1
Q
Which two devices can provide connectivity between two different subnets?
A
Layer 3 Switch and Routers
2
Q
What do we call any computing device connected to a network?
A
Node
3
Q
What are the two primary capabilities of Layer 3 switches?
A
Switching and Routing (forward packets on the same subnet and route packets between different subnets using IPs
4
Q
A multilayer switch must forward traffic to a host in a connected VLAN. Where does the switch look for the MAC to IP address binding of a connected station for packet forwarding?
A
ARP Cache
5
Q
Routing is an operation that occurs at which layer of the OSI model?
A
Networking (L3)
6
Q
A VoIP connection is terminated by a host. What layer of the OSI model controls this function?
A
Session (L5)
7
Q
What are the two main advantages of the Spine & Leaf topology?
A
Availability and Network Latency
8
Q
You have learned the layer 2 address for a host, and now need to determine the port it connects to on a switch. What command would be appropriate?
A
Show mac-address table dynamic
9
Q
ARP is an operation that occurs at which layer of the OSI model?
A
Data Link (L2)
10
Q
You are deploying an mGRE VPN tunnel. The configuration will have all remote branches terminated at the headquarters. What topology type is this?
A
Star/Hub and Spoke
11
Q
If you need to provide the most possible pathways between your remote sites, which topology maximizes the number of connections?
A
Full Mesh
12
Q
What is the physical topology a switch deploys?
A
Star/Hub and Spoke
13
Q
You have six offices connected via an mGRE Hub-and-Spoke VPN topology. You now believe you should change to a full-mesh topology. How many additional connections would be established?
A
10 [Star is (N-1) or 6-1=5, Mesh is N(N-1)/2 or 65/2=15 15-5=10. 10 additional connections are needed]
14
Q
Which of the listed protocols is a secure protocol for the management of network devices? a)SSH b)SNMPv2 c)Telnet d)SSL e)SFTP
A
Of the listed protocols only a) SSH is used for the secure management of network devices. SNMPv2 & Telnet are unsecure, SSL is used to secure protocols, and SFTP is primarily used for secure file transfers.
15
Q
TCP is a protocol that operates at which layer of the OSI model?
A
Both TCP and UDP operate at the Transport Layer. (L4)
16
Q
IP telephony uses which ports?
A
RTMP (Real-Time Message Protocol) is used for VoIP voice audio and uses TCP 1935 while SIP (Session Initiation Protocol) is used for VoIP call signaling on TCP 5060 (and 5061 for UDP). Both RTMP (TCP 1935) and SIP (TCP 5060/UDP 5061) are needed for IP telephony.
17
Q
You are noticing your firewall is denying port 23. What protocol is being blocked?
A
Telnet uses TCP 23.
18
Q
If you are preparing a new Windows machine via remote session, what port would you be using? a)22 b)445 c)1433 d)1935 e)3389
A
Port 3389 (RDP - Remote Desktop Protocol.) 22 is SSH (Secure Shell) 445 is HTTPS (Hypertext Transfer Protocol Secure) 1433 is SQL and 1935 is RTMP (Real-Time Message Protocol)
19
Q
What NTP stratum level would you choose when peering your device to establish a timestamp for your SYSLOG messages? a)0 b)1 c)15 d)16
A
Stratum Level 1. Stratum level 0 is used only for reference and can’t be used for NTP and Stratums levels 15 and 16 are too far away from the source to be used for NTP.
20
Q
What are the two ways you can be alerted with a triggered message of status changes on your battery backups? a)SNMP Traps b)SNMP MIBs c)NetFlow Exports d)Syslog Messages
A
SNMP Traps and Syslog Messages. SNMP MIBs are Management Information Databases and NetFlow Exports show patterns about traffic moving through your network.
21
Q
What is a powerful security correlation solution that aggregates data from various sources? a)Syslog b)SNMP c)SIEM d)NetFlow
A
SIEM (Security Information Event Monitoring.) SIEM gathers event information from various sources like SYSLOG, SNMP and NetFlow to a central service that aggregates and analyzes the event data to generate alerts based on patterns.
22
Q
Which fiber optic technology can carry a signal the farthest distance?
A
Single-mode fiber is used for more demanding, longer runs. Fewer ‘modes’ is better for long distances.
23
Q
What is the difference between Single-mode and Multi-mode fiber?
A
Single-mode uses 1 wavelength, Multi-mode can send multiple wavelengths sent inside the core.
24
Q
What are the 3 methods a frame is transferred?
A
Unicast-between 2 individual nodes. Multicast-One node to multiple nodes (Specific group of devices). Broadcast-transmitting to all nodes except the ingress. (All devices on a subnet)
25
What causes a L2 Switching Loop?
A L2 switching loop is caused when you have 2 active links between 2 switches. You can have multiple links between switches for redundancy, but only 1 should be active.
26
Why are unmanaged switches not used in a enterprise environment?
The can produce Layer 2 loops if incorrectly setup and lack the Spanning Tree Protocols needed to prevent L2 Loops.
27
What does Spanning Tree Protocol do?
STP identifies ports to block so that loops will be eliminated. 2 Switches with redundant connections only need 1 active. STP prevents the redundant connection from being active until it needed.
28
What is a VLAN?
A Virtual Local Area Network is a L2 switches mechanism for subnetting. Its a way to group devices together such as departments, printers, VoIP phones and so on.
29
How many bits are available for Class A, B, and C Network IDs?
Class A is 8 bits (1 octet) Class B is 16 bits (2 octets) Class C is 24 bits (3 octets)
30
Your network is experiencing broadcast storms causing extreme latency. BPDUs sent by the root bridge of what protocol eliminate the loops in the topology that cause broadcast storms?
STP-Spanning Tree Protocol.
31
You have learned the layer 2 address (MAC) for a host, and now need to determine the port it connects to on a switch. What command would you use?
show mac-address table dynamic
32
Which switch would become the root bridge for the STP instance for VLAN?
The switch with the lowest bridge ID (BID)
33
Is 802.11 a full duplex or half duplex network environment?
802.11 is a half duplex environment. It uses CSMA(CA) to avoid collisions.
34
What is the minimum threshold for a WiFi signal (dBm)?
-70dBm
35
What channels are available to use on the 2.4GHz band?
In the USA, 1-11, In Europe, 1-13 and in Asia, 1-14.
36
What wireless tool disables direct communications between clients connected to the same WAN?
Wireless Client Isolation
37
What is the difference between BSS & ESS?
Basic Service Sets are 1 AP broadcasting 1 or more SSIDs. Extended Service Sets link 2 or more BSS all broadcasting the same SSID in order to increase the coverage range and allow for device roaming.
38
What is EiRP and RSSI in WiFi Signaling?
Effective Isotropic Radiated Power refers to the absolute power at the source. (transmit power + antenna) Received Signal Strength Indicator is the measure of signal strength in dBm on the client.
39
Users are reporting intermittent connectivity in certain areas of your WiFi 6 deployment. What are the first 3 things you should do to better understand the issue?
Do a site survey, build a heat map, check AP placement.
40
Users are reporting poor performance, Upon investigating you find a new SSID from a near by business. What would you change so both SSIDs can coexist?
Channel Value.
41
Users in your WLAN are unable to wirelessly roam between APs. What 2 changes would enable seamless roaming?
Configure the WLAN as an ESA (ESS) and place APs in the same SSID
42
What solution would help you enforce AUP in your WLAN?
Captive Portal
43
What could be affected to alter the coverage extended by a single AP when interference is not a concern?
Change the AP placement, Change the antenna, Change the antenna power.
44
WiFi users that access the WLAN via a web portal find themselves disconnecting frequently. How would you resolve this?
Review the captive portal time out settings.
45
You discover that users near a AP are more likely to connect to a AP across the room. What should you change?
Change the antenna power on the closest AP.
46
What is a reason to use Channel Bonding in WiFi 6?
You have bandwidth hungry clients.
47
If you used channel 6, what other channels can you use?
1 and 11
48
You need an authentication protocol that encrypts passwords and uses digital certificates. What should you use?
EAP-TLS
49
What WiFi security standard uses TKIP as the primary encryption?
WPA1
50
What is the best layer 2 access protocol possible on WiFi 5 and WiFi 6 on WLANs?
CSMA/CA
51
What type of connection does DSL use?
DSL uses a phoneline with a RJ11 connecter.
52
What type of connection does Cable Broadband use?
Cable broadband uses RG-6 cables with F-type connection. (coaxial)
53
What would be a good choice for internet if Cable and DSL are not available?
Satellite
54
The broadband router of a business stopped working overnight. It's now sending out a completely different WLAN. What would have prevented this?
Changing the default credentials.
55
Your upgrading the firmware of a network device (router, switch, or firewall) What important step will ensure you wont brick it?
Checking the hash (MD5/SHA)
56
You have a subnet mask of 255.255.255.0. Are Device A: 10.241.18.30 and Device B: 10.241.19.30 on the same subnet?
No
57
You have 2 devices, 10.241.19.5 and 10.241.19.45. They have a subnet mask of /26. Are both devices on the same subnet?
Yes. They fall between the subnet range of 10.241.19.1-10.241.19.62
58
You have 2 devices, 10.241.19.2 and 10.241.19.14. They have a subnet mask of /28. Are both devices on the same subnet?
Yes They both fall within the range of 10.241.19.1-10.241.19.14.
59
Your router has a IP of 10.0.1.1/28. Host A has a IP of 10.0.1.30/28, Is host A addressed correctly?
No. 10.0.1.1/28 only covers 10.0.1.1-10.0.1.14.
60
Why cant this host connect to the internet? IP: 10.88.47.102/24 DG:10.88.48.1
The default gateway is in a different subnet than the host.
61
Your clients can surf the web, but can't access local servers. Why?
The DNS server is external (public) a local DNS server is needed for local resources.
62
What service allows DHCP discovers to be received by a server that isn't on the same subnet as a client?
DHCP Relay Agent (Helper Address)
63
Some hosts on your network are getting 169.254.x.x/16 IPs while others are getting 10.0.1.0/24. What might be the problem?
Your DHCP Pool is exhausted.
64
How would you give IoT devices on the same LAN consistent IPs using DHCP?
Use DHCP Reservations.
65
You are unable to ping a IoT device from within the same subnet it shows as unavailable, what might be the first thing you check?
The VLAN of the connected port.
66
Which DNS record will show you the serial number used to track the number of changes made in a DNS zone?
SOA record.
67
You made a change to a CNAME record for a website redirection, You want to accelerate the propagation of this update What would you affect?
The TTL.
68
Which DNS record would you modify if you were preparing for he redirection of a website?
CNAME.
69
What information would you need to provide to teach a router a new static route?
Start with the prefix IP, then its subnet mask, then add the next router hop IP, continue pointing to the next router hop IP in the chain until you reach your destination router IP.
70
Why would you have 2 Static Default Routes?
For load balancing and redundancy.
71
How would you configure a backup Static Default Route?
You would give your backup (or secondary) route a higher administrative distance than the primary route. This way the secondary route is only active if the primary fails.
72
What are the 3 most common IGP protocols?
RIP, OSPF, EIGRP.
73
You are preparing a edge router to interface with your ISP and need to advertise public prefixes. What protocol would you use?
BGP
74
You are reviewing networking at a site. The site runs RIPv2. What challenges does RIPv2 have over OSPF?
Slow to converge, no load balancing, least scalable.
75
You have determined with the use of 'show ip route' and 'traceroute' commands that traffic is taking different return paths back to your site, What is this called?
Asymmetric routing
76
How many bits are in a IPv6 address?
128 bits
77
How many hexadecimal digits are in a IPv6 address?
32
78
In IPv4, an IP that is reachable from the internet is called a Public Address, What is it called in IPv6?
Internet reachable IPv6 addresses are called Global Unicast addresses. (Starts with 2000::/3 and assigned by IANA)
79
Breakdown the parts of this IPv6 address. IPv6: 2003:50:aa10:4243:221:6aff:fe2d:3b8e
Network ID: 2003:50:aa10:4243. Site Prefix: 2003:50:aa10 Subnet Prefix: 4243 Host (Interface)ID: 221:6aff:fe2d:3b8e
80
What kind of IPv6 address is this? IPv6: 2003:50:aa10:4243:221:6aff:fe2d:3b8e MAC: 00:21:6a:2d:3b:8e
EUI-64 Address because it has 'fffe' in the middle of the 48-bit MAC address which completes the 64 bit host ID part of the IPv6 address.
81
What kind of IPv6 address is used to send traffic within the local subnet?
Link Local
82
List the 3 IPv6 address types.
Global Unicast: Starts with 2000::/3, Link Local: Starts with fe80, Multicast: Starts with ff
83
What is the process of DHCPv6?
SARR: Solicit (multicast), Advertise (unicast), Request (multicast), Reply (unicast).
84
What is the DNS record for a website's IPv6 address
85
MAC address
which completes the 64 bit host ID part of the IPv6 address.
86
What is the DNS record for a website's IPv6 address?
aaaa record (quad 'A' record)
87
Your using SLAAC on a VLAN for IPv6 address assignment, The table for which IPv6 technology would help you document current IPv6 and MAC associations?
Neighbor Discovery Protocol
88
After deploying addresses via SLAAC you notice clients aren't getting addresses via SLAAC, what 2 things could be the issue?
Clients are getting IPv6 via DHCP or Clients haven't manually enabled IPv6
89
What is NIC Teaming?
NIC Teaming is a networking technique that uses Port Aggregation on a host such as a server where 2 or more physical links are logically treated as one for increased redundance and improved throughput (bandwidth)
90
When can you use NIC Teaming?
When you have 2 adjacent devices that can be linked together
91
What 2 services would provide added network redundancy for servers in your data center?
LACP (Link Aggregation Control Protocol) and VRRP (Virtual Router Redundancy Protocol) LACP Combines multiple physical network links into a single, high speed, logical link. VRRP provides high availability for gateways by linking multiple routers into a single virtual router.
92
What class of technology would you configure for a VLAN with two multilayer switches to provide redundancy for the default gateway for servers in the VLAN?
FHRP First Hop Redundancy Protocol is a protocol that allows multiple physical routers to share a single virtual IP, which provides redundancy should one router fail. FHRP is a category of gateway redundancy protocols, VRRP is a specific protocol within this category.
93
You have 2 1Gbps NICs on a server. While both links are connected to the datacenter, you are only getting one active port. What protocol will provide simultaneous connectivity for both links?
LACP (Link Aggregation Control Protocol) LACP Combines multiple physical network links into a single, high speed, logical link.
94
You are having issues with videoconferencing (or VoIP, or Streaming video), what would you consider affecting to resolve these issues?
QoS. QoS can prioritize these data packets over other more resilient data packets.
95
What would allow users to access high end engineering workstations in the headquarters?
Remote Desktop Gateway
96
You have a FTP server in your DMZ listening on port 21. You want this server accessible from the internet on port 2500. What would allow you to do this?
SNAT - Static Network Address Translation with Port Forwarding
97
Which 2 servers are most appropriate to be placed in a screened subnet? RADIUS, TACACS+, AD, FTP, HTTPS.
FTP and HTTPS
98
Which address would need to be translated if routed across the public network? 10.255.240.197, 172.12.14.22, 172.25.240.192, 172.55.122.156, 192.168.44.254
10.255.240.197, 172.25.240.192, and 192.168.44.254 are all private IPs and would need NAT to be routed across the internet.
99
You have test servers in your DMZ. What would it take for these servers to initiate communications with the inside?
You'd need to prepare an exception via ACL to allow the needed traffic. By default servers inside the DMZ can't initiate communications with devices inside the trusted network.
100
What protocol would be best suited for remote users on a clientless VPN?
HTTPS. Clientless VPNs use HTTPS for basic VPN access.
101
What type of VPN is best suited for connecting 2 remote datacenters across an MPLS circuit?
Site-to-site VPN
102
You need to create a full copy of all traffic to a SQL server in your datacenter. What 2 technologies would allow you to do this?
Configuring Port Mirroring (SPAN: Switch Port Analyzer), or use a Network Tap. Port mirroring allows you to send traffic that fits your criteria to another port for analysis, a Tap creates a copy of all incoming traffic and sends it to a port for analysis. Like a cable splitter, but for a switch.
103
What is the last entry in an ACL?
Implicit deny any. The default security posture is to deny any.
104
What device is primarily focused about "warning" and sending alerts regarding potential threats?
IDS. Intrusion Detection System.
105
You need to block a specific threatening IP. What is the best option?
Adjust an ACL on your firewall by adding a entry to deny traffic from the IP
106
What are features of a Next-Gen Firewall?
Content Filtering (Application layer), Threat Protection (IDS/IPS,Threat Intelligence), Act as a VPN Header, Network Access Control (Does the connecting device meet security policy standards?.)
107
What security device can basically do it all?
UTM (Unified Threat Management) Devices, AKA Next-Gen Firewalls (NGFW)
108
Your VPN Headend located at the HQ is overtaxed. What are 2 potential ways to resolve capacity issues at the headend?
Implement HA (High Availability) and deploy split tunneling. HA provides redundancy and can help with load balancing and split tunneling can reduce the data load by only monitoring work traffic.
109
Packet forwarding has become a burden for your equipment in the core of your network. What technology can reduce the burden of routing on a chassis?
MPLS. Multi-Protocol Label Switching uses less computationally intensive than packet forwarding.
110
You determined your primary route to an ISP is down. What is the next step?
Establish a plan to resolve the issue.
111
You determined that the SFP was bad on a fiber link, You replaced the SFP. What should you do next?
Verify full functionality.
112
What tool would you use to perform a vulnerability assessment for a group of servers?
nmap (using the port scan feature)
113
You are asked to provide relevant output for a Cisco tech troubleshooting a new fiber circuit to an ISP. What 3 outputs would be the most helpful?
#show interface (Display info on available NICs), #show config (Display info on current NIC config), #show route (Displays the entire IPv4 routing table)
114
What are the 3 validated troubleshooting approaches?
Divide and conquer, bottom to top, top to bottom.
115
What command will allow you to determine throughput on a new ADSL link?
iperf (measures bandwidth between 2 points)
116
Your ping tests to an IP in your network are failing. You are getting "U" What might you need to research?
The routing protocol
117
What tool would you use to determine all of the hosts within a network?
nmap (ip scanner)
118
You enabled NTP to begin dissemination of time to clients. How can you check if you are listening on port 123 if you are logged into the NTP server via remote desktop connection?
netstat (shows open conversations on local system, shows src ip, dest ip, port # and state)
119
What are 2 tools to review how DNS resolves a group of new Linux servers you placed on the network?
dig and nslookup (both are used for troubleshooting/info on DNS)
120
What flag will show you the whole number of the ports in the netstat command?
-n (-n is for numerical/integer values)
121
What command will allow you to determine the link on a pathway that is causing latency?
tracert (Tracert shows all the "hops" from you to the dest and shows data on latency in ms)
122
What kind of monitoring will help you track the risk of damage to equipment due to ESD?
Humidity
123
What is the CIA triad?
Confidentiality, Integrity, Availability.
124
What are some examples of Threats?
Internal: Employee misconducts, data leaks. External: Hackers, Espionage
125
What are some examples of Vulnerabilities?
CVEs, Zero Days
126
What are some examples of Exploits?
Malware, tools for manipulating vulnerabilities
127
What are "bots"?
Bots are malware that installs and spreads to other systems, often IoT devices without patches, using default PW, or infected with malware, and can communicate with the hackers system for instructions, like spam emails, DDOS, etc.
128
What is a "Botnet"?
A Botnet is a group of bots, systems or IoT devices taken over by a hacker, acting in concert.
129
What is a DoS attack?
A Denial of Service attack is a attack that interferes with a systems availability.
130
What is a DDoS attack?
A Distributed Denial of Service attack is a DOS from a botnet directed at a single target. This can come in the form of bandwidth starving, turning it off, or crashing/overwhelming the target.
131
What parts of the CIA triad can a On-Path (aka Man in the middle) attack effect?
A MitM (On-Path) attack can affect Confidentiality (eavesdropping), Integrity (modifying communications) and Availability (interference)
132
What are some examples of Security Risk Assessments?
Threat assessments, Vulnerability assessments, Posture assessments, and penetration testing
133
How can you tell if a switch port has been disabled?
Disabled ports won't show any link lights (LEDs) even with a cable plugged in.
134
What is the best practices for unused ports on a switch?
To prevent unused switch ports from being exploited, assign them first to a quarantine VLAN (no default gateway) then disable the unused ports.
135
What is the VLAN protocol?
IEEE 802.1q This allows for the use of VLAN tagging, Trunking and QoS.
136
What can you do to prevent rogue 802.1q trunks?
Disable dynamic trunk formation on your switches.
137
What is a Access Port on a switch?
A Access Port is a port configured to only carry traffic for a single VLAN, trunking is disabled. It's typically connected to end user devices.
138
What does a switch do that is under a MAC Flooding attack?
MAC Flooding fills the switches MAC address table and overwhelms the part that learns new MAC addresses. Once flooded the switch sends everything (acting more like a hub) instead of the unicast traffic to the one port it needs to.
139
What is Port Security?
Port Security sets a maximum number of MAC addresses to a port and counts the number connected or binds the port to a specific MAC address. If the maximum number is exceeded or a different MAC other than the binded one shows up on that port, disable the port because it's under attack. Port Security works by detecting the number of MACs downstream from the switch.
140
What is the best defense against rogue infrastructure devices in your network? (Routers/Switches/WAPs)
Enabling Port Security on your switches.
141
What will help you prevent a rogue device from connecting to your switched infrastructure?
Port Security
142
You do the arp -a command on your PC experiencing issues. You discover multiple IPs map back to the same MAC. What is this an indication of?
ARP Poisoning
143
What switch security feature will thwart users from bringing in rogue APs, switches, and other network devices into your network?
Port Security
144
What protocol will help detect ARP spoofing in your environment?
Reverse ARP
145
You discover users are going to several cloned sites that appear to be attempting to capture credentials. What is this an example of?
DNS Poisoning
146
You swap out a failed VoIP phone. Upon connecting the new phone you see that it is unable to connect to the network. What could the issue be?
Port Security (static MACs or exceeded set MAC limit)
147
You see that clients are getting the wrong IP from a rogue broadband router that was plugged into your network. What are 2 ways this could have been mitigated?
DHCP Snooping and Port Security
148
If you see 84,442,106 failed login attempts for an admin account, what is this an indication of?
A brute force attack.
Network Plus
flashcards
Decks in class (4)
# Cards
