to the point where hackers are now publishing this information on Web
sites.
WEP cracking is the process of cracking WEP security. WPA cracking is the process of cracking WPA security.
War driving is also a wireless attack. However, with war driving, attackers drive around and attempt to discover wireless networks
that are transmitting.
An evil twin attack occurs when a wireless access point that is not under your control is used to perform a hijacking attack. An evil
twin is a type of rogue access points. You should periodically perform a site survey to discover rogue access points. Rogue access
points can be connected to either the wired or wireless network.
Objective:
Network Security
Sub-Objective:
References:
Warchalking, https://www.techopedia.com/definition/4161/warchalking
Which of the following technologies implements packet tagging in a LAN?
A) QoS
B) Traffic shaping
C) Diffserv
D) CoS
Explanation
lOMoARcPSD|18976918
Class of Service (CoS) implements packet tagging in a local area network (LAN). It tags the different types of traffic, such as video
streaming or VoIP. The tag is a value between 0 and 8, with 0 being the highest priority.
Quality of Service (QoS) uses the CoS tag to determine which traffic gets priority, but QoS does not implement the tags. QoS is a
Layer 3 technology that allows the network to provide increased levels of service based on the type of traffic. It can assign a
priority value to traffic and establish both a minimum guaranteed bandwidth and a maximum bandwidth limit. QoS can provide
dedicated bandwidth and control jitter.
Traffic shaping is the overall mechanism that encompasses CoS, QoS, and differentiated services. It does not directly implement
packet tagging.
Differentiated services (Diffserv) uses the CoS classifications for identification and subsequently utilizes the QoS parameters to
differentiate traffic. It is the term used for the end-to-end QoS model.
Both traffic shaping and QoS aid in bandwidth management. Traffic shaping is used on networks to optimize performance, improve
latency, and increase usable bandwidth for certain types of packages by delaying others. With QoS, administrators mark IP
packets to properly place them in the desired queue (RTP, voice signaling,and so on), carving out a dedicated piece of the overall
bandwidth to reserve for these queues. Traffic shaping is more about limiting the flow of packets that traverse a particular interface
to prevent that interface from becoming congested. For example, if you have a Gigabit interface, but the bandwidth that traverses
that interface is only 100 Mb, then you could flood traffic to that interface without shaping.
Objective:
Sub-Objective:
References:
Class of Service (CoS), https://www.techtarget.com/searchnetworking/definition/Class-of-Service-CoS
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security
to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you
choose?
A) WEP
B) WPA2
C) WPA
D) WAP
Explanation
You should implement Wi-Fi Protected Access (WPA). WPA was created to fix core problems with WEP. WPA is designed to work
with older wireless clients while implementing the 802.11i standard.
lOMoARcPSD|18976918
Wireless Application Protocol (WAP) is the default protocol used by most wireless networks and devices. However, because WAP
can access Web pages and scripts, there is great opportunity for malicious code to damage a system. WAP is considered the
weakest wireless protocol.
Wired Equivalent Privacy (WEP) is the security standard for wireless networks and devices that uses encryption to protect data.
However, WEP does have weaknesses and is not as secure as WPA or WPA2. Wired Equivalent Privacy (WEP) should be
avoided because even its highest level of encryption has been successfully broken.
Wi-Fi Protected Access 2 (WPA2) completely implements the 802.11i standard. Therefore, it does not support the use of older
wireless cards. Identification and WPA2 are considered the best combination for securing a wireless network. WPA2 is much
stronger than WPA. In addition, you can implement WPA2 with Temporal Key Integrity Protocol (TKIP), also referred to as TKIP-
RC4, or Advanced Encryption Standard (AES), also referred to as AES-CCMP, to provide greater security. WPA2-AES is stronger
than WPA2-TKIP.
For the Network+ exam, you need to protect against the following wireless attacks or issues:
Evil twin − occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up
to look just like a valid network, including the same Set Service Identifier (SSID) and other settings.
Rogue access point (AP) − occurs when a wireless attack that is not under your control is connected to your network. With
these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access
point is valid. You can perform a site survey to detect rogue APs.
War driving − occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can
lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA
or WPA2 authentication.
War chalking − occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for
this type of information by periodically inspecting the outside of your facilities.
Bluejacking − the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when
not in use is the best protection against this.
Bluesnarfing − the unauthorized access of information from a wireless device through a Bluetooth connection. Once again,
turning off Bluetooth when not in use is the best protection against this.
WPA/WEP/WPS attacks − Any attacks against wireless protocols can usually be prevented by using a higher level of
encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided. Wi-Fi Protected Setup
(WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access
(WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA.
Objective:
Sub-Objective:
References:
HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters),
http://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-it-
matters/
Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6
lOMoARcPSD|18976918
For your current deployment, you need an antenna with 360 degrees radiation in the horizontal plane to use for point-to-multipoint
WLAN deployment. Which type of antenna should you deploy?
A) Omnidirectional antenna
B) Parabolic dish antenna
C) Yagi antenna
D) Patch antenna
Explanation
Omnidirectional antennas radiate in a 360-degree pattern in the horizontal plane.
The radiation pattern of an antenna defines the use of the antenna for WLAN deployments. Omnidirectional antennas have 360
degrees of coverage in the horizontal plane. These antennas are used for point-to-multipoint WLAN deployments for smaller areas.
The combination of omnidirectional and directional antennas is used for long-distance point-to-multipoint bridging applications.
Patch antennas are unidirectional antennas with a wide beam width. Patch antennas are used for wide directional radiation
patterns. Cisco manufactures 6.5-dBi diversity patch wall mount antennas that broadcast a 55-degree radiation pattern for the 2.4-
GHz frequency band.
Yagi antennas are unidirectional antennas and have coverage pattern of 28 to 80 degrees in the 2.4-GHz frequency band. Cisco
provides 13.5 dBi Yagi antennas with a 25-degree radiation pattern. Yagi antennas are used for point-to-multipoint and point-to-
point directional WLAN deployments. Yagi antennas have a small physical footprint and minimal weight as compared to the other
options.
The parabolic dish antennas are very high-gain antennas and have very sharp beam in radiation. Cisco provides 21 dBi parabolic
dish antennas with a radiation pattern of 12 degrees for the 2.4-GHz frequency band. Parabolic dish antennas are used for point-
to-point, long distance WLAN bridging deployments.
Objective:
Sub-Objective:
References:
Cisco Aironet Antennas and Accessories Reference Guide, https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-

antennas-accessories/product_data_sheet09186a008008883b.html
Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4
lOMoARcPSD|18976918
Which connection type allows for connections of up to 44.736 Mbps?
A) T3
B) T1
C) E1
D) E3
Explanation
A T3 connection allows for connections of up to 44.736 Mbps. The T-Carrier system offers several different levels of connections.
Each level has a different number of channels, which are separate paths through which signals flow. Having more channels
increases the bandwidth. However, T1 and T3 are the two most commonly used T-lines.
The equivalent of the North American T-carrier system is the European E-carrier system.
For testing purposes, you should understand the standards for the following carrier lines:
T1 − 1.544 Mbps, 650 feet maximum cable length, UTP/STP/coaxial cable

T3 − 44.736 Mbps, 450 feet maximum cable length, coaxial cable
E1 − 2.048 Mbps, 650 feet maximum cable length, UTP/STP/coaxial cable
E3 − 34.368 Mbps, 450 feet maximum cable length, coaxial cable
All of these carrier lines are circuit-switched networks.
Objective:
Sub-Objective:
References:
What are T1 and T3 lines?, http://compnetworking.about.com/od/networkcables/f/t1_t3_lines.htm
E-carrier, http://en.wikipedia.org/wiki/E-carrier
An employee has just relocated to the New York office, after working in Paris for the past five years. Both offices use DHCP to
issue IP addresses. She brought her company laptop with her. The laptop was issued in Paris. As she is settling in to the new
office, she is not able to connect to the network. What is the most likely cause of her problem?
A) Duplicate MAC addresses
B) Expired IP addresses
lOMoARcPSD|18976918
C) Untrusted SSL certificate

D) Hardware failure
Explanation
The most likely cause of the problem is a duplicate MAC address. Duplicate MAC addresses can be caused by MAC address
spoofing or by manufacturers reusing MAC addresses in their devices. Manufacturers will often ship NICs with duplicate MAC
addresses to different geographic areas. With regard to manufacturers recycling MAC addresses, as long as two NICs with the
same MAC address have at last one router between them, there will not be a conflict. Routers direct traffic via IP addresses, while
switches direct traffic via MAC addresses, with an ARP table showing the relationship between MAC address and IP address.
An untrusted SSL certificate message can occur when the SSL certificate was not signed or issued by an organization that is
trusted by the browser. The most common cause is a website using a trusted certificate that is missing one or more intermediate
certificates. Other certificate errors include self-signed certificates (get a commercial certificate from a certificate authority and free
certificates that are missing their root certificates. If the certificate was untrusted, she would have experienced the problem before
moving to the new office.
Hardware failure could be the NIC, a cable, a port on a switch, the switch itself, a port on the router of the router itself, to name a
few. You would first ping 127.0.0.1 to determine if the client machine is communicating with the NIC. Ping the default gateway, then
the router, and then a tracert to a website to identify the faulty piece of equipment. Hardware failure is unlikely because the
computer connected properly at the other office.
Expired IP addresses occur when a client computer has been offline for a period of time, is brought back on line, and uses an IP
address whose lease has expired. To resolve the problem on a Windows computer, issue an ipconfig /release command, followed
by ipconfig /renew. This will unbind the IP address from the client machine, and the DHCP server will issue a new IP address. But
in this case, if she had an expired IP address, the DHCP address would simply lease her another one.
Objective:
Sub-Objective:
Given a scenario, troubleshoot general networking issues.
References:
Media Access Control, https://www.inetdaemon.com/tutorials/networking/lan/ethernet/mac.shtml
You are setting up an 802.11a wireless network in an office environment that includes three wireless access points. The wireless
access points are at least 15 meters apart and are configured for automatic channel setting. Each time you turn the wireless
access points on, they all choose the same channel. You need to ensure that the access points choose separate channels to
prevent interference, using the least amount of administrative effort.
What should you do?
lOMoARcPSD|18976918
A) Reduce the signal strength on each access point.
B) Increase the distance between the wireless access points to at least 20 meters.
C) Start each wireless access point at a separate time.
D) Manually configure each of the access points to use channels 1, 6, and 11, respectively.
Explanation
You should start each wireless access point at a separate time. This will allow each access point to select a channel. Then, when
the next access point is booted, it will detect the other access points' channels and use another channel besides the ones
detected. 802.11a wireless access points have eight available non-overlapping channels: 36, 40, 44, 48, 52, 56, 60, and 64.
802.11a products need to be configured for automatic channel selection. Therefore, you cannot manually configure the channel.
With the automatic channel selection feature, 802.11a wireless access points can detect other access points and configure their
channel accordingly. This is the reason that it is important to start 802.11a wireless access points at a separate time. The
suggested range for 802.11a wireless access points is 30 meters in an open space, and 10 meters in an office environment.
You should not increase the distance between the wireless access points to at least 20 meters. For 802.11a wireless access
points, the suggested distance in an office environment is 10 meters.
You should not manually configure each of the access points to use channels 1, 6, and 11, respectively. These are the non-
overlapping channels used by 802.11b and 802.11g devices. You should alternate between these three channels when using
802.11b or 802.11g wireless access points. The suggested range for 802.11b and 802.11g wireless access points is 120 meters in
an open space and 30 meters in an office environment.
You should not reduce the signal strength on each access point. This would require more administrative effort than is necessary to
fix your problem. In addition, reducing the signal strength could cause problems for some wireless clients that are now outside the
new range. It is much simpler to turn the wireless access points on at different times.
Objective:
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity issues.
References:
Wireless Network Routing with Multiple Access Points (APs), https://www.dummies.com/programming/networking/cisco/wireless-

network-routing-with-multiple-access-points-aps/
You are troubleshooting a network connectivity problem on a Windows 7 computer. You issue the following command at a
command prompt in command prompt window:
nbtstat -r
lOMoARcPSD|18976918
Which screen is displayed as a result of issuing this command?
A)
B)
C)
D)
Explanation
A table of NetBIOS names resolution and registration statistics will be displayed when you issue the nbtstat -r command. This
screen displays NetBIOS connection statistics, such as the number of NetBIOS names resolved by broadcast and the number of
NetBIOS names resolved by a NetBIOS name server. This screen also displays the NetBIOS names that have been resolved.
The Active Connections screen is displayed when you issue the netstat -a or netstat -A command at a command prompt on a
Windows computer.
The Route Table screen is displayed when you issue the netstat -r or netstat -R command at a command prompt on a Windows
computer.
lOMoARcPSD|18976918
The NetBIOS Local Name Table screen is displayed when you issue the nbtstat -n or nbtstat -N command at a command prompt
on a Windows computer.
Objective:
Sub-Objective:
References:
Troubleshooting Tools and Strategies, http://technet.microsoft.com/en-us/library/cc961857.aspx
Using the Netstat Command, https://www.ibm.com/docs/en/aix/7.2?topic=command-using-netstat
Your organization needs to perform a risk assessment for their ISP. Which specific type of assessment should you complete?
A) Process assessment
B) Posture assessment
C) Vulnerability assessment
D) Vendor assessment
Explanation
You should complete a vendor assessment. A vendor assessment is designed to evaluate and approve potential third-party
vendors to ensure that the products that they are selling or providing are safe and secured to use. When contracting with another
business, it is critical to understand who you may be working with, how secure they are, and what vulnerabilities may exist with
their products, as those factors can have a significant impact on your own network security. A vendor assessment is a type of
business risk assessment.
A process assessment is considered to be a business risk assessment. During a process assessment, an organization will analyze
the various process and policies that are in place and assess how secure these routines are. The goal of this assessment is to
identify any protocols or policies that create unnecessary risk, such as weak off-boarding polices or weak device management
policies. Routinely auditing your own organizations polices ensures that risks are being minimized and that polices remain up to
date.
A threat assessment, a posture assessment, and a vulnerability assessment are all forms of a security risk assessment.
In a threat assessment, an organization will determine the credibility and seriousness of a potential threat, as well as the
threat’s likelihood of occurrence. Threats can be manmade, such as a malicious insider, or environmental, such as a flood or
earthquake.
Posture assessments are used to provide a detailed analysis of an organization’s current cybersecurity strength.
Understanding how strong an organization’s defenses are critical to adequately estimating how exposed an organization may
be to a cyber-attack.
lOMoARcPSD|18976918
Vulnerability assessments are used to identify, quantity, and prioritize the various vulnerabilities within a network. All networks
have vulnerabilities, and these assessments help determine where they are and what steps need/can be taken to minimize or
remove them.
All these assessments are used during the risk management process to determine where risks may be, how severe they are, and
what remediation tactics can be used to minimize their potential impacts.
Objective:
Network Security
Sub-Objective:
References:
What is Vendor Risk Assessment?
You have several switches and routers on your company's network. The switches are not experiencing any problems. However,
one of the routers is not correctly routing packets based on IP addresses. At which layer of the OSI model does the problem device
operate?
A) Session
B) Transport
C) Data Link
D) Physical
E) Network
Explanation
Routers operate at the Network layer (Layer 3) of the OSI networking model. They use source and destination addresses, which
are located at the Network layer, to route packets. On the other hand, switches use MAC addresses, which are located at the Data
Link layer (Layer 2), to forward frames. An example of an issue that occurs at the Network layer is when computers are connected
to the same switch but receive error messages and cannot communicate.
The Session layer (Layer 5) starts, maintains, and stops sessions between applications on different network devices.
The Physical layer (Layer 1) provides the functions to establish and maintain the physical link between network devices.
The Transport layer (Layer 4) of the OSI model segments and reassembles data into a data stream and provides reliable and
unreliable end-to-end data transmission.
Objective:
lOMoARcPSD|18976918
Sub-Objective:
Compare and contrast the Open Systems Interconnection (OSI) model layers and encapsulation concepts.
References:
Network router, http://www.tech-faq.com/network-router.shtml
Which of these devices can perform router functions?
A) IDS
B) Wireless controller
C) Multi-layer switch
D) Proxy server
Explanation
A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When
ports on a multi-layer switch are configured as Layer 2 ports, traffic will be routed based on the MAC address. When ports are
configured as Layer 3 ports, traffic will be routed based on IP addresses. Multi-layer switches have the ability to route packets
between virtual local area networks (VLANs).
Wireless controllers provide centralized management of wireless access points. Without wireless controllers, each access point
must be configured individually.
An intrusion detection system (IDS) contrasts with an intrusion prevention system (IPS). When comparing IDS/IPS, IDS is
essentially a warning system that provides notification of an intrusion, while IPS is more active and can stop an attack while it is
taking place. An IDS does not route traffic.
A proxy server can provide caching services to reduce the amount of internet traffic from the gateway.
Objective:
Sub-Objective:
References:
What is the difference between a router and a Layer 3 switch?, http://searchnetworking.techtarget.com/answer/What-is-the-

difference-between-a-router-and-a-Layer-3-switch
lOMoARcPSD|18976918
A user reports that she cannot print from her computer. You also notice that they are unable to reach a supplier's web site. The
operating system is Windows 8.1. Which command should you start with to help with your diagnosis?
A) route
B) ping
C) dig
D) nmap
Explanation
The ping command allows you to test the connection between a local computer and a node on the network. If you are trying to
determine why a user cannot print, you can issue the ping command with either the printer’s network name (ping colorprinter) or
the IP address of the printer (ping 192.168.1.38). If you could ping by IP address, but not by network name, that would indicate a
problem with DNS translation.
The nmap Linux command is used to explore the network. It also acts as a security scanner. As an example, you can use nmap
192.168.1.0/24 to scan a subnet.
The route command can be used to add additional routes (path) in your network. As an example, if you decided that traffic from
some computers needed to go to another node in the network, you would use a route add command.
The dig command is used in Linux to find DNS information. It is primarily used in troubleshooting DNS problems. Entering dig and
a domain name would return the A record for that domain.
Objective:
Sub-Objective:
References:
Ping, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping
A server on your network contains several virtual servers. However, the server contains a single NIC. Which statement MOST
likely describes the communication from this server?
A) It transmits data using IPv6.

B) It transmits data using IPv4.
C) It transmits data from multiple IP addresses.
D) It transmits data from multiple MAC addresses.
Explanation
lOMoARcPSD|18976918
When a server contains several virtual servers with a single network interface card (NIC), it is most likely to transmit data from
multiple IP addresses. It could also transmit data from a single IP address, but with each virtual server using a different port
number.
This server does not transmit data from multiple MAC addresses. Because a MAC address is the physical address for the NIC, this
server only uses a single MAC address.
Virtual servers can be implemented using either IPv4 or v6. The number of NICs used in a virtual server has no effect on which IP
version should be used.
Objective:
Sub-Objective:
References:
How to Assign Ports and IP Addresses to Virtual Servers, https://technet.microsoft.com/en-us/library/aa996628(v=exchg.65).aspx
Management has requested that you document the minimum level of security for all network devices. Which of the following will
this provide?
A) baselines
B) standards
C) procedures
D) guidelines
Explanation
A baseline defines the minimum level of security and performance of a system in an organization. A baseline is also used as a
benchmark for future changes. Any change made to the system should match the defined minimum security baseline. A security
baseline is defined through the adoption of standards in an organization.
Guidelines are the actions that are suggested when standards are not applicable in a particular situation. Guidelines are applied
where a particular standard cannot be enforced for security compliance. Guidelines can be defined for physical security, personnel,
or technology in the form of security best practices.
Standards are the mandated rules that govern the acceptable level of security for hardware and software. Standards also include
the regulated behavior of employees. Standards are enforceable and are the activities and actions that must be followed.
Standards can be defined internally in an organization or externally as regulations.
Procedures are the detailed instructions used to accomplish a task or a goal. Procedures are considered at the lowest level of an
information security program because they are closely related to configuration and installation problems. Procedures define how
lOMoARcPSD|18976918
the security policy will be implemented in an organization through repeatable steps. For instance, a backup procedure specifies the
steps that a data custodian should adhere to while taking a backup of critical data to ensure the integrity of business information.
Personnel should be required to follow procedures to ensure that security policies are fully implemented.
Procedural security ensures data integrity.
Objective:
Network Operations
Sub-Objective:
References:
Mandatory security baselines, https://security.web.cern.ch/security/rules/en/baselines.shtml
A user is complaining about wireless connectivity. Their cubicle is on a concrete wall, and the wireless access point is mounted on
the other side of the wall. What describes what is happening to the wireless signal that only has to travel a few inches?
A) Refraction
B) Attenuation
C) Absorption
D) Frequency mismatch
Explanation
Absorption occurs when an object does not reflect or refract a wireless signal, but rather absorbs a portion of it. Different materials
have different absorption rates. For example, drywall has a relatively low absorption rate, while concrete has a relatively high
absorption rate.
Refraction “bends” the signal as it passes through, or the signal curves as it tries to go around the object. Think of a stick where
part of the stick is in the water and part of the stick is out of the water. The stick appears ‘‘bent” because the water causes
refraction of the image. This may result in communication issues.
Frequency mismatch occurs when one device is operating at 2.4GHz and another device is operating at 5GHz, causing
communication to drop. Both (or all) devices must be on the same frequency to communicate. One solution to ensure coverage for
all devices is to have one access point operating at 2.4, and another operating at 5 is to differentiate the access points. This might
be achieved by including the frequency in the SSID, such as MyNetwork2.4 and MyNetwork5.
Attenuation is the degradation of a signal, typically occurring over distance. Wireless networks are particularly susceptible to
attenuation, due to their distance limitations. Typical effective indoor ranges for wireless signals are from 90-225 feet. Attenuation
is not caused by concrete walls.
lOMoARcPSD|18976918
Objective:
Sub-Objective:
References:
5 Phenomena That Impact Wi-Fi Signal, https://www.mirazon.com/5-phenomena-that-impact-wi-fi-signal/
You use HTTPS to secure your e-commerce website. You suspect an external breach has occurred. What should you do to
enhance transaction security?
A) Generating new keys

B) Hashing files
C) Avoiding common passwords
D) Disabling IP ports
Explanation
You should be concerned with generating new keys. If a breach has occurred, and the attacker has managed to obtain the keys,
generating new keys will keep the attacker from using the stolen keys again.
Avoiding common passwords is critical to establishing basic security. Refrain from using dictionary words, names, numbers-only
passwords, and keyboard patterns, like qwerty. In a recent NIST study, the most secure passwords are comprised of three to four
random 10+ character words, such as “ElephantConstitutionInternationalConvention.”
Disabling IP ports helps limit the type of traffic on your network, and also provides fewer dormant ports for hackers to exploit. As an
example, if you do not want a PPTP VPN on your network, you should disable port 1723.
File hashing is an excellent security measure to detect whether or not a file has been intercepted and altered. An algorithm is used
to create a unique value (hash) based on the file’s contents. The recipient of the file uses the same algorithm to generate a hash. If
the two hash values match, the file has not been altered. Examples of hash algorithms include MD5, SHA1, and CRC32.
Objective:
Network Security
Sub-Objective:
References:
Generating Keys for Encryption and Decryption, https://docs.microsoft.com/en-us/dotnet/standard/security/generating-keys-for-

encryption-and-decryption
lOMoARcPSD|18976918
A network contains 150 Windows client computers that all receive their IP configuration from a DHCP server. The network is
divided into two subnets. The network administrator decides to move a client computer from one subnet to another. After moving
the client, the computer is having trouble communicating on the network. You suspect that the client computer is using an IP
address from the old subnet. You need to run the appropriate commands to ensure that the client computer receives a new IP
address.
Select the appropriate command(s) from the left and place them in the appropriate order on the left. Only select commands that
are necessary for the scenario. The scenario may include one or more commands. Order is important.
{UCMS id=5166797584072704 type=Activity}
Explanation
For this scenario, you need to release and renew the DHCP lease for the client computer. You do this by running the following
commands:
ipconfig /release
ipconfig /renew
The ipconfig /all command will display all the TCP/IP settings for the computers.
The ipconfig /flushdns command removes the contents of the computer's DNS cache.
The ipconfig /registerdns command registers the computer's DNS host name with the DNS server.
The ipconfig /displaydns command displays the contents of the computer's DNS cache.
The ipconfig /showclassid command will display the DHCP class ID assigned to the client computer.
The ipconfig /setclassid command will configure the DHCP class ID for the client computer.
You should only select commands needed for the scenario. In some cases, only a single command may be necessary.
Objective:
Sub-Objective:
References:
Ipconfig, https://technet.microsoft.com/en-us/library/bb490921.aspx
A user reports that a legacy system is no longer responding. After researching, a technician reports that the system has been
flooded with ICMP packets larger than 65,535 bytes. This is most likely the result of which type of attack?
lOMoARcPSD|18976918
A) malware
B) backdoor access
C) ARP issues
D) ping of death
Explanation
This is most likely the result of a ping of death attack. In a ping of death attack, a system or network is flooded with ICMP packets
larger than 65,536 bytes. You can prevent this type of attack by not allowing ICMP messages from outside your network.
This scenario is not the result of a malware attack. Malware, or malicious software, is generally obtained through email, instant
messaging, the Internet, or file sharing. In most cases, malware affects the performance of the infected computer. It also may steal
information. You can install anti-malware software to prevent these attacks. User education is also important.
This scenario is not the result of backdoor access, also referred to as improper access. Backdoor access is usually obtained
through using a backdoor utility or by using some built-in developer hook in an application that allows developers to circumvent
normal authentication. It is often very hard to detect backdoor access. Companies should track the open-source projects that enter
their network from external untrusted sources, such as open-source code repositories, and should rapidly respond to any
backdoors discovered.
This scenario is not the result of ARP issues. This is often accomplished by poisoning the ARP cache of computers. ARP poisoning
can also be referred to as man-in-the-middle (MITM) attacks. You can use dynamic ARP inspection at routers to help mitigate this
issue. Dynamic ARP inspection is a security tool that can be utilized to reject malicious or invalid ARP packets from engaging with
the network.
For the Network+ exam, you must also understand the following common security issues:
Misconfigured firewall − allows vulnerabilities to be exposed, giving attackers the opportunity to exploit the firewall itself or the
internal and DMZ devices the firewall was intended to protect. You should never allow all traffic into your internal network from
the outside untrusted network. In addition, disable or remove any default accounts. If possible, configure the firewall to send
alerts any time a configuration change has occurred. This would ensure that you would know that a configuration change has
occurred and allow you to verify if the change was valid or carried out by an attacker.
Misconfigured ACLs/applications − allows vulnerabilities to be exposed, giving attackers the opportunity to exploit applications
or entities protected by the access control list (ACL). Disable or remove any default accounts in applications. Make sure that
ACLs are not configured to allow all. ACLs should default to deny for all accounts not given access.
Denial of service (DoS) − occurs when a server is flooded with traffic with the intent to shut down the server. In most cases,
upgrading your devices and applications with the latest service packs or updates will prevent these attacks.
Open/closed ports − allows or denies network access to specific types of traffic based on the port used. You should disable all
ports that you are not using. Remember any open ports are avenues of attack.
ICMP related issues − includes ping of death and unreachable default gateway. Most companies simply deny any ICMP from
external networks.
Unpatched firmware/OSs − allows vulnerabilities to be exposed, giving attackers the opportunity to exploit the unpatched
device or computer. Make sure that all patches, security updates, hotfixes, and service packs are deployed in a timely manner
to all affected systems.
Malicious users − includes both trusted and untrusted users. Often malicious users will use packet sniffing utilities to obtain
information about the network to enable attackers to carry out attack. Auditing can help mitigate this issue.
lOMoARcPSD|18976918
Authentication issues − includes TACACS/RADIUS misconfigurations and default passwords/settings. Terminal Access
Controller Access-Control System (TACACS) is a TCP-based protocol used to communicate with an authentication,
authorization, and accounting (AAA) server. Remote Authentication Dial-In User Service (RADIUS) is a UDP-based protocol
used to communicate with a AAA server. Because TACACS and RADIUS only handle the authentication of remote users, the
TACACS/RADIUS server isn't configured correctly only if valid users are not authenticated or if invalid users are authenticated.
When it comes to default passwords, you should disable all default passwords on any authentication servers. Default settings
should also be changed. Changing default passwords and settings will help to ensure that attackers cannot use these defaults
to breach the network.
Banner grabbing/OUI − A banner is the text that is embedded with a message that is received from a host. Usually this text
includes signatures of applications that issue the message. Banner grabbing is a fingerprinting technique that relies on
morphed or empty TCP packets that are sent over to a target machine. Telnet, Netcat, Nmap and other tools can be used to
carry out banner grabbing. First you need to thoroughly analyze what information is leaked. Set up your services properly.
Default settings are always insecure. Turn off all the features and services that are unnecessary.
Domain/local group configurations − Groups are often used as part of any security configuration. Users are placed into group,
and groups are given access to resources. You should periodically audit groups and ensure that their permissions are
appropriately configured.
Jamming − Jamming compromises the wireless environment. It works by denying service to authorized users as legitimate
traffic is jammed by the overwhelming frequencies of illegitimate traffic.
Objective:
Network Security
Sub-Objective:
References:
Ping of Death, http://compnetworking.about.com/od/networksecurityprivacy/l/bldef_pingdeath.htm
Your company is building a new facility, and you are tasked with designing the new network at that site. You will need multiple
servers, switches, patch panels, UPS equipment, and other equipment. You need to plan and document the placement of the
equipment in the site's network data center. Which tool should you use?
A) Rack diagrams
B) Network diagram
C) Logical diagram
D) Standard operating procedures/work instructions
Explanation
Rack diagrams depict the placement of network equipment, such as routers, switches, hubs, patch panels, servers, and more, in a
standard 19”-wide cabinet called a rack. Rack diagrams are particularly useful when planning server rooms and networking
lOMoARcPSD|18976918
closets, as the diagrams allow the engineer to determine the proper placement of equipment prior to the physical buildout. They
also serve as a tool to help locate equipment for maintenance or repair.
A network diagram would show where the racks are located on the network, but would not show the placement of the equipment in
the data center, especially if that equipment is located in a rack.
Standard operating procedures/work instructions represent key documents used to manage the network. While the two documents
are related, they each have a different purpose. A standard operating procedure (SOP) indicates what is to be done, as well as the
responsible party. The work instructions describe how to execute the task identified in the SOP.
When comparing logical vs physical diagrams, each provides a different visualization of the network topology. Physical network
diagrams depict the equipment and cables that comprise the network. Logical diagrams show the IP addresses, subnet masks,
VLANs, and protocols. A logical diagram would not document the placement of the equipment in the site's network data center.
Diagram symbols should be standardized throughout the network documentation. For example, routers should all be depicted in
the documentation with the same shape. The same would be true for items such as switches, bridges, and patch panels: each type
of equipment should use a symbol, icon, or shape that is unique to that type of equipment. The most commonly used symbols
were developed by Cisco, but Amazon Web Services uses its own set of symbols, and different software packages may have their
own symbols.
Objective:
Network Operations
Sub-Objective:
References:
Rack Space Diagram Templates, https://creately.com/blog/examples/network-diagram-templates-

creately/#Rack%20Space%20Diagram%20Templates
You are asked to acquire address space for a new network that must accommodate at least 12 subnets, each with at least 2,048
nodes. A total of 25,576 IP addresses are needed, but the available address space should leave some room for growth in each
subnet, and for the number of subnets to double (or more). The network must also support IPsec to the endpoints for security
reasons.
Which of the following options provides the best fit while minimizing costs?
A) Public IPv4 Class B network, purchased on the open market

B) IPv6 network with a /48 global routing prefix
C) Private IPv4 Class A network (10.0.0.0)
D) IPv6 network with a /64 global routing prefix
E) IPv6 network with a /56 global routing prefix
lOMoARcPSD|18976918
Explanation
The IPv6 network with a /56 global routing prefix should impose little or no cost to obtain. It also provides 256 subnets, each with
millions of nodes, and supports IPsec end-to-end. Thus, it provides the best fit while minimizing costs because it meets the starting
requirements with ample room for growth. In fact, in a situation where IPsec is needed end-to-end, only IPv6 makes sense.
Private IP addresses do NOT support IPsec connections end-to-end. They require Network Address Translation (NAT) or some
equivalent, and will not work with IPsec. Thus, a Private IPv4 Class A address is not suitable.
If one could purchase a public IPv4 class B network address on the open market, it would cost at least $300,000, if not double that
amount or more (see References). A single class B address can only be subdivided into 14 subnets, if each one needs 2,048
nodes. Thus for both reasons of cost and capacity, a public IPv4 Class B network address is not suitable.
IPv6 network addresses are generally available for no cost or low cost, but one with a /64 global routing prefix provides exactly one
subnet (a single network, in other words). Thus it does not meet the stated requirements.
An IPv6 network with a /48 global routing prefix supports up to 65,000 subnets, each with millions of nodes. It is a popular choice
for single subscriber sites, but offers many more subnets than are needed. Thus, it does NOT meet the stated requirements.
Objective:
Sub-Objective:
References:
CIDR (Classless Inter-Domain Routing or supernetting, http://searchnetworking.techtarget.com/definition/CIDR
Understanding IP Addressing and CIDR charts, https://www.ripe.net/about-us/press-centre/understanding-ip-addressing
You install a network analyzer to capture your network's traffic as part of your company's security policy. Later, you examine the
captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all
four subnets on your network. Two routers are used on your network.
What could you do? (Choose two. Each answer is a complete solution.)
A) Install the network analyzer on all four subnets.
B) Install the network analyzer on the firewall.
C) Install the network analyzer on a router.
D) Install a port scanner.
E) Install a distributed network analyzer.
Explanation
lOMoARcPSD|18976918
You could either install the network analyzer on all four subnets, or install a distributed network analyzer. Standard network
analyzers only capture packets on the local subnet. To capture packets on a multi-subnet network, you could install the network
analyzer on all four subnets. Alternatively, you could purchase a network analyzer that can capture all packets across the subnets.
Typically, a distributed network analyzer consists of a dedicated workstation network analyzer installed on one subnets and
software probes installed on the other subnets.
You should not install a port scanner. A port scanner reports which ports and services are being used on your network.
You should not install the network analyzer on a router. This will only allow you to capture packets on the subnets connected to the
router. The scenario indicates that there are two routers on your network.
You would need to install the network analyzer on both routers.
You should not install the network analyzer on the firewall. This will only allow you to capture packets on the subnets connected to
the firewall.
Objective:
Sub-Objective:
References:
Network Monitoring Tools, https://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run Windows
7. The network diagram is shown in the following image:
lOMoARcPSD|18976918
Which command should you run from Server B to determine whether the default gateway address is properly configured?
A) ipconfig /renew
B) ipconfig ServerB
C) ipconfig /all
D) ipconfig 129.68.0.1
Explanation
The ipconfig /all command lists all the TCP/IP configuration parameters for the computer on which it is run. This includes the
default gateway address for the Server B network. By examining the output from ipconfig /all, you will be able to determine if the
configured default gateway address is correct.
Ipconfig /renew renews all IP addresses for all adapters on the network. It is often used with the ipconfig /release command to
obtain a new IP address from DHCP. Ipconfig 129.68.0.1 and ipconfig ServerB both have an invalid command-line argument.
Objective:
Sub-Objective:
References:
How to Use the Ipconfig Command, https://www.meridianoutpost.com/resources/articles/command-line/ipconfig.php
lOMoARcPSD|18976918
Your company's network experienced some recent performance issues that you resolved with a lot of effort. After resolving the
problem, you decide to start monitoring network performance. You have selected the network performance tool that you will use.
What must you do first?
A) Measure the current available bandwidth.

B) Capture the baselines.
C) Determine where the bottlenecks are.
D) Examine the logs to determine where to deploy the tool.
Explanation
Once you have selected the network performance tool, you need to capture the network performance baselines. These baselines
will act as a basis of comparison. Baselines should be captured at different times. Network utilization will be much higher during
peak usage times. If you do not capture the appropriate baselines, you may not realize when actual performance issues arise.
You cannot determine where the bottlenecks are until you install the network performance tool and analyze its results. In addition,
you will need to capture a baseline for comparative analysis.
You cannot measure the current available bandwidth until you install the network performance tool.
You do not need to examine the logs to determine where to deploy the tool. In most cases, a network performance tool is installed
on a central server and the network performance clients are installed on devices throughout the network. All logs and alerts are
transmitted to the central server. Administrators can then analyze the logs and alerts to determine what is occurring on the
network.
For the Network+ exam, you need to analyze metrics and reports from monitoring and tracking performance tools. This includes
graphing and link status. Graphing will provide an easy way to determine trends. This helps in forecasting when needs will reach
the point where an upgrade may be necessary. For example, graphing trends may show a 10% increase in bandwidth usage every
six months. If trends continue, it may be necessary to upgrade the network to a faster cabling. For link status, you need to read the
documentation that accompanies any network device to ensure that you can properly interpret lights on the network devices. "High
utilizations threshold exceeded on r01: current value 9624161.18" is an example of an interface link status message.
Objective:
Network Operations
Sub-Objective:
References:
How to set a network performance baseline for network monitoring, http://searchnetworking.techtarget.com/How-to-set-a-network-

performance-baseline-for-network-monitoring
lOMoARcPSD|18976918
You are using the ipconfig tool to troubleshoot a problem with a wireless host. The results are shown below: Adapter address:
00-10-4B-DE-F5-D8IP address: 192.168.1.40Subnet mask: 255.255.255.0Default gateway: 0.0.0.0You can access
services on the local network from the host, but you cannot access the Internet. What is the most likely cause of the problem?
A) incorrect IP address
B) missing default gateway
C) invalid Ethernet adapter
D) incorrect subnet mask
Explanation
A default gateway must be specified for a host for it to connect to hosts outside the local network. This address is the address of
the router interface on the local segment that forwards data to other networks. On small networks, the default gateway is the
address of the router that connects the local network to the Internet. You should ensure that the default gateway is correctly
configured for the interface that is on the local subnet. A wrong default gateway will have the same result as a missing default
gateway: packets will not be able to leave the local subnet.
From the output of the ipconfig utility, you can see that no default gateway is configured for the host. You must configure the proper
default gateway for the host. This can be done manually or using DHCP to automatically assign the appropriate addressing
information.
The IP address, subnet mask, and Ethernet adapter are all valid in this scenario.
Objective:
Sub-Objective:
References:
Chapter 13: Network Troubleshooting, https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/bts/7-

0/troubleshooting/guide/tg70/13tg01.pdf
You need to connect wireless devices to a wired local area network. Which device should you implement?
A) Access Point
B) Wireless NIC
C) Gateway
D) CSU/DSU
lOMoARcPSD|18976918
Explanation
An access point is either a software or hardware component that acts as a transceiver for wireless devices, connecting them to a
wired local area network (LAN). It serves a similar function as a distribution center sending and receiving signals to and from
computers on the network. Stations, or computers, placed too far from the access point will be unable to communicate with the
network. A wireless network that employs access points is said to be operating in infrastructure mode. However, wireless networks
can also be set up with just a few stations and wireless network cards. This is known as ad-hoc mode. Ad-hoc mode networks can
be set up quickly; however, all of the stations must be within a 300-foot radius to communicate. A mesh network may use a
combination of wireless access points while allowing some devices to connect using ad-hoc mode. Organizational wireless access
points usually provide more connections and a wider range of transmission than small office/home office wireless routers.
A gateway is used to connect networks that use different protocols.
A Channel Service Unit/Digital Service Unit (CSU/DSU) is a device typically required by leased lines, such as T1 lines, to terminate
their media connection to your LAN.
A wireless network interface card (NIC) is designed specifically for wireless networks. It is the piece of hardware that enables
wireless communication for a computer.
Keep in mind that wireless access point (WAP) placement is very important. WAP placement varies based on the environment in
which the WAP is placed. WAPs should be centrally placed to ensure that the maximum number of devices can use it. Also, you
should consider the other devices in the area, such as cordless telephones, that can cause interference. Placement is particularly
important if more than one WAP is implemented in the same area. It may be necessary to configure WAPs that are in close
proximity to use different channels.
For the Network+ exam, you also need to understand device density, roaming, and wireless controllers. Device density is the ratio
of users to access points. The performance of the network could be adversely affected if too many users are connected to a single
wireless access point. An overlap of coverage between access points is advisable to allow uninterrupted roaming from one
wireless network coverage area to another. However, those overlapping coverage areas should not use overlapping frequencies.
A wireless controller is a centralized device that can be used to manage multiple wireless access points. You need to understand
VLAN pooling and Light Weight Access Point Protocol (LWAPP). VLAN pooling assigns IP addresses to wireless clients from a
pool of IP subnets and their associated VLANs. The protocols used to communicate between an access point and a wireless
control is either the older Lightweight Access Point Protocol (LWAPP) or the more current Control And Provisioning of Wireless
Access Points (CAPWAP).
A wireless bridge is a wireless access point that allows wireless devices to connect to a wired network.
Multi-user MIMO (MU-MIMO) is a set of advanced multiple in, multiple out (MIMO) technologies where the available antennas are
spread over a multitude of independent access points and independent radio terminals. Each has one or multiple antennas. In
contrast, single-user MIMO considers a single multi-antenna transmitter communicating with a single multi-antenna receiver. MIMO
is used in 802.11n to allow the wireless network to reach higher speeds.
Objective:
Sub-Objective:
lOMoARcPSD|18976918
References:
Wireless Access Point, http://compnetworking.about.com/cs/wireless/g/bldef_ap.htm
You administer computers on a Windows network. You suspect a problem with automatic NetBIOS name resolution on a Windows
7 computer on the network. Which command should you use to troubleshoot the name resolution problem?
A) the netstat command
B) the tracert dnsname command
C) the ipconfig /all command
D) the nbtstat -r command
Explanation
Of the listed commands, you should use the nbtstat -r command to troubleshoot the automatic NetBIOS name resolution problem
on the Windows 7 computer. On a Windows network, NetBIOS is used to locate computers in a server domain. If TCP/IP is being
used on the network, then NetBIOS names need to be resolved to IP addresses. NetBIOS name resolution can be accomplished
in two ways in a Windows NT 4.0 server domain: LMHOSTS and Windows Internet Name Service (WINS). The LMHOSTS file is a
flat-text file that contains NetBIOS name to IP address resolutions. Each computer on a Windows network that uses LMHOSTS
name resolution must have an LMHOSTS file, which must be manually updated when changes are made to NetBIOS name-to-IP
address resolution on the network. WINS provides an automatic NetBIOS name-to-IP address resolution system. You can view
WINS statistics by using the nbtstat -r command to determine the number of NetBIOS name resolutions on a computer. If the
number of name resolutions is zero, then you can assume that there is a problem with a computer's WINS configuration.
You can use the ipconfig /all command to troubleshoot problems with TCP/IP configurations on most computers that use Microsoft
Windows operating systems. It will list the IP address, subnet mask, and default gateway assigned to the computer, as well as the
DNS settings and whether the computer is DHCP enabled.
You can use the netstat command to view the active TCP and UDP connections on a TCP/IP computer. You can also use the
netstat command to view other network statistics, such as the number of bytes and data packets a computer on a TCP/IP network
has received.
You can use the tracert dnsname command to determine the route a data packet takes as it travels through a TCP/IP internetwork.
In the tracert dnsname command, the dnsname variable is the Domain Name System (DNS) name of a computer in a TCP/IP
network. The following is an example of a DNS name: www.verigon.com.
Objective:
Sub-Objective:
References:
lOMoARcPSD|18976918
Nbtstat, http://technet.microsoft.com/en-us/library/cc940106.aspx
Which of the following options are relevant to network segmentation when using switches? (Choose 2)
A) VLANs
B) Tagging and untagging ports
C) MAC address tables
D) ARP tables
Explanation
Virtual local area networks (VLANs) allow you to segment a network and isolate traffic to different segments. Each segment (such
as Sales, Administration, Manufacturing, or Accounting) can become its own VLAN. VLANs are created by tagging and untagging
ports on a switch. A trunk port, which serves as the connection between switches, tags the VLAN traffic. An access port, which is
the connection to an end device, does not tag. Port tagging and VLANs are not used in unsegmented networks.
MAC address tables contain the MAC address of any device on the network and the corresponding port on the switch to which it is
attached. In instances where a VLAN is implemented, the MAC address table will also have the associated VLAN for that port.
However, MAC address tables alone do not provide the network segmentation.
ARP tables show the relationship of IP addresses to MAC addresses and are located on most devices. While they help the devices
may routing decisions, they do not provide network segmentation.
Objective:
Sub-Objective:
References:
Fundamentals of 802.1Q VLAN Tagging,

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging
As a network administrator, you decide to replace a hub on your network with an active hub. At which OSI layer does the new
device function?
A) Network
B) Transport
lOMoARcPSD|18976918
C) Physical
D) Session
Explanation
Active hubs or multiport repeaters amplify or regenerate signals to all other ports on the hub. Because active hubs regenerate
signals, they are often used to extend the length of segments beyond their maximum specified lengths. They, as with all hubs, are
considered Physical layer devices (Layer 1) because they act on the data at the bit level. If a computer is unable to reach the
Internet, the technician should begin troubleshooting at the Physical layer.
The Physical layer is also associated with the flow of electrical current and physical connections between devices. The first step of
troubleshooting a non-responsive device at the Physical layer is to make sure the device is plugged in and the interconnections
are fully seated in their jacks.
The layers of the OSI model, along with their layer numbers, are shown below:
Layer 1 – Physical layer

Layer 2 – Data Link layer
Layer 3 – Network layer
Layer 4 – Transport layer
Layer 5 – Session layer
Layer 6 – Presentation layer
Layer 7 – Application layer
Objective:
Sub-Objective:
References:
What is a hub?, https://www.rfwireless-world.com/Terminology/Active-hub-vs-Passive-hub.html
Your company's IT department needs to provide field sales representatives with the ability to upload and download files from
company servers while they are away from the office. They will be communicating over public Internet connections at coffee shops,
hotels, truck stops, and other public facilities. All inbound connections to the company network already require use of a secure
VPN based on the OpenVPN protocol. You want to allow secure file transfer with minimal firewall management overhead. Which
protocol should you use?
A) Passive Mode FTP

B) FTPS
C) SFTP
lOMoARcPSD|18976918
D) TFTP
E) SMBv1
Explanation
You should use Secure File Transfer Protocol (SFTP). First, because SFTP uses only a single port number for communications, it
is easy to secure and monitor at the firewall. Second, unlike FTPS, SFTP is not a reworked version of FTP. Rather, it is a
completely different protocol based on Secure Shell (SSH) that encrypts both authentication data and data files being transferred.
Third, SFTP even works with SSH private/public key pairs for an optional added layer of authentication and enhanced security.
You should not use Passive Mode FTP. First, Passive Mode FTP includes no encryption so all data is sent and received in
cleartext. Second, Passive Mode FTP uses a single control channel to receive service requests, but dynamically assigns ports to
upload or download files. This makes it necessary to open and manage a wide range of port addresses for file transfer, any of
which can also become a focus for intrusion or attack.
You should not use FTP Secure (FTPS). It is a more secure implementation of FTP that incorporates SSL protection (now replaced
by TLS) into a standard FTP implementation. Thus, it also uses a single control channel, plus dynamically assigned ports to upload
or download files. FTPS can use an ID and password, or a digital certificate for authentication. Because of the dynamic ports and
attendant management and monitoring issues, it is not the best solution.
You should not use Trivial FTP (TFTP). TFTP is primarily used for network management tasks. In its most basic form, it includes no
built-in security at all, not even logins and passwords. As such, it is even less secure than basic FTP.
You should not implement Server Message Block (SMB) version 1. It is the earliest, least secure and widely deprecated
implementation of the first-generation Sever Message Block (SMB) protocol. It is sufficiently insecure that Microsoft no longer
installs it in the most current version of Windows 10.
Objective:
Sub-Objective:
References:
Understanding Key Differences Between FTP, FTPS and SFTP http://www.jscape.com/blog/bid/75602/Understanding-Key-

Differences-Between-FTP-FTPS-and-SFTP
12 File Transfer Protocols and the Businesses They're Best Suited For http://www.jscape.com/blog/12-file-transfer-protocols-
businesses
SFTP vs. FTPS: The Key Differences https://www.goanywhere.com/blog/2016/11/23/sftp-vs-ftps-the-key-differences
Your network contains several virtual LANs (VLANs). What is a benefit of using this technology?
lOMoARcPSD|18976918
A) It allows users on a LAN to communicate with remote networks.
B) It allows users from different segments to communicate with each other.
C) It connects small networks together to form a single large network.
D) It allows networks to be segmented logically without being physically rewired.
Explanation
A virtual LAN (VLAN) is a networking technology that allows networks to be segmented logically without having to be physically
rewired. In a traditional Ethernet network, you can replace all hubs with VLAN switches. This creates virtual network segments
whose logical topology is independent of the physical topology of the wiring. Each station is assigned a VLAN identification number
(ID), and stations with the same VLAN ID function as though they are all on the same physical network segment, no matter which
physical switch they are connected to. Only devices with the same VLAN ID will receive broadcasts sent by a host. The
assignment of VLAN IDs is done at the port level on the switches themselves. Moving a host to another department only requires
the assignment of a different VLAN ID to the port on the switch to which the host is connected. No rewiring of cables is necessary.
The primary benefit of having a VLAN is that users can be grouped together according to their need for network communication,
regardless of their actual physical locations. Membership in a VLAN segment, called a VLAN group, is controlled by the network
management software, which allows users to be grouped according to their needs.
For the Network+ exam, you will also need to understand the difference between voice and data VLANs. A voice VLANs is a VLAN
that has specifically been allocated for a user’s voice data stream. These VLANs ensure that the quality of voice traffic is
consistent and given priority during data transmission. A data VLAN, otherwise known as a user VLAN, is designed to prioritize
user-generated data.
For the Network+ exam, you need to understand the following switch management issues:
User/passwords − Limit the number of administrative users that are allowed to access the switches on your network. Always
use complex passwords for those users. If there are any default accounts, such as administrator or guest, you should disable
these accounts because attackers will often use these accounts to hack into your switch.
AAA configuration − AAA stands for Authentication, Authorization and Accounting. Authentication verifies the identity of the
user. Authorization handles what the user is allowed to do and what resources he/she can access. Accounting audits the
actions of the users. AAA and 802.1X are used for port-based authentication,
Console − The console is used to manage a switch. You should use Secure Shell (SSH) or connect directly to the switch's
console port of the switch. An unmanaged switch is one that does not support the use of an IP address or a console port
connection for management purposes.
Virtual terminals − Virtual terminals are remote workstations that allow you to access the switch management tools and
desktop interface. You should limit who has access to these terminals and place them only in secure locations. In addition,
they should require authentication before accessing the management tools. If only one person can log in to the virtual terminal
at a time, you should increase the number of virtual terminals available.
In-band/Out-of-band management − When possible, you should use a separate network for management of a managed
switch. This is referred to as out-of-band (OOB) management when the management traffic is kept on a separate network than
the user traffic. In-band management occurs over the same network as user traffic. OOB management is more secure.
Objective:
lOMoARcPSD|18976918
Sub-Objective:
References:
Advantages of VLANs, https://library.netapp.com/ecmdocs/ECMP1401193/html/GUID-C9DA920B-F414-4017-8DD1-

D77D7FD3CC8C.html
You are installing a second wireless access point in your office. When you place the second wireless access point, you notice it is
experiencing interference intermittently. You want to prevent the interference. Which method would NOT prevent interference?
A) Increase the signal strength of the new wireless access point.

B) Change the channel used on the new wireless access point.
C) Move the new wireless access point.
D) Decrease the signal strength of the new wireless access point.
Explanation
You should NOT increase the signal strength of the new wireless access point. This would probably increase the interference.
Decreasing the signal or power strength can ensure that the wireless LAN does not extend beyond a certain area.
You could move the new wireless access point, change the channel used on the new wireless access point, or decrease the signal
strength of the new wireless access point. One other method for preventing wireless interference is changing the wireless
telephone used. The scenario only stated that intermittent interference was occurring. It did not state what was causing the
interference.
Another potential wireless issue is the wrong antenna type. Antenna types can affect the area that a wireless signal will cover.
Unidirectional antennas only transmit in a single direction, while omnidirectional antennas transmit in a defined radius from the
antenna placement. In both cases, you should ensure that the wireless access point is placed in an area where the antenna type
will be most effective.
Objective:
Sub-Objective:
References:
WiFi Troubleshooting, https://community.cisco.com/t5/wireless-mobility-documents/wifi-troubleshooting-cheat-sheet/ta-p/3108889
lOMoARcPSD|18976918
You are setting up your company's VoIP infrastructure. One remote office location has audio problems when placing or receiving
calls. At times, speech quality is poor, or there is a noticeable and distinct echo for call audio. In troubleshooting a possible system
configuration issue, which of the following possibilities do you want to eliminate first?
A) H.323 protocol support has not been selected.

B) Echo cancellation has been misconfigured or has not been applied.
C) The call terminates on an analog endpoint.
D) Check to make sure system updates have been applied.
E) Compression mode setting differs between caller and receiver devices.
Explanation
You should first determine whether the call terminates on an analog endpoint. Dealing with audio quality issues on Voice over
Internet Protocol (VoIP) is an occasional necessity. But before digging into the usual troubleshooting routine, it is essential to
establish if the problem call or connection terminates on VoIP equipment on both sides. If one end of a call terminates on an
analog endpoint, occasional audio problems are inevitable.
Non-VoIP equipment cannot provide routine compression, echo cancellation, and sound quality enhancements. When a call
terminates on an analog endpoint, this is really nothing to troubleshoot (aside from replacing the analog endpoint). So that
possibility should be eliminated first before troubleshooting commences.
All of the other steps should be verified after you ensure that both endpoints are VoIP, not analog.
If echo cancellation is misconfigured or not enabled, echoes are far more likely on VoIP calls. But these two steps apply only if the
call is VoIP from end-to-end.
Ideally, both ends of a VoIP call should use the same compression mode settings, because that offers the best assurance for the
highest possible signal quality.
The H.323 protocol is the most widely used protocol for packet voice communications. Its selection versus other voice protocols,
such as SIP, does not significantly affect call quality and echo one way or other.
On any kind of software system, checking to make sure updates have been applied is a time-honored best practice for system
management. However, such updates may have nothing to do with call quality if one end of the call terminates on an analog
endpoint.
Objective:
Sub-Objective:
References:
H.323 and SIP Integration, https://www.cisco.com/en/US/tech/tk652/tk701/technologies_white_paper09186a0080092947.shtml
lOMoARcPSD|18976918
A consultant recommends that your company implements an appliance firewall. To which type of firewall is this referring?
A) software
B) embedded
C) hardware
D) application
Explanation
A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box
solutions that can be plugged in to a network and operated with minimal configuration and maintenance.
An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the
Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device,
such as a switch or a router.
A software firewall is a program that runs within an operating system, such as Linux, Unix, or Windows 2000. If you set up a subnet
with computers that use peer-to-peer communication, a software firewall is probably the best firewall solution.
Firewalls can be used to create demilitarized zones (DMZs). A DMZ is a network segment placed between an internal network and
a public network, such as the Internet. Typically, either one or two firewalls are used to create a DMZ. A DMZ with a firewall on
each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public
network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls.
Objective:
Sub-Objective:
References:
Introduction to firewalls: Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html
Which four of the following objectives best describe the kinds of protection that data loss prevention systems seek to provide or
deliver? (Choose 4)
A) Blocking unauthorized data transit

B) Establishing identity or role-based access controls
C) Encrypting of data in motion
lOMoARcPSD|18976918
D) Preserving competitive advantage

E) Promoting data breaches
F) Encrypting of data at rest
Explanation
Data loss prevention (DLP), often called data leak protection, focuses on ways to prevent sensitive, proprietary, private, or
confidential information from unauthorized disclosure. DLP concentrates on identity management and authentication to establish
who is trying to access what, or uses role-based access controls (RBAC) to limit access to data. DLP also depends on keeping
sensitive information inaccessible to all but authorized parties, which means encrypting data both in motion (being transmitted) or
at rest (in storage anywhere). Finally, DLP's mission is to block any kind of unauthorized data transit, including in email, on a USB
drive, and as a file copy.
To implement RBAC, an administrator defines the various roles within an organization and the permissions each role needs to
perform its duties. Employees within the organization are assigned to a role, inheriting its permissions so they can complete their
daily tasks. The goal of RBAC is to limit an individual user’s permissions, thereby preventing unauthorized access to sensitive data
areas.
While preserving competitive advantage may be a benefit of data leak protection, it is not an objective or stated purpose for this
technology.
Promoting data breaches means making it easier for data to leak or for unauthorized access and disclosure to occur. It is directly
contrary to data loss prevention.
Objective:
Network Operations
Sub-Objective:
References:
What is Data Loss Prevention? https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-loss-prevention
You decide to implement a DHCP server on your network. What is the purpose of a DHCP scope?
A) It is the range of IP addresses that a DHCP server can temporarily assign.

B) It is an IP address that cannot be assigned.
C) It is the temporary assignment of an IP address.
D) It is an IP address that is set aside for a certain device.
Explanation
lOMoARcPSD|18976918
The DHCP scope is the range of IP addresses that a DHCP server can temporarily assign to its clients. DHCP scopes are also
referred to as pools.
A DHCP lease is a temporary assignment of an IP address. A DHCP client's lease has an expiration date. Prior to the expiration
date, the lease can be renewed. If the lease expires, the client will have to request another lease from the server. The amount of
time that a lease can be used is set at the DHCP server. This time can be adjusted to suit your organization's needs. However, you
should keep in mind that if you set this time too low, DHCP traffic will increase because the leases will expire more often.
A DHCP reservation is an IP address that is set aside for a certain device. The lease is granted to the device's MAC address. If the
device's MAC address changes, the DHCP reservation will no longer work.
A DHCP exclusion is an IP address or group of addresses from within a scope that CANNOT be assigned. This is often used for
addresses within the scope that must be statically assigned to devices, such as routers and servers, that need a static address to
ensure that they can always be accessed using the same host name and IP address.
A DHCP server dynamically assigns the IP address, subnet mask, and default gateway to client computers. IP addresses may be
assigned statically rather than dynamically; however, assigning static IP addresses requires greater administrative effort. When IP
addresses are statically assigned, it is crucial to maintain a manual record of which client was assigned which IP address. If the
addressing scheme were to change, it might necessitate the manual reconfiguration of each computer.
HOSTS files map host names to IP addresses. HOSTS files contain IP addresses and their associated domain names. These files
are used when static IP addresses are used and when DHCP is NOT deployed.
For the Network+ exam, you will also need to understand the difference between dynamic and static DHCP assignment. Dynamic
assignment refers to IP address that can be changed at a moment’s notice. These dynamic address are assigned via a DHCP
server to individual devices within a network, such as computers, smartphones, or similar devices. Static assignment is where a
device is assigned a static IP address that does not change. These addresses are used generally by servers or other equipment
within a network’s architecture. Static IP addresses are usually assigned to the device’s MAC address, which is the hard-coded
address assigned by the manufacturer of the network card.
Objective:
Sub-Objective:
Explain the use and purpose of network services.
References:
What is DHCP Scope?, https://networkencyclopedia.com/dhcp-scope/
You have an 802.11g wireless network that uses a single wireless access point. For security purposes, you do not broadcast the
SSID. You have noticed wireless latency issues on your wireless network. What should you do to fix this issue?
A) Enable channel bonding.
lOMoARcPSD|18976918
B) Install another wireless access point that uses the same non-overlapping channel and a
different SSID.
C) Install another wireless access point that uses a different non-overlapping channel and
the same SSID.
D) Disable channel bonding.
Explanation
You should install another wireless access point that uses a different non-overlapping channel and the same SSID. This will allow
the connections to be distributed between the two access points, thereby increasing user throughput.
You should not install another wireless access point that uses the same non-overlapping channel and a different SSID. Using the
same non-overlapping channel would cause the two access points to have communication issues. Using a different SSID would
mean that you would have to physically configure some of the computers to use this new SSID.
You can only use channel bonding on 802.11n wireless networks. While this feature does increase the throughput, thereby
reducing latency issues, channel bonding is not available on 802.11g networks.
For the Network+ exam, you will also need to understand the different service sets that SSIDs can have. A basic service set
identifier (BSSID) BSSID is used in infrastructure mode to help identify the MAC address of an access point. Unlike a SSID, every
access point will have its own unique BSSID as well as a unique MAC address.
Another type of SSID is the Extended Service Set Identifier (ESSID). An ESSID is like a SSID, but this identifier is used across
multiple access points as part of the WLAN. The ESSID will function as an electronic marker to identify and address for computers
or other network devices and connect to a wireless router to then access the internet.
An independent basic service set, also known as an ad-hoc service set, is the simplest of the service sets as no network
infrastructure is needed. An ad-hoc service set consists of one or more stations that will communicate directly with each other
rather than utilizing access points.
The last concept for SSIDs you will need to understand is roaming. Roaming is when client devices can move or roam between
different access points without disruption any applications or data flows that require a persistent network connection.
Objective:
Sub-Objective:
References:
7 Rules for Setting up Multiple Wireless Access Points, https://www.madebywifi.com/blog/multiple-wifi-aps-on-the-same-network/
lOMoARcPSD|18976918
What should you implement to isolate two of the devices that are located on a storage area network (SAN) fabric containing eight
devices?
A) virtual SAN
B) VLAN
C) SAN snapshots
D) HBA allocation
Explanation
You should implement a virtual storage area network (vSAN) to isolate two of the devices that are located on a SAN fabric
containing eight devices. A vSAN is a collection of ports from a set of connected Fibre Channel switches that form a virtual fabric.
You can partition ports within a single switch into multiple VSANs, despite sharing hardware resources.
Do not confuse a vSAN with virtual storage. In recent years, virtual storage solutions like Microsoft's SkyDrive and Amazon's
CloudDrive have been developed to provide online storage and sharing of data.
SAN snapshots are a type of SAN backup. SAN snapshots do not use typical backup methods.
Host bus adapter (HBA) allocation is a method for allocating resources in a SAN. HBA allocation uses either soft zoning or
persistent binding. Soft zoning allows resources to be moved. Persistent bonding links resources with a specific logical unit
number (LUN).
A virtual LAN (VLAN) is created using switches. Device isolation on a SAN fabric does not require a VLAN.
Your SAN may need to include redundant storage solutions to ensure that data is always available. For the Network+ exam, you
need to understand the following concepts:
iSCSI − allows you to send SCSI commands over an IP-based network. It also can be used to connect a networked attached
storage (NAS) device to an Ethernet network. To improve the performance of data transfers over iSCSI switches, you should
set the maximum transmission unit (MTU) to 9000 on the each of the participants in the vSAN.
Jumbo Frame − an Ethernet frame with a payload greater than the standard MTU of 1,500 bytes. It supports at least 1 Gbps
and can be as large as 9,000 bytes.
Fibre Channel − transmits data between computer devices at data rates of up to 4 Gbps (with 10 Gbps coming in the future).
While it can use fiber optic or coaxial cabling, it provides the best distance (approximately 10 km) using fiber optic cabling.
Network attached storage (NAS) − provides both storage and a file system. This is often contrasted with SAN (Storage Area
Network), which provides only block-based storage and leaves file system concerns with the client. It uses file-based protocols
such as UNIX's NFS, Microsoft's Server Message Block/Common Internet File System (SMB/CIFS), Apple's AFP, or Novell
Netware's NCP. This would be the most cost efficient solution for a SQL server that needs several terabytes of disk space
available to do an uncompressed backup of a database.
Objective:
Sub-Objective:
References:
lOMoARcPSD|18976918
Virtual storage area network (VSAN), http://searchstorage.techtarget.com/definition/virtual-storage-area-network
You are designing a SOHO network for your company. You want to use the Ethernet standard that supports a data transmission
rate of 1 Gbps over copper cable.
Which Ethernet standard should you use on the network?
A) 100Base-FX
B) 10Base-T
C) 1000BaseCX
D) 1000BaseSX
Explanation
The 1000BaseCX Ethernet standard supports a data transmission rate of 1 Gigabit per second (Gbps) over 150-ohm balanced
copper cable. The 1000BaseCX Ethernet standard supports a maximum cable segment length of only 25 meters (m). The
1000BaseCX Ethernet standard was designed to support connections between network nodes that are in close proximity, such as
nodes in a network's wiring closet. The 1000BaseCX standard specifies 8-pin High Speed Serial Data Connectors (HSSDCs) or 9-
pin D-subminiature connectors. HSSDC connectors are preferred over the 9-pin D-subminiature connectors because they provide
a better electrical connection than the D connectors. Note that 1000BaseCX Ethernet equipment may be difficult to obtain,
because it never became popular.
The 10Base-T Ethernet standard supports a data transmission rate of 10 megabits per second (Mbps) over unshielded twisted-pair
(UTP) copper cable that meets or exceeds Category 3 (Cat3) standards. The 100Base-FX Fast Ethernet standard supports a data
transmission rate of 100 Mbps over fiber-optic cable, and the 1000BaseSX Gigabit Ethernet standard supports a data transmission
rate of 1 Gbps over fiber-optic cable. The 1000BaseLX Ethernet standard supports a data transmission rate of 1Gbps over fiber-
optic cable. SX uses single-mode fiber cabling, while LX uses multi-mode fiber cabling.
Some newer equipment will only work on specific types of networks. Ensure that any new equipment that you purchase is
compatible with the network that you have implemented, particularly if you are implementing an older standard such as 10Base-T.
Another Ethernet standard that you need to understand for the Network+ exam is IEEE 1905.1-2013, the IEEE standard for a
convergent digital home network. For testing purposes, you need to understand the following portions covered by this standard:
Ethernet over HDMI − This standard allows you to use a High Definition Multimedia Interface (HDMI) connection for Ethernet
communication. It supports 4.92Gbps or higher transmission depending on which HDMI version you use. Most
implementations have a maximum cable length of 15 feet.
Ethernet over power line − Power-line networking uses the electrical wiring in your house to create a network. The speeds of
this connection are rather slow at 50 Kbps to 14 Mbps, depending on which specification you implement.
Objective:
lOMoARcPSD|18976918
Sub-Objective:
References:
1000Base-X, https://www.techopedia.com/definition/26890/1000base-x
Which technology provides centralized remote user authentication, authorization, and accounting?
A) VPN
B) Single sign-on
C) DMZ
D) RADIUS
Explanation
Remote Authentication Dial-In User Service (RADIUS) provides centralized remote user authentication, authorization, and
accounting.
A virtual private network (VPN) is a technology that allows users to access private network resources over a public network, such
as the Internet. Tunneling techniques are used to protect the internal resources.
A demilitarized zone (DMZ) is an isolated subnet on a corporate network that contains resources that are commonly accessed by
public users, such as Internet users. The DMZ is created to isolate those resources to ensure that other resources that should
remain private are not compromised. A DMZ is usually implemented with the use of firewalls.
Single sign-on is a feature whereby a user logs in once to access all network resources.
RADIUS is defined by RFC 2138 and 2139. A RADIUS server acts as either the authentication server or a proxy client that
forwards client requests to other authentication servers. The initial network access server, which is usually a VPN server or dial-up
server, acts as a RADIUS client by forwarding the VPN or dial-up client's request to the RADIUS server. RADIUS is the protocol
that carries the information between the VPN or dial-up client, the RADIUS client, and the RADIUS server. The centralized
authentication, authorization, and accounting features of RADIUS allow central administration of all aspects of remote login. The
accounting features allow administrators to track usage and network statistics by maintaining a central database.
Objective:
Network Security
Sub-Objective:
References:
What is RADIUS?, https://searchsecurity.techtarget.com/definition/RADIUS
lOMoARcPSD|18976918
You need to provide terminal emulation and remote login capability for one of the servers on your network. Which
Process/Application layer protocol should you use?
A) SMTP
B) TFTP
C) Tracert
D) FTP
E) Telnet
Explanation
Telnet is a user command and an underlying TCP/IP protocol for accessing remote hosts. The HTTP and FTP protocols allow you
to request specific files from remote hosts without having to log on as a user of that host computer. The Telnet protocol, however,
allows you to log on as a regular user with the associated privileges that you have been granted to the specific application and
data on that host. In other words, you appear to be locally attached to the remote system.
The Telnet command syntax is as follows:
telnet abcdef.com [port #]
This command results in a logon screen with user ID and password prompts.
Telnet is most likely to be used by program developers and anyone who has a need to use specific applications or data located on
a particular host computer. A subset of the Telnet protocol is also used in other application protocols, such as FTP and SMTP.
File Transfer Protocol (FTP) is a useful and powerful tool for the general user. FTP allows a user to upload and download files
between local and remote hosts. Anonymous FTP access is commonly available at many sites to allow users access to public files
without establishing an account. Users will often be required to enter their e-mail address as a password.
Trivial File Transfer Protocol (TFTP) is a simple protocol used to transfer files. It is used to move files between machines on
different networks implementing UDP. It lacks most of the features of FTP and only provides the services of reading and writing
files and sending mail to and from a remote server.
Simple Mail Transport Protocol (SMTP) is an application protocol, so it operates at the top layer of the OSI model (Layer 7). SMTP
is the default protocol for sending e-mail in Microsoft operating systems. POP3 and IMAP are the most popular protocols for
receiving e-mail protocols. SMTP provides client and server functions and works with the Internet and UNIX. It is used to send and
receive messages.
Traceroute or Tracert identifies the route that packets take between your computer and a host. Traceroute is a utility that records
the route across the Internet that the packets take to reach the specified host. It also calculates and displays the amount of time
each hop took.
You should keep in mind that TCP connections provide large data size manageability using segmentation and error recovery for all
application-layer protocols.
The following protocols are considered unsecure:
lOMoARcPSD|18976918
TELNET
HTTP
SLIP
FTP
TFTP
SNMPv1 and SNMPv2
If you use any of these protocols, you should use a version that includes SSL or some other cryptography. For example, secure
shell (SSH) is a secure alternative to Telnet.
For the Network+ exam, you must understand the following vulnerabilities:
Unnecessary running services − Disable all unnecessary services on every device. Hackers will search for all used services
and attempt to employ known vulnerabilities for those services.
Open ports − Close all ports that are not used. Hackers can also use these open ports to break into your network.
Unpatched/legacy systems − Older systems provide an easy target to hackers, especially those with unsupported operating
systems or applications. For example, Windows XP is no longer supported by Microsoft. Service packs and updates are no
longer issued for this operating system. You should get rid of legacy systems that run software that is no longer supported by
the vendor or else you should find a way to isolate them from the rest of the network.
Unencrypted channels − Unencrypted channels are paths along which data can be intercepted. While it would adversely affect
the performance of the network to encrypt every single channel, you should encrypt every single channel through which
confidential or private data is sent.
Clear text credentials − Some protocols send credentials over the network in clear text. This allows an attacker to intercept the
communications to obtain the credential information. You should eliminate the use of any protocols that use clear text
credentials by replacing them with more secure protocols.
TEMPEST/RF emanation − Tempest studied the susceptibility of some devices to emit electromagnetic radiation (EMR) in a
manner that can be used to reconstruct intelligible data. Radio frequency information can be captured in a similar manner. You
should use shielding to protect against these vulnerabilities.
Objective:
Sub-Objective:
References:
What is Telnet?, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213116,00.html
Which of the following attacks tricks the user in to giving up personal information?
A) Phishing
B) Brute force
lOMoARcPSD|18976918
C) Deauthentication
D) Ransomware
Explanation
Phishing is the action of sending out an email that is designed to trick the user into giving up personal information. That information
is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on a link in the
email, the user is directed to a website that appears authentic. The user then fills in account information, which is captured by the
criminal.
All of the other attacks can take place without the user's knowledge, and therefore do not rely on tricking the user into taking an
action that reveals personal information.
Deauthentication attacks disassociate a user with a wireless access point, forcing them to retransmit their login credentials.
A brute force attack attempts to guess the user's password. This attack differs from a dictionary attack by using additional (random)
character combinations, often numbering in the millions. This attack takes significantly more time than a dictionary attack.
Ransomware holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email, where the user is
directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious software is installed
on the user's computer, often locking the user out of the system until a fee is paid.
Objective:
Network Security
Sub-Objective:
References:
What Is Phishing?, http://www.phishing.org/what-is-phishing
You suspect that there is a problem with addressing that allows data to be sent throughout your network. Which addressing
method is used at the OSI Network layer to allow this?
A) Physical device addressing

B) Distance vector addressing
C) Link-state addressing
D) Logical network addressing
Explanation
Although the OSI Data Link layer (Layer 2) uses MAC, or physical device, addressing, the Network layer (Layer 3) uses logical
network addressing. This logical address is defined by the protocol's addressing scheme. For example, an IPv4 TCP/IP address is
lOMoARcPSD|18976918
composed of 32 bits, divided into four sets of decimal numbers divided by periods. An IPX address is a combination of an 8-digit
hexadecimal number, which is assigned by the network administrator, and a 12-digit MAC address, separated by a colon.
Service addressing is the other addressing method used by the OSI Network layer. It is used to identify a specific upper-layer
process or protocol. A service address is also known as a port or socket.
Objective:
Sub-Objective:
References:
The OSI Model's Seven Layers Defined and Functions Explained, http://support.microsoft.com/default.aspx/kb/103884
You need to copy the traffic from a single port to a different port, but prevent bidirectional traffic on the port. Which switch feature
should you use?
A) port mirroring
B) spanning tree
C) trunking
D) PoE
Explanation
Port mirroring copies the traffic from a single port to a different or mirror port, but prevents bidirectional traffic on the port. It allows
you to view all of the traffic for a single VLAN, no matter the switch where the traffic originates. Local port mirroring only uses ports
from the same switch. Remote port mirroring uses ports from multiple switches.
Power over Ethernet (PoE) allows the electrical current to be carried by the data cable to the device. PoE allows you to place
network devices where electrical current is not normally available. PoE+ is an enhanced version of PoE that provides more power
and better reliability. PoE+ is most commonly deployed in enterprise networks, while PoE is usually sufficient for small business or
home networks. PoE is defined by the IEEE 802.3af and 802.3at standards.
A spanning tree prevents loops when more than one path can be used. Spanning Tree Protocol (STP) uses the Spanning Tree
Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. A switching loop or bridge loop occurs when
there is more than one path between two endpoints. The loop causes broadcast storms because broadcasts and multicasts are
forwarded by switches out every port. The switch will repeatedly rebroadcast the messages, thereby flooding the network. If a
frame is sent into a looped topology, it can loop forever. You should allow physical loop, but create a loop-free logical topology
using the shortest path bridging (SPB) protocol or the older spanning tree protocols (STP) on the network switches.
Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two
ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the
lOMoARcPSD|18976918
communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you
should configure a trunk on a switch port for both switches, the new switch in the room and the switch to which the new switch
connects.
By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be
prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be times when you
need to use unicast or multicast traffic.
You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the
rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a
switch port.
A VLAN with a gateway offers no security without the addition of an access control list (ACL). Always make sure to configure the
appropriate ACL for your VLANs and switches.
For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad.
LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this
protocol, traffic is forwarded to a different link if a link fails. LACP allows network administrators to configure two or more links to
pass traffic as if they were one physical link.
You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the
IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be
on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct.
Switches should be given their own IP address and default gateway to use so that they can be remotely managed.
For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and
assign IP addresses to attached devices. However, you must ensure that the DHCP ranges configured on the switch do not
overlap the ranges configured on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on
the network, thereby affecting communication.
Objective:
Sub-Objective:
References:
Port Mirroring, http://en.wikipedia.org/wiki/Port_mirroring
You added a new wireless access point for the Research and Development team in a newly constructed wing of the old building.
You also configured the wireless access point to use WPA2. Where do you anticipate most support issues to arise from? (Choose
2)
A) Attenuation
lOMoARcPSD|18976918
B) Wrong passphrase
C) Jitter
D) Wrong SSID
Explanation
Most support issues will arise from users having the wrong Service Set Identifier (SSID) or wrong passphrase. It is very easy for a
user to select the wrong SSID. They may not have the correct password or passphrase, and they may type in the SSID name
incorrectly. Checking for the correct SSID is often the first step to wireless troubleshooting. Also, most wireless devices “remember”
the previous SSID, even if you move to a new network. Always check the SSID when troubleshooting. Passwords and
passphrases are case sensitive, and the number/letter/symbol combinations are easy to miskey.
Jitter is the variance in latency rates. In a wireless network, jitter is commonly the result of diffraction, reflection or absorption.
Different network segments may have different factors that affect latency. When the rate of latency is inconsistent, it can cause
service issues in latency-sensitive applications such as banking, e-commerce, and gaming. The symptom of jitter is fluctuating
transmission speeds.
Attenuation is the degradation of a signal, typically over distance. Wireless networks are particularly susceptible to attenuation, due
to the distance limitations. Typical effective indoor ranges for wireless signals are from 90-225 feet. Attenuation is a weakening of
the signal.
For the Network+ exam, you will need to understand the different service sets that SSIDs can have. A basic service set identifier
(BSSID) BSSID is used in infrastructure mode to help identify the MAC address of an access point. Unlike a SSID, every access
point will have its own unique BSSID as well as a unique MAC address.
Another type of SSID is the Extended Service Set Identifier (ESSID). An ESSID is like a SSID, but this identifier is used across
multiple access points as part of the WLAN. The ESSID will function as an electronic marker to identify and address for computers
or other network devices and connect to a wireless router to then access the internet.
An independent basic service set, also known as an ad-hoc service set, is the simplest of the service sets as no network
infrastructure is needed. An ad-hoc service set consists of one or more stations that will communicate directly with each other
rather than utilizing access points.
The last concept for SSIDs you will need to understand is roaming. Roaming is when client devices can move or roam between
different access points without disruption any applications or data flows that require a persistent network connection.
Objective:
Sub-Objective:
References:
Should You Change the Default Name (SSID) of a Wireless Router?, https://www.lifewire.com/changing-default-name-ssid-
wireless-router-816568
How to Get Wireless Internet Access in a Hotel, https://www.lifewire.com/how-to-get-wireless-internet-access-in-a-hotel-2378227
lOMoARcPSD|18976918
Your wireless network has come under attack in recent weeks. A technician suggests that you implement 802.1x security instead of
802.11 WEP security in the wireless network. What is the advantage of using 802.1x security over 802.11 WEP security?
A) 802.1x security uses static WEP keys for encryption.

B) 802.1x security generates dynamic encryption keys.
C) 802.1x security uses one-way authentication.
D) 802.1x security uses a 32-ASCII-character SSID.
Explanation
The advantage of using 802.1x security over 802.11 Wired Equivalent Privacy (WEP) in a wireless local area network (WLAN) is
that 802.1x security generates dynamic encryption keys. Two types of security standards can be implemented in a WLAN: 802.11
WEP and 802.1x security standards. The 802.11 security standard uses WEP keys for securing the data transferred over WLANs.
You can configure either 40-bit or 128-bit static WEP keys for security over WLANs. The 802.1x security standard uses various
authentication types based on the Extensible Authentication Protocol (EAP). These include the following:
EAP-LEAP: Uses username and static password for authentication.

EAP-TLS: Uses digital certificates for authentication.
EAP-PEAP: Uses digital certificate, username, and static password or one-time passwords for authentication.
The 802.1x security standard supports RADIUS server-based authentication, which provides centralized authentication,
authorization, and accounting (AAA) service. RADIUS and 802.1x can be used to authenticate remote workers who connect from
offsite.802.1x security also supports Network Access Control (NAC), also called Network Admission Control. This feature, offered
by some authentication servers, can check device characteristics prior to allowing access to the network. Characteristics that can
be checked include operating system version, antivirus software version, and so on. An administrator configures that NAC server
to deny or allow access based the configuration baseline. A posture assessment is performed on the client computer to ensure that
it meets the configuration baseline. A posture assessment can examine Windows registry settings antivirus software, Active
Directory membership, and other settings. For the Network+ exam, you need to protect against the following wireless attacks or
issues:
Evil twin − occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up
to look just like a valid network, including the same Set Service Identifier (SSID) and other settings.
Rogue access point (AP) − occurs when a wireless attack that is not under your control is connected to your network. With
these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access
point is valid. You can perform a site survey to detect rogue APs.
War driving − occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can
lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA
or WPA2 authentication.
War chalking − occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for
this type of information by periodically inspecting the outside of your facilities.
Bluejacking − the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when
not in use is the best protection against this.
lOMoARcPSD|18976918
Bluesnarfing − the unauthorized access of information from a wireless device through a Bluetooth connection. Once again,
turning off Bluetooth when not in use is the best protection against this.
WPA/WEP/WPS attacks − Any attacks against wireless protocols can usually be prevented by using a higher level of
encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided because even its
highest level of encryption has been successfully broken. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless
home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS.
WPA2 provides better security than WPA.
Objective:
Network Security
Sub-Objective:
References:
Wireless LANs: Understanding WLAN Security, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=3
IEEE 802.1X: Practical Port Control for Switches, http://www.ciscopress.com/articles/article.asp?p=29600&seqNum=2
Which of the following would you perform periodically to ensure that the normal traffic patterns and volume have not changed?
A) Reviewing of alerts
B) Traffic analysis
C) Reviewing baselines
D) Audits of notifications
Explanation
It is important for a company to have a policy for reviewing baselines periodically, because network traffic may change over an
extended period. Reviewing baselines is an important tool in identifying abnormal behavior. You would first need to establish a
baseline. To establish a baseline, you would monitor network traffic (or some other metric) for a predetermined amount of time.
This establishes what the “normal” amount of traffic is for that period of time. By comparing network traffic against the baseline,
you can identify spikes that might indicate abnormal behavior.
Traffic analysis, also referred to as packet analysis, is performed with network monitoring tools. Two such tools are Wireshark and
Solar Winds. Traffic analysis begins with capturing and logging traffic(packets). Once captured, the traffic can be analyzed, look for
patterns and abnormalities indicating abnormal activity.
Notifications are system-generated communications indicating an event has triggered an alert. The notification may come in the
form of an email, a text message, a signal to a pager, or a pre-recorded message to a cell phone.
Alerts are indicators that an event has reached a certain threshold.
lOMoARcPSD|18976918
Objective:
Network Operations
Sub-Objective:
References:
How to Set a Network Performance Baseline for Network Monitoring, http://searchnetworking.techtarget.com/How-to-set-a-

network-performance-baseline-for-network-monitoring

n10 008 Exam Simulation 3

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

n10 008 Exam Simulation 3

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|18976918

N10-008 Exam Simulation 3

Network Security (Henry Ford College)

Studocu is not sponsored or endorsed by any college or university

12/3/23, 3:09 PM N10-008 Exam Simulation

Simulated Exam December 2, 2023 Test ID: 274745042

Question #1 of 90 Question ID: 1537031

Unicast, multicast, and anycast are types of IPv6 addresses.

Unicast, Multicast and Anycast, http://www.omnisecu.com/tcpip/ipv6/unicast-multicast-anycast-types-of-network-communication-in-

12/3/23, 3:09 PM N10-008 Exam Simulation

Question #2 of 90 Question ID: 1411951

A) Implement a correction plan.

The troubleshooting order according to the CompTIA Network+ blueprint is as follows:

1. Identify the problem.

12/3/23, 3:09 PM N10-008 Exam Simulation

A Guide to Network Troubleshooting, https://www.comptia.org/content/guides/a-guide-to-network-troubleshooting

Question #3 of 90 Question ID: 1421561

The cable used on your network is shown in the exhibit.

Which transmission medium is shown?

Shielded twisted pair (STP) cable is shown in the following exhibit:

12/3/23, 3:09 PM N10-008 Exam Simulation

The following is a table of network media comparisons:

12/3/23, 3:09 PM N10-008 Exam Simulation

What is a Coaxial Cable and How is it Used?, https://www.ppc-online.com/blog/what-is-coaxial-cable-and-how-is-it-used

Question #4 of 90 Question ID: 1406616

12/3/23, 3:09 PM N10-008 Exam Simulation

Five Things To Know About DHCP Snooping, http://packetpushers.net/five-things-to-know-about-dhcp-snooping/

Question #5 of 90 Question ID: 1421667

Build Redundancy into Your LAN/WAN, http://www.itprotoday.com/management-mobility/build-redundancy-your-lanwan

12/3/23, 3:09 PM N10-008 Exam Simulation

Question #6 of 90 Question ID: 1421665

What is fault tolerance, http://www.webopedia.com/TERM/F/fault_tolerance.html

Question #7 of 90 Question ID: 1421703

12/3/23, 3:09 PM N10-008 Exam Simulation

Security Guards, http://homesecurity.about.com/od/homesecurity/a/Security-Guards.htm

Question #8 of 90 Question ID: 1406614

A) improved network performance for internal personnel

12/3/23, 3:09 PM N10-008 Exam Simulation

C) improved security through isolation

Network Virtualization--Guest and Partner Access Deployment Guide,

Question #9 of 90 Question ID: 1561198

A) Class C private – 169.254.x.x.

A Class C private address has 192.168.x.x as the first two octets.

169.254.x.x represents the first two octets of an APIPA address

The others are correct

Other classes of IP addresses can be matched to their first two octest:

Class B Private − 172.20.x.x

12/3/23, 3:09 PM N10-008 Exam Simulation

Class C Public − 204.29.xx.xx

There are three reserved private IP address ranges:

Class A − 10.0.0.0 through 10.255.255.255

IP4 Address Classes, http://compnetworking.about.com/od/workingwithipaddresses/l/aa042400b.htm

Question #10 of 90 Question ID: 1421603

{UCMS id=5689560602247168 type=Activity}

The protocols given use these default ports:

12/3/23, 3:09 PM N10-008 Exam Simulation

List of TCP and UDP Port Numbers, http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Question #11 of 90 Question ID: 1406533

12/3/23, 3:09 PM N10-008 Exam Simulation

Difference between policy and procedure, http://www.differencebetween.net/miscellaneous/difference-between-policy-and-

Question #12 of 90 Question ID: 1406535

12/3/23, 3:09 PM N10-008 Exam Simulation

12/3/23, 3:09 PM N10-008 Exam Simulation