Vendor: Comptia Exam Code: N10-008 Exam Name: Comptia Network+ N10-008 Certification

Vendor: CompTIA
Exam Code: N10-008
Exam Name: CompTIA Network+ N10-008 Certification

Exam
Version: 23.111
Important Notice
Product
Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within
One year after your purchase.
You can login member center and download the latest product anytime. (Product downloaded
from member center is always the latest.)
PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam
again.
Feedback
We devote to promote the product quality and the grade of service to ensure customers interest.
If you have any questions about our product, please provide Exam Number, Version, Page
Number, Question Number, and your Login Account to us, please contact us at
support@passleader.com and our technical experts will provide support in 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently.
If anyone who share the file we will disable the free update and account access.
Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final
explanation for this statement.
Order ID: ****************
PayPal Name: ****************
PayPal ID: ****************

QUESTION 1
Which of the following is the physical topology for an Ethernet LAN?
A. Bus
B. Ring
C. Mesh
D. Star
Answer: D
Explanation:
A star (hub-and-spoke) topology’s computers are connected to a central point with their own
individual cables or wireless connections. You will often find that central spot inhabited by a
device like a hub, a switch, or an access point.
QUESTION 2
An IT director is setting up new disaster and HA policies for a company. Limited downtime is
critical to operations. To meet corporate requirements, the director set up two different
datacenters across the country that will stay current on data and applications. In the event of an
outage, the company can immediately switch from one datacenter to another.
Which of the following does this BEST describe?
A. A warm site
B. Data mirroring
C. Multipathing
D. Load balancing
E. A hot site
Answer: E
Explanation:
A hot site is a leased facility that contains all the resources needed for full operation. This
environment includes computers, raised flooring, full utilities, electrical and communications
wiring, networking equipment, and uninterruptible power supplies (UPSs). The only resource that
must be restored at a hot site is the organization’s data, usually only partially. It should only take
a few minutes to bring a hot site to full operation.
Although a hot site provides the quickest recovery, it is the most expensive to maintain. In
addition, it can be administratively hard to manage if the organization requires proprietary
hardware or software. A hot site requires the same security controls as the primary facility and full
redundancy, including hardware, software, and communication wiring.
QUESTION 3
The management team needs to ensure unnecessary modifications to the corporate network are
not permitted and version control is maintained. Which of the following documents would BEST
support this?
A. An incident response plan

B. A business continuity plan
C. A change management policy
D. An acceptable use policy
Answer: C
Explanation:
Get Latest & Actual N10-008 Exam's Question and Answers from Passleader. 2
https://www.passleader.com
Change management is the process and organization of enacting change in an organization to
ensure a safe, productive, cost saving, and smooth transition.
QUESTION 4
Which of the following is MOST likely to generate significant East-West traffic in a datacenter?
A. A backup of a large video presentation to cloud storage for archival purposes

B. A duplication of a hosted virtual server to another physical server for redundancy
C. A download of navigation data to a portable device for offline access
D. A query from an IoT device to a cloud-hosted server for a firmware update
Answer: B
Explanation:
East-west traffic, in a networking context, is the transfer of data packets from server to server
within a data center. The term east-west for this type of traffic comes from network diagram
drawings that usually depict local area network (LAN) traffic horizontally
QUESTION 5
A technician is troubleshooting a network switch that seems to stop responding to requests
intermittently whenever the logging level is set for debugging. Which of the following metrics
should the technician check to begin troubleshooting the issue?
A. Audit logs
B. CPU utilization
C. CRC errors
D. Jitter
Answer: B
Explanation:
When you enable debugging, your CPU shoots through the roof until you turn off. That is a metric
you can measure.
QUESTION 6
A network administrator is implementing OSPF on all of a company's network devices. Which of
the following will MOST likely replace all the company's hubs?
A. A Layer 3 switch
B. A proxy server
C. A NGFW
D. A WLAN controller
Answer: A
Explanation:
The OSPF (Open Shortest Path First) protocol is one of a family of IP Routing protocols, and is
an Interior Gateway Protocol (IGP) for the Internet, used to distribute IP routing information
throughout a single Autonomous System (AS) in an IP network.
QUESTION 7
A network administrator discovers that users in an adjacent building are connecting to the
company's guest wireless network to download inappropriate material.
Which of the following can the administrator do to MOST easily mitigate this issue?
A. Reduce the wireless power levels

B. Adjust the wireless channels
C. Enable wireless client isolation
D. Enable wireless port security
Answer: A
QUESTION 8
Which of the following types of devices can provide content filtering and threat protection, and
manage multiple IPSec site-to-site connections?
A. Layer 3 switch
B. VPN headend
C. Next-generation firewall
D. Proxy server
E. Intrusion prevention
Answer: C
QUESTION 9
An engineer notices some late collisions on a half-duplex link. The engineer verifies that the
devices on both ends of the connection are configured for half duplex. Which of the following is
the MOST likely cause of this issue?
A. The link is improperly terminated

B. One of the devices is misconfigured
C. The cable length is excessive
D. One of the devices has a hardware issue
Answer: C
Explanation:
If duplex and RX/TX are correct, then late collisions most likely occur from cable lengths being
too excessive.
QUESTION 10
A network administrator is configuring a load balancer for two systems. Which of the following
must the administrator configure to ensure connectivity during a failover?
A. VIP
B. NAT
C. APIPA
D. IPv6 tunneling
E. Broadcast IP
Answer: A
Explanation:
You can use a virtual IP to achieve load balancing across multiple interfaces.
QUESTION 11
A technician is troubleshooting a wireless connectivity issue in a small office located in a high-rise
building. Several APs are mounted in this office. The users report that the network connections
frequently disconnect and reconnect throughout the day.
Which of the following is the MOST likely cause of this issue?
A. The AP association time is set too low

B. EIRP needs to be boosted
C. Channel overlap is occurring
D. The RSSI is misreported
Answer: B
QUESTION 12
A network engineer configured new firewalls with the correct configuration to be deployed to each
remote branch. Unneeded services were disabled, and all firewall rules were applied
successfully. Which of the following should the network engineer perform NEXT to ensure all the
firewalls are hardened successfully?
A. Ensure an implicit permit rule is enabled

B. Configure the log settings on the firewalls to the central syslog server
C. Update the firewalls with current firmware and software
D. Use the same complex passwords on all firewalls
Answer: C
Explanation:
Newer firmware and patches can often improve your existing firewall performance, resulting in
faster speeds and better overall performance. In addition, newer firmware can provide additional
features and security updates that can further improve the performance of your firewall.
QUESTION 13
At which of the following OSI model layers would a technician find an IP header?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
Answer: C
Explanation:
This should be at the network layer, as IP header are added to the packet at Layer 3.
QUESTION 14
An engineer is configuring redundant network links between switches. Which of the following
should the engineer enable to prevent network stability issues?
A. 802.1Q
B. STP
C. Flow control
D. CSMA/CD
Answer: B
Explanation:
STP (Spanning Tree Protocol) - A switching protocol that prevents network loops by dynamically
disabling links as needed.
QUESTION 15
Several WIFI users are reporting the inability to connect to the network. WLAN users on the guest
network are able to access all network resources without any performance issues. The following
table summarizes the findings after a site survey of the area in question:
Which of the following should a wireless technician do NEXT to troubleshoot this issue?
A. Reconfigure the channels to reduce overlap

B. Replace the omni antennas with directional antennas
C. Update the SSIDs on all the APs
D. Decrease power in AP 3 and AP 4
Answer: A
QUESTION 16
Which of the following routing protocols is used to exchange route information between public
autonomous systems?
A. OSPF
B. BGP
C. EGRIP
D. RIP
Answer: B
Explanation:
BGP (Border Gateway Protocol) - A path vector routing protocol used by ISPs to establish routing
between one another. BGP depends on the concept of Autonomous Systems (ASes).
QUESTION 17
A fiber link connecting two campus networks is broken. Which of the following tools should an
engineer use to detect the exact break point of the fiber link?
A. OTDR
B. Tone generator
C. Fusion splicer
D. Cable tester
E. PoE injector
Answer: A
Explanation:
An Optical Time Domain Reflectometer (OTDR) is a device that tests the integrity of a fiber cable
and is used for the building, certifying, maintaining, and troubleshooting fiber optic systems.
Fusion Splicing is a preferred way to join two fibers together by using heat. Whether the fiber was
broken or not long enough, a fusion splicer will make your job easier. You would do this after
finding where the break is.
QUESTION 18
Which of the following can be used to centrally manage credentials for various types of
administrative privileges on configured network devices?
A. SSO
B. TACACS+
C. Zero Trust
D. Separation of duties
E. Multifactor authentication
Answer: B
Explanation:
Terminal Access Controller Access Control System (TACACS+) is often used in authenticating
administrative access to routers and switches.
QUESTION 19
A network technician is installing new software on a Windows-based server in a different
geographical location. Which of the following would be BEST for the technician to use to perform
this task?
A. RDP
B. SSH
C. FTP
D. DNS
Answer: A
Explanation:
Remote Desktop Protocol is used to installed software while FTP is for file transfer.
QUESTION 20
Branch users are experiencing issues with videoconferencing. Which of the following will the
company MOST likely configure to improve performance for these applications?
A. Link Aggregation Control Protocol

B. Dynamic routing
C. Quality of service
D. Network load balancer
E. Static IP addresses
Answer: C
Explanation:
Quality of Service (QoS) can be configured for latency-sensitive applications, such as Voice over
IP (VoIP).
QUESTION 21
A technician is assisting a user who cannot connect to a network resource. The technician first
checks for a link light. According to troubleshooting methodology, this is an example of:
A. using a bottom-to-top approach.

B. establishing a plan of action.
C. documenting a finding.
D. questioning the obvious.
Answer: A
Explanation:
The Bottom-Up Troubleshooting Approach
The bottom-up troubleshooting approach also uses the OSI model as its guiding principle with the
physical layer (bottom layer of the OSI seven-layer network model) as the starting point. In this
approach, you work your way layer by layer up toward the application layer and verify that
relevant network elements are operating correctly.
Checking the link light first to see if the physical layer is operational so it's bottom-to-top.
QUESTION 22
Which of the following transceiver types can support up to 40Gbps?
A. SFP+
B. QSFP+
C. QSFP
D. SFP
Answer: B
Explanation:
SFP = 1Gbps
SFP+ = 10 Gbps
QSFP = 4xSFP = 4 Gbps
QSFP+ = 4xSFP = 40 Gbps
QUESTION 23
Which of the following TCP ports is used by the Windows OS for file sharing?
A. 53
B. 389
C. 445
D. 1433
Answer: C
Explanation:
Server Message Block is used for file transfer over TCP port 445.
QUESTION 24
A network administrator redesigned the positioning of the APs to create adjacent areas of
wireless coverage. After project validation, some users still report poor connectivity when their
devices maintain an association to a distanced AP. Which of the following should the network
administrator check FIRST?
A. Validate the roaming settings on the APs and WLAN clients

B. Verify that the AP antenna type is correct for the new layout
C. Check to see if MU-MIMO was properly activated on the APs
D. Deactivate the 2.4GHz band on the APS
Answer: A
QUESTION 25
Which of the following connector types would have the MOST flexibility?
A. SFP
B. BNC
C. LC
D. RJ45
Answer: A
Explanation:
SFP is a transceiver that allows for modular connection based on whatever is needed.
Example = Converting RJ45 to SC (copper to fiber), vice versa or some other combination
needed.
QUESTION 26
Which of the following ports is commonly used by VoIP phones?
A. 20
B. 143
C. 445
D. 5060
Answer: D
Explanation:
VoIP uses UDP port 5060 unsecured and UDP port 5061 secured.
QUESTION 27
A network engineer is investigating reports of poor network performance. Upon reviewing a
report, the engineer finds that jitter at the office is greater than 10ms on the only WAN connection
available. Which of the following would be MOST affected by this statistic?
A. A VoIP sales call with a customer

B. An in-office video call with a coworker
C. Routing table from the ISP
D. Firewall CPU processing time
Answer: A
QUESTION 28
A network technician needs to ensure outside users are unable to telnet into any of the servers at
the datacenter. Which of the following ports should be blocked when checking firewall
configuration?
A. 22
B. 23
C. 80
D. 3389
E. 8080
Answer: B
Explanation:
Telnet uses UDP port 23.
QUESTION 29
A technician is writing documentation regarding a company's server farm. The technician needs
to confirm the server name for all Linux servers. Which of the following commands should the
technician run?
A. ipconfig
B. nslookup
C. arp
D. route
Answer: B
Explanation:
nslookup (name server lookup) is a tool used to perform DNS lookups in Linux. It is used to
display DNS details, such as the IP address of a particular computer, the MX records for a
domain, or the NS servers of a domain.
QUESTION 30
A technician is connecting multiple switches to create a large network for a new office. The
switches are unmanaged Layer 2 switches with multiple connections between each pair. The
network is experiencing an extreme amount of latency. Which of the following is MOST likely
occurring?
A. Ethernet collisions
B. A DDoS attack
C. A broadcast storm
D. Routing loops
Answer: C
Explanation:
A broadcast storm Traffic that is recirculated and amplified by loops in a switching topology,
causing network slowdowns and crashing switches.
QUESTION 31
A store owner would like to have secure wireless access available for both business equipment
and patron use. Which of the following features should be configured to allow different wireless
access through the same equipment?
A. MIMO
B. TKIP
C. LTE
D. SSID
Answer: D
QUESTION 32
Which of the following systems would MOST likely be found in a screened subnet?
A. RADIUS
B. FTP
C. SQL
D. LDAP
Answer: B
Explanation:
Use a screened subnet - previously known as a demilitarized zone (DMZ) - for all publicly
viewable servers, including web servers, FTP servers, and email relay servers. A screened
subnet is a version of the DMZ that is created with two firewalls (each of the routers are operating
as a firewall) and the DMZ (also called the perimeter between them).
QUESTION 33
Which of the following would need to be configured to ensure a device with a specific MAC
address is always assigned the same IP address from DHCP?
A. Scope options
B. Reservation
C. Dynamic assignment
D. Exclusion
E. Static assignment
Answer: B
Explanation:
IP reservation assigns the same IP upon requesting IP renewal by a client.
QUESTION 34
Access to a datacenter should be individually recorded by a card reader even when multiple
employees enter the facility at the same time. Which of the following allows the enforcement of
this policy?
A. Motion detection
B. Access control vestibules
C. Smart lockers
D. Cameras
Answer: B
Explanation:
The devil is in the details, the question is essentially asking, why would it be possible for an
individual to use a card reader, that would be a access control vestibule or mantrap. An individual
would typically utilize a card reader if you want to access a particular room via a mantrap.
QUESTION 35
A workstation is configured with the following network details:
Software on the workstation needs to send a query to the local subnet broadcast address. To
which of the following addresses should the software be configured to send the query?
A. 10.1.2.0
B. 10.1.2.1
C. 10.1.2.23
D. 10.1.2.255
E. 10.1.2.31
Answer: E
Explanation:
CIDR 27 is 1111 1111.1111 1111.1111 1111.1110 0000
2^5 = 32 hosts per subnet
1st address is network address, last address is broadcast address
The user address is 10.1.2.23 which means he reside in the network of 10.1.2.0 to 10.1.2.31
10.1.2.31 is the last address in that network thus the broadcast address
QUESTION 36
After the A record of a public website was updated, some visitors were unable to access the
website. Which of the following should be adjusted to address the issue?
A. TTL
B. MX
C. TXT
D. SOA
Answer: A
Explanation:
When a client gets a DNS reply from a query, it will store it locally (cached) for a period of time to
reduce the number of lookups on the DNS servers. In each DNS reply there is a field called TTL,
or time to live. This instructs the client how long to store the replay before requesting again. This
allows us to reduce the network workload and keep the DNS data fresh on the client. All devices
use a cache system that stores the requests locally for a period of time and the time to live (TTL)
value tells the client how long that should be.
QUESTION 37
A network administrator is installing a wireless network at a client's office.
Which of the following IEEE 802.11 standards would be BEST to use for multiple simultaneous
client access?
A. CDMA
B. CSMA/CD
C. CSMA/CA
D. GSM
Answer: C
Explanation:
CSMA/CA used for communication coordination between wireless accesses points and multiple
client devices.
QUESTION 38
A technician is installing multiple UPS units in a major retail store. The technician is required to
keep track of all changes to new and old equipment. Which of the following will allow the
technician to record these changes?
A. Asset tags
B. A smart locker
C. An access control vestibule
D. A camera
Answer: A
Explanation:
Asset tagging is the process of affixing tags or labels to assets to identify each one individually
and track data from real-time location to maintenance history. These tags can be assigned to
both fixed and moveable assets that are spread across multiple sites and warehouses.
QUESTION 39
A website administrator is concerned the company's static website could be defaced by
hacktivists or used as a pivot point to attack internal systems.
Which of the following should a network security administrator recommend to assist with
detecting these activities?
A. Implement file integrity monitoring.

B. Change the default credentials.
C. Use SSL encryption.
D. Update the web-server software.
Answer: C
Explanation:
SSL will determine if the website is trusted or not.
QUESTION 40
A technician wants to install a WAP in the center of a room that provides service in a radius
surrounding a radio. Which of the following antenna types should the AP utilize?
A. Omni
B. Directional
C. Yagi
D. Parabolic
Answer: A
Explanation:
An omni-directional antenna radiates signal in all directions and is suitable for coverage in a
circular area. It is ideal for situations where a wireless access point (WAP) needs to provide
coverage in a radius around the radio, as it does not need to be pointed in a specific direction.
QUESTION 41
A network field technician is installing and configuring a secure wireless network. The technician
performs a site survey.
Which of the following documents would MOST likely be created as a result of the site survey?
A. Physical diagram
B. Heat map
C. Asset list
D. Device map
Answer: B
QUESTION 42
A wireless network was installed in a warehouse for employees to scan crates with a wireless
handheld scanner. The wireless network was placed in the corner of the building near the ceiling
for maximum coverage. However users in the offices adjacent lo the warehouse have noticed a
large amount of signal overlap from the new network. Additionally warehouse employees report
difficulty connecting to the wireless network from the other side of the building; however they
have no issues when Ihey are near the antenna. Which of the following is MOST likely the cause?
A. The wireless signal is being refracted by the warehouse's windows

B. The antenna's power level was set too high and is overlapping
C. An omnidirectional antenna was used instead of a unidirectional antenna
D. The wireless access points are using channels from the 5GHz spectrum
Answer: A
QUESTION 43
An organization with one core and five distribution switches is transitioning from a star to a full-
mesh topology.
Which of the following is the number of additional network connections needed?
A. 5
B. 7
C. 10
D. 15
Answer: C
Explanation:
With the star we have 5 connections.
The formula for the Mesh is n(n-1)/2 with n = total number of devices.
This leads to (6x5)/2=30/2=15
15-5=10
From star to mesh we need 10.
QUESTION 44
A network technician is investigating an issue with a desktop that is not connecting to the
network. The desktop was connecting successfully the previous day, and no changes were made
to the environment. The technician locates the switchport where the device is connected and
observes the LED status light on the switchport is not lit even though the desktop is turned on
Other devices that arc plugged into the switch are connecting to the network successfully.
Which of the following is MOST likely the cause of the desktop not connecting?
A. Transceiver mismatch
B. VLAN mismatch
C. Port security
D. Damaged cable
E. Duplex mismatch
Answer: C
QUESTION 45
A network technician has multimode fiber optic cable available in an existing IDF. Which of the
following Ethernet standards should the technician use to connect the network switch to the
existing fiber?
A. 10GBaseT
B. 1000BaseT
C. 1000BaseSX
D. 1000BaseLX
Answer: A
QUESTION 46
An ARP request is broadcasted and sends the following request.
''Who is 192.168.1.200? Tell 192.168.1.55''
At which of the following layers of the OSI model does this request operate?
A. Application
B. Data link
C. Transport
D. Network
E. Session
Answer: B
QUESTION 47
Which of the following technologies allows traffic to be sent through two different ISPs to increase
performance?
A. Fault tolerance
B. Quality of service
C. Load balancing
D. Port aggregation
Answer: D
Explanation:
Port aggregation allows you to group multiple physical ports into one unit. Port aggregation is
useful for implementing load balancing and provides a redundant link backup.
QUESTION 48
A network technician is observing the behavior of an unmanaged switch when a new device is
added to the network and transmits data.
Which of the following BEST describes how the switch processes this information?
A. The data is flooded out of every port. including the one on which it came in.
B. The data is flooded out of every port but only in the VLAN where it is located.
C. The data is flooded out of every port, except the one on which it came in
D. The data is flooded out of every port, excluding the VLAN where it is located
Answer: C
QUESTION 49
There are two managed legacy switches running that cannot be replaced or upgraded. These
switches do not support cryptographic functions, but they are password protected.
Which of the following should a network administrator configure to BEST prevent unauthorized
access?
A. Enable a management access list

B. Disable access to unnecessary services.
C. Configure a stronger password for access
D. Disable access to remote management
E. Use an out-of-band access method.
Answer: A
QUESTION 50
A network engineer is designing a new secure wireless network. The engineer has been given
the following requirements:
1. Must not use plaintext passwords

2. Must be certificate based
3. Must be vendor neutral
Which of the following methods should the engineer select?
A. TWP-RC4
B. CCMP-AES
C. EAP-TLS
D. WPA2
Answer: C
QUESTION 51
A lab environment hosts Internet-facing web servers and other experimental machines, which
technicians use for various tasks. A technician installs software on one of the web servers to
allow communication to the company's file server, but it is unable to connect to it Other machines
in the building are able to retrieve files from the file server.
Which of the following is the MOST likely reason the web server cannot retrieve the files, and
what should be done to resolve the problem?
A. The lab environment's IDS is blocking the network traffic. The technician can whitelist the new
application in the IDS.
B. The lab environment is located in the DM2, and traffic to the LAN zone is denied by default. The
technician can move the computer to another zone or request an exception from the
administrator.
C. The lab environment has lost connectivity to the company router, and the switch needs to be
rebooted. The technician can get the key to the wiring closet and manually restart the switch
D. The lab environment is currently set up with hubs instead of switches, and the requests are
getting bounced back. The technician can submit a request for upgraded equipment to
management.
Answer: B
QUESTION 52
Given the following output:
Which of the following attacks is this MOST likely an example of?
A. ARP poisoning
B. VLAN hopping
C. Rogue access point
D. Amplified DoS
Answer: A
QUESTION 53
An organization wants to implement a method of centrally managing logins to network services.
Which of the following protocols should the organization use to allow for authentication,
authorization and auditing?
A. MS-CHAP
B. RADIUS
C. LDAPS
D. RSTP
Answer: B
Explanation:
Once the idea of AAA took shape, those smart Internet folks developed two standards: RADIUS
and TACACS+. Both standards offer authentication, authorization, and accounting. RADIUS is
the better known of two AAA standards.
QUESTION 54
A company wants to implement a large number of WAPs throughout its building and allow users
to be able to move around the building without dropping their connections.
Which of the following pieces of equipment would be able to handle this requirement?
A. A VPN concentrator
B. A load balancer
C. A wireless controller
D. A RADIUS server
Answer: C
Explanation:
A wireless LAN controller, or WLAN controller, monitors and manages wireless access points in
bulk and allows wireless devices to connect to WLAN, a wireless network architecture.
QUESTION 55
A technician is troubleshooting a workstation's network connectivity and wants to confirm which
switchport corresponds to the wall jack the PC is using.
Which of the following concepts would BEST help the technician?
A. Consistent labeling
B. Change management
C. Standard work instructions
D. Inventory management
E. Network baseline
Answer: A
QUESTION 56
A corporation has a critical system that would cause unrecoverable damage to the brand if it was
taken offline. Which of the following disaster recovery solutions should the corporation
implement?
A. Full backups
B. Load balancing
C. Hot site
D. Snapshots
Answer: C
QUESTION 57
Which of the following protocol types describes secure communication on port 443?
A. ICMP
B. UDP
C. TCP
D. IP
Answer: C
QUESTION 58
A local firm has hired a consulting company to clean up its IT infrastructure.
The consulting company notices remote printing is accomplished by port forwarding via publicly
accessible IPs through the firm's firewall.
Which of the following would be the MOST appropriate way to enable secure remote printing?
A. SSH
B. VPN
C. Telnet
D. SSL
Answer: A
Explanation:
SSH port forwarding is a mechanism in SSH for tunneling application ports from the client
machine to the server machine or vice versa.
QUESTION 59
A user reports a weak signal when walking 20ft (61 m) away from the WAP in one direction, but a
strong signal when walking 20ft in the opposite direction. The technician has reviewed the
configuration and confirmed the channel type is correct. There is no jitter or latency on the
connection. Which of the following would be the MOST likely cause of the issue?
A. Antenna type
B. Power levels
C. Frequency
D. Encryption type
Answer: A
QUESTION 60
A network technician was troubleshooting an issue for a user who was being directed to cloned
websites that were stealing credentials. The URLs were correct for the websites but an incorrect
IP address was revealed when the technician used ping on the user's PC. After checking the is
setting, the technician found the DNS server address was incorrect.
Which of the following describes the issue?
A. Rogue DHCP server

B. Misconfigured HSRP
C. DNS poisoning
D. Exhausted IP scope
Answer: A
Explanation:
When the computer used DHCP to get it's IP configuration information, the Rogue DHCP server
would provide a malicious IP address for the DNS server.
https://en.wikipedia.org/wiki/Rogue_DHCP
QUESTION 61
A network technician needs to correlate security events to analyze a suspected intrusion.
Which of the following should the technician use?
A. SNMP
B. Log review
C. Vulnerability scanning
D. SIEM
Answer: D
QUESTION 62
A network administrator is setting up several loT devices on a new VLAN and wants to
accomplish the following:
1. Reduce manual configuration on each system

2. Assign a specific IP address to each system
3. Allow devices to move to different switchports on the same VLAN
Which of the following should the network administrator do to accomplish these requirements?
A. Set up a reservation for each device

B. Configure a static IP on each device
C. Implement private VLANs for each device
D. Use DHCP exclusions to address each device
Answer: A
QUESTION 63
During the security audit of a financial firm the Chief Executive Officer (CEO) questions why there
are three employees who perform very distinct functions on the server. There is an administrator
for creating users another for assigning the users lo groups and a third who is the only
administrator to perform file rights assignment.
Which of the following mitigation techniques is being applied'
A. Privileged user accounts

B. Role separation
C. Container administration
D. Job rotation
Answer: B
QUESTION 64
A technician is troubleshooting a previously encountered issue. Which of the following should the
technician reference to find what solution was implemented to resolve the issue?
A. Standard operating procedures
B. Configuration baseline documents
C. Work instructions
D. Change management documentation
Answer: A
QUESTION 65
A SaaS provider has decided to leave an unpatched VM available via a public DMZ port. With
which of the following concepts is this technique MOST closely associated?
A. Insider threat
B. War driving
C. Evil twin
D. Honeypot
Answer: D
QUESTION 66
An IDS was installed behind the edge firewall after a network was breached. The network was
then breached again even though the IDS logged the attack. Which of the following should be
used in place of these devices to prevent future attacks?
A. A network tap
B. A proxy server
C. A UTM appliance
D. A content filter
Answer: C
QUESTION 67
A customer wants to segregate the traffic between guests on a hypervisor. Which of the following
does a technician need to configure to meet the requirement?
A. Virtual switches
B. OSPF routing
C. Load balancers
D. NIC teaming
E. Fibre Channel
Answer: A
QUESTION 68
A Chief Information Officer (CIO) wants to improve the availability of a company's SQL database
Which of the following technologies should be utilized to achieve maximum availability?
A. Clustering
B. Port aggregation
C. NIC teaming
D. Snapshots
Answer: A
Explanation:
Clustering, if one server goes offline for any reason, the database is still available via other
servers in the cluster. NIC teaming won't work if the server goes offline and maximum availability
would not be achieved.
QUESTION 69
A network administrator wants to improve the security of the management console on the
company's switches and ensure configuration changes made can be correlated to the
administrator who conformed them.
Which of the following should the network administrator implement?
A. Port security
B. Local authentication
C. TACACS+
D. Access control list
Answer: C
QUESTION 70
A network technician is installing an analog desk phone for a new receptionist.
After running a new phone line, the technician now needs to crimp on a new connector.
Which of the following connectors would MOST likely be used in this case?
A. DB9
B. RJ11
C. RJ45
D. DB25
Answer: B
Explanation:
RJ11 as discussed before was widely used in analog telephony to connect the phone instrument
and the cable.
QUESTION 71
A network manager notices several outages have occurred due to modifications that were made
without being properly tested. Which of the following will the network manager MOST likely
implement to prevent future occurrences?
A. Logical diagram
C. IDF documentation
D. Configuration baseline
Answer: B
QUESTION 72
A network technician needs to subnet the network. The marketing department has 28 devices.
Which of the following private IP address spaces should be used to ensure the MINIMUM number
of unused IP addresses?
A. Gateway: 10.10.10.1
Netmask: 255.255.255.192
B. Gateway: 172.15.18.128
Netmask: 255.255.255.224
C. Gateway: 192.168.1.97
Netmask: 255.255.255.224
D. Gateway: 224.102.113.65
Netmask: 255.255.255.192
Answer: C
QUESTION 73
A company has experienced a major security breach. Which of the following should the network
administrator reference to determine the next steps?
A. Non-disclosure policy
B. Data loss prevention policy
C. Acceptable use policy
D. Incident response policy
Answer: D
QUESTION 74
A technician restored network connectivity on a user's laptop. After validating full system
functionality, which of the following steps should the technician take NEXT?
A. Duplicate the problem, if possible

B. Determine if anything has changed
C. Test the theory to determine the cause
D. Document the findings, actions, and outcomes
Answer: D
QUESTION 75
Which of the following is an IPv6 transition mechanism in which network devices utilize IPv4 and
IPv6 at the same time?
A. 6to4
B. ISATAP
C. Teredo
D. Dual stack
Answer: D
QUESTION 76
Which of the following protocols operates at Layer 4 of the OSI model?
A. TCP
B. ARP
C. IMAP
D. POP3
Answer: A
QUESTION 77
In the past, users brought personal laptops to the office to bypass some of the security protocols
on their desktops. Due to new security initiatives, management has asked that users not be
allowed to attach personal devices to the network. Which of the following should a technician use
to BEST meet this goal?
A. Shut down unused ports on switches

B. Upgrade firmware on network devices
C. Allow only secure protocols on the network
D. Disable unnecessary services
Answer: C
QUESTION 78
A technician is installing a SOHO router. Which of the following should be performed on every
installation and periodically maintained to prevent unauthorized access? (Choose two.)
A. Disable remote management

B. Update the router firmware
C. Disable port forwarding
D. Use complex passwords
E. Disable the SSID broadcast
Answer: BD
QUESTION 79
A network analyst is providing access to an FTP server that stores files that are needed by
external contractors who are working on a project. In which of the following network locations
should the FTP server be placed to achieve the MOST secure environment?
A. DMZ network
B. Server network
C. External network
D. Internal network
Answer: A
QUESTION 80
A company is contracting a new third-party organization that will handle storage of the company's
critical data. Which of the following policies would ensure the data remains confidential?
A. SLA
B. NDA
C. MOU
D. BYOD
Answer: B
QUESTION 81
A technician must install and configure a network device in a building with 20 classrooms. Each
room must be on a separate subnet and should not be able to see traffic from other subnets.
Which of the following is the MOST cost-effective solution?
A. A switch with VLANs created for each segment

B. A router with interfaces connected to a switch in each room
C. A VoIP endpoint connected to a hub for each network
D. A firewall with DHCP pools for each subnet
Answer: A
QUESTION 82
Which of the following WAN transmission mediums is the fastest and can travel the longest
distance?
A. Satellite
B. Copper
C. Wireless
D. Fiber
Answer: D
QUESTION 83
The process of grouping network interfaces together to increase throughput is called:
A. VLAN tagging
B. load balancing
C. port aggregation
D. fault tolerance
Answer: C
QUESTION 84
Which of the following is used to purposely attack a system to exploit vulnerabilities?
A. Honeypot
B. Vulnerability scan
C. Device hardening
D. Penetration testing
Answer: D
Explanation:
Honeypot is used to capture information from unauthorized intruders. Basically, they do not allow
users into their networks. They allow them into a fake network that looks like it is a part of their
actual network.
Penetration testing is where you are purposely attacking to see any valnurabilites.
QUESTION 85
Which of the following storage connection types should be used to allow the consolidation of the
physical connections for SAN and LAN in just one Layer 2 protocol?
A. Fibre Channel
B. SCSI
C. T1/E1
D. FCoE
Answer: D
QUESTION 86
A network administrator walks into a datacenter and notices an unknown person is following
closely. The administrator stops and directs the person to the security desk. Which of the
following attacks did the network administrator prevent?
A. Evil twin
B. Tailgating
C. Piggybacking
D. Shoulder surfing
Answer: B
Explanation:
Tailgating represents the situation, when an individual without access authorization closely
follows an authorized person in a reserved area. The malefactor takes advantage of the moment,
when the authorized one opens the door with his badge - and sneaks inside before the door
closes.
Piggybacking represents the situation, when someone accesses a reserved area with the
permission obtained by deception of an authorized person.
QUESTION 87
SIMULATION
You have been tasked with setting up a wireless network in an office. The network will consist of
3 Access Points and a single switch. The network must meet the following parameters:
- The SSIDs need to be configured as CorpNet with a key of S3cr3t!

- The wireless signals should not interfere with each other
- The subnet the Access Points and switch are on should only support 30 devices maximum
- The Access Points should be configured to only support TKIP clients at a maximum speed
INSTRUCTONS
Click on the wireless devices and review their information and adjust the settings of the access
points to meet the given requirements.
If at any time you would like to bring back the initial state of the simulation, please click the Reset
All button.
Answer:
On the first exhibit, the layout should be as follows
Access Point Name AP1

IP Address 192.168.1.3/27
Gateway 192.168.1.2
SSID corpnet
SSID Broadcast yes
Mode G
Channel 1
Speed Auto
Duplex Auto
WPA
Passphrase S3cr3t!
Exhibit 2 as follows

IP Address 192.168.1.4/27
Gateway 192.168.1.2
SSID corpnet
SSID Broadcast yes
Mode G
Channel 6
Speed Auto
Duplex Auto
WPA
Passphrase S3cr3t!
Exhibit 3 as follows

IP Address 192.168.1.5/27
Gateway 192.168.1.2
SSID corpnet
SSID Broadcast yes
Mode G
Channel 11
Speed Auto
Duplex Auto
WPA
Passphrase S3cr3t!
QUESTION 88
Due to an increase in wireless demand, 50 additional access points were installed as part of an
expansion project. Each device was configured and managed separately, working with its own
configuration. Which of the following network devices would assist the network team with
reducing complexity and enforcing policies on the WLAN?
A. Wireless controller
B. Wireless range extender
C. Wireless load balancer
D. Wireless analyzer
Answer: A
QUESTION 89
Joe, a user, reports intermittent connectivity issues, but a technician notices that the only time
Joe has issues is when he is logged into the database. Losing connection after authenticating to
a database, but still having access to network resources such as file/print services and email,
would MOST likely be caused by:
A. an incorrect DHCP gateway setting

B. a duplicate IP address
C. NTP synchronization
D. ACL configuration
Answer: D
QUESTION 90
A server rack was moved from one floor to another. The network engineer needs to determine
what physical changes to make on the network to ensure the server rack has connectivity. Which
of the following should the network engineer consult?
A. Standard operating procedures

B. Wiring diagram
C. Inventory documentation
D. Network baseline
Answer: B
QUESTION 91
An email server, which is called "Frederick," has an IPv6 address of 2001:5689:23:ABCD:6A, but
most users call it "Fred" for short. Which of the following DNS entries is needed so the alias
"Fred" can also be used?
A. MX
B. AAAA
C. SRV
D. CNAME
E. TXT
F. NS
Answer: D
QUESTION 92
A network administrator needs to be able to burst datacenter capacity during peak times, but
does not want to pay for on-premises hardware that is not used during off-peak times. Which of
the following would aid in this scenario?
A. Public cloud
B. SaaS
C. PaaS
D. Hybrid cloud
Answer: C
QUESTION 93
A user wants to secure a network closet and be able to tell if anyone makes changes in the
closet. Which of the following would be the BEST detective physical security devices in this
situation? (Choose two.)
A. Anti-tampering
B. Badges
C. Door locks
D. Key fob
E. Motion detection
F. Video surveillance
Answer: AF
QUESTION 94
An administrator is writing a script to periodically log the IPv6 and MAC addresses of all the
devices on a network segment.
Which of the following switch features will MOST likely be used to assist with this task?
A. Spanning Tree Protocol

B. Neighbor Discovery Protocol
C. Link Aggregation Control Protocol
D. Address Resolution Protocol
Answer: B
Explanation:
Neighbor Discovery Protocol is similar to ARP but retrieves the IPV6 address. ARP retrieves
IPv4.
QUESTION 95
Which of the following DNS records works as an alias to another record?
A. AAAA
B. CNAME
C. MX
D. SOA
Answer: B
Explanation:
AAAA record is used to find the IP address of a computer connected to the internet from a name.
CNAME record is a type of DNS record that maps an alias name to a true or canonical domain
name.
MX record specifies the mail server responsible for accepting email messages on behalf of a
domain name.
SOA record is a type of resource record in the DNS containing administrative information about
the zone.
QUESTION 96
A company built a new building at its headquarters location. The new building is connected to the
company's LAN via fiber-optic cable. Multiple users in the new building are unable to access the
company's intranet site via their web browser, but they are able to access internet sites. Which of
the following describes how the network administrator can resolve this issue?
A. Correct the DNS server entries in the DHCP scope

B. Correct the external firewall gateway address
C. Correct the NTP server settings on the clients
D. Correct a TFTP Issue on the company's server
Answer: A
Explanation:
The DNS server would need to point to the internal address for internal networks. If you were
using say, Googles DNS server the server would not know how to resolve internal.comapy.site
QUESTION 97
A technician is installing a new fiber connection to a network device in a datacenter. The
connection from the device to the switch also traverses a patch panel connection. The chain of
connections is in the following order:
Device
LC/LC patch cable
Patch panel
Cross-connect fiber cable
Patch panel
LC/LC patch cable
Switch
The connection is not working. The technician has changed both patch cables with known
working patch cables. The device had been tested and was working properly before being
installed. Which of the following is the MOST likely cause of the issue?
A. TX/RX is reversed
B. An incorrect cable was used
C. The device failed during installation
D. Attenuation is occurring
Answer: A
Explanation:
It is a fiber network and fiber has insane range thus it is unlikely to be attenuation. Bad device
and bad cable are out because they are explicitly tested as described. Therefore TX/RX is the
only reasonable option.
QUESTION 98
A technician is searching for a device that is connected to the network and has the device's
physical network address. Which of the following should the technician review on the switch to
locate the device's network port?
A. IP route table
B. VLAN tag
C. MAC table
D. QoS tag
Answer: C
Explanation:
The MAC address table is a way to map each port to a MAC address. The technician can use the
MAC table to find which MAC address is connected to which port.
QUESTION 99
Which of the following provides redundancy on a file server to ensure the server is still connected
to a LAN even in the event of a port failure on a switch?
A. NIC teaming
B. Load balancer
C. RAID array
D. PDUs
Answer: A
Explanation:
NIC teaming makes a workstation/server redundant even in the event of a port failure on the
switch.
QUESTION 100
An IT organization needs to optimize speeds for global content distribution and wants to reduce
latency in high-density user locations. Which of the following technologies BEST meets the
organization's requirements?
A. Load balancing
B. Geofencing
C. Public cloud
D. Content delivery network
E. Infrastructure as a service
Answer: D
Explanation:
A content delivery network (CDN) is a system of geographically distributed servers that work
together to provide fast delivery of internet content.
QUESTION 101
A user reports being unable to access network resources after making some changes in the
office. Which of the following should a network technician do FIRST?
A. Check the system's IP address
B. Do a ping test against the servers
C. Reseat the cables into the back of the PC
D. Ask what changes were made
Answer: D
Explanation:
Part of my troubleshooting process is first gathering information and asking questions.
QUESTION 102
A new cabling certification is being requested every time a network technician rebuilds one end of
a Cat 6 (vendor-certified) cable to create a crossover connection that is used to connect switches.
Which of the following would address this issue by allowing the use of the original cable?
A. CSMA/CD
B. LACP
C. PoE+
D. MDIX
Answer: D
Explanation:
MDIX (Media Dependent Interface Crossover) is used to connect ethernet ports.
QUESTION 103
A network administrator is designing a new datacenter in a different region that will need to
communicate to the old datacenter with a secure connection. Which of the following access
methods would provide the BEST security for this new datacenter?
A. Virtual network computing

B. Secure Socket Shell
C. In-band connection
D. Site-to-site VPN
Answer: D
QUESTION 104
An attacker is attempting to find the password to a network by inputting common words and
phrases in plaintext to the password prompt. Which of the following attack types BEST describes
this action?
A. Pass-the-hash attack
B. Rainbow table attack
C. Brute-force attack
D. Dictionary attack
Answer: D
Explanation:
For as long as computer systems have existed, password attacks have also existed. With this
type of attack, the attacker seeks to gain access to systems or files by using the actual password
required for that access. There are many different forms of password attacks, including the
following:
Brute-force password attack: In this type of attack, the attacker tries all possible password
combinations until a match is made. For
example, a brute-force attack might start with the letter a and go through the letter z, and then the
attacker might attempt the letters aa through zz, continuing to try combinations until the password
is determined. Using complicated passwords - with a mixture of upperand lowercase letters as
well as special characters and numbers - can help prevent brute-force attacks.
Dictionary password attack: In this type of attack, the attacker tries multiple password guesses.
However, a dictionary attack is based on a dictionary of commonly used words rather than trying
all possible combinations, as in a brute-force attack. Picking a password that is not a common
word helps thwart dictionary attacks.
QUESTION 105
Which of the following technologies provides a failover mechanism for the default gateway?
A. FHRP
B. LACP
C. OSPF
D. STP
Answer: A
Explanation:
First-hop redundancy protocols (FHRPs) work by giving you a way to configure more than one
physical router to appear as if they were only a single logical one.
QUESTION 106
The following configuration is applied to a DHCP server connected to a VPN concentrator:
There are 300 non-concurrent sales representatives who log in for one hour a day to upload
reports, and 252 of these representatives are able to connect to the VPN without any Issues. The
remaining sales representatives cannot connect to the VPN over the course of the day. Which of
the following can be done to resolve the issue without utilizing additional resources?
A. Decrease the lease duration

B. Reboot the DHCP server
C. Install a new VPN concentrator
D. Configure a new router
Answer: A
Explanation:
Decreasing the lease duration with help the DHCP server to relocate the resources available.
QUESTION 107
A technician needs to configure a Linux computer for network monitoring. The technician has the
following information:
Linux computer details:
Switch mirror port details:
After connecting the Linux computer to the mirror port on the switch, which of the following
commands should the technician run on the Linux computer?
A. ifconfig ecth0 promisc

B. ifconfig eth1 up
C. ifconfig eth0 10.1.2.3
D. ifconfig eth1 hw ether A1:B2:C3:D4:E5:F6
Answer: A
Explanation:
ifconfig ecth0 promisc enables promiscuous mode which allows a network device to intercept and
read each network packet that arrives in its entirety.
QUESTION 108
device configuration, the engineer finds that duplex settings are mismatched on both ends. Which
of the following would be the MOST likely result of this finding?
A. Increased CRC errors

B. Increased giants and runts
C. Increased switching loops
D. Increased device temperature
Answer: A
Explanation:
For monitoring and troubleshooting purposes, interface diagnostics might be accessible. This
diagnostic information might include various error conditions, such as late collisions or cyclic
redundancy check (CRC) errors, which might indicate a duplex mismatch.
QUESTION 109
Which of the following devices would be used to manage a corporate WLAN?
A. A wireless NAS
B. A wireless bridge
C. A wireless router
D. A wireless controller
Answer: D
QUESTION 110
A user recently made changes to a PC that caused it to be unable to access websites by both
FQDN and IP Local resources, such as the file server remain accessible. Which of the following
settings did the user MOST likely misconfigure?
A. Static IP
B. Default gateway
C. DNS entries
D. Local host file
Answer: B
QUESTION 111
Which of the following policies is MOST commonly used for guest captive portals?
A. AUP
B. DLP
C. BYOD
D. NDA
Answer: A
QUESTION 112
A network administrator has been directed to present the network alerts from the past week to the
company's executive staff. Which of the following will provide the BEST collection and
presentation of this data?
A. A port scan printout

B. A consolidated report of various network devices
C. A report from the SIEM tool
D. A report from a vulnerability scan done yesterday
Answer: C
QUESTION 113
A small, family-run business uses a single SOHO router to provide Internet and WiFi to its
employees. At the start of a new week, employees come in and find their usual WiFi network is
no longer available, and there is a new wireless network to which they cannot connect. Given that
information, which of the following should have been done to avoid this situation'
A. The device firmware should have been kept current.

B. Unsecure protocols should have been disabled.
C. Parental controls should have been enabled
D. The default credentials should have been changed
Answer: D
QUESTION 114
A network technician is reviewing an upcoming project's requirements to implement laaS. Which
of the following should the technician consider?
A. Software installation processes
B. Type of database to be installed
C. Operating system maintenance
D. Server hardware requirements
Answer: D
QUESTION 115
A network is experiencing a number of CRC errors during normal network communication.
At which of the following layers of the OSI model will the administrator MOST likely start to
troubleshoot?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
F. Layer 6
G. Layer 7
Answer: A
Explanation:
CRC errors will appear at Datalink layer. the reason for CRC error is faulty cable. The tech needs
to fix cable at L1 to eliminate errors at L2. Therefore, the troubleshooting will start at L1.
QUESTION 116
A client recently added 100 users who are using VMs. All users have since reported slow or
unresponsive desktops. Reports show minimal network congestion, zero packet loss, and
acceptable packet delay.
Which of the following metrics will MOST accurately show the underlying performance issues?
(Choose two.)
A. CPU usage
B. Memory
C. Temperature
D. Bandwidth
E. Latency
F. Jitter
Answer: AB
QUESTION 117
Client devices cannot enter a network, and the network administrator determines the DHCP
scope is exhausted. The administrator wants to avoid creating a new DHCP pool.
Which of the following can the administrator perform to resolve the issue?
A. Install load balancers

B. Install more switches
C. Decrease the number of VLANs
D. Reduce the lease time
Answer: D
Explanation:
Reducing the lease time is the best answer here. While there isn't much additional info regarding
how long it currently is, if some jabroni configured a lease time of two weeks, there will be a
bunch of lingering leases that aren't in use and could be utilized by new devices.
QUESTION 118
A company hired a technician to find all the devices connected within a network. Which of the
following software tools would BEST assist the technician in completing this task?
A. IP scanner
B. Terminal emulator
C. NetFlow analyzer
D. Port scanner
Answer: A
Explanation:
IP scanners - Used to search for and detect IP addresses and other information related to
devices on the network.
QUESTION 119
A technician is installing a high-density wireless network and wants to use an available frequency
that supports the maximum number of channels to reduce interference. Which of the following
standard 802.11 frequency ranges should the technician look for while reviewing WAP
specifications?
A. 2.4GHz
B. 5GHz
C. 6GHz
D. 900MHz
Answer: B
Explanation:
5ghz is best answer because Comptia N+ 10-008 objective does not cover 6ghz. It covers up to
5ghz.
QUESTION 120
A network technician is adding a 10/100 switch with RJ45 connectors to the company network to
accommodate new computers being added to a network segment. There is no auto-MDIX port on
the switch that needs to be connected to the existing switch on the segment. Which of the
following should the technician use to make the connection?
A. An RG-59 cable with BNC connectors

B. A multi-mode fiber cable
C. A straight-through Cat5 UTP cable
D. A cable with TIA/EIA 568a and 568b on each end
Answer: D
QUESTION 121
A company must create a way for partners to access a web portal to update documents for a
project. This should be done only via web browser in a transparent way for the users. Which of
the following should be used?
A. Site-to-site connection
B. SSL VPN
C. GRE tunnel
D. VNC
Answer: B
QUESTION 122
A network technician needs to install the latest firmware on the switch to address a recently
discovered vulnerability. Which of the following should the technician do to have a rollback plan in
case of issues with the new firmware? (Choose two.)
A. Label the switch with IP address and firmware version

B. Draw the switchport diagram
C. Create a change management document
D. Draw the network rack logical diagram
E. Confirm standard operating procedures documentation
F. Create a performance baseline of the switch
Answer: CF
QUESTION 123
Which of the following statements about the OSI model is true?
A. The application layer does not need to know what type of network is being used because that is
dealt with by a layer below it.
B. The network layer deals with the network cabling and network device interface compatibility.
C. The transport layer deals with how the data is transported from one router to another based on
the IP header.
D. The model consists of four layers that describe the requirements a technician follows to
troubleshoot and support a network.
Answer: A
QUESTION 124
A technician wants to deploy a new wireless network that comprises 30 WAPs installed
throughout a three-story office building. All the APs will broadcast the same SSID for client
access. Which of the following BEST describes this deployment?
A. Extended service set

B. Basic service set
C. Unified service set
D. Independent basic service set
Answer: A
Explanation:
A Extended Service Set is configured on multiple access points to form an extended service area.
The question states there is 30 wireless access points.
QUESTION 125
A user tries to ping 192.168.1.100 from the command prompt on the 192.168.2.101 network but
gets the following response: U.U.U.U. Which of the following needs to be configured for these
networks to reach each other?
A. Network address translation

B. Default gateway
C. Loopback
D. Routing protocol
Answer: B
Explanation:
The U.U.U.U is suppose to be 0.0.0.0 and A route when no other route matches.
The “gateway of last resort” meaning it needs a DG address.
QUESTION 126
A branch of a company recently switched to a new ISP. The network engineer was given a new
IP range to assign. The ISP assigned 196.26.4.0/26, and the branch gateway router now has the
following configurations on the interface that peers to the ISP:
The network engineer observes that all users have lost Internet connectivity. Which of the
following describes the issue?
A. The incorrect subnet mask was configured

B. The incorrect gateway was configured
C. The incorrect IP address was configured
D. The incorrect interface was configured
Answer: B
Explanation:
While the ISP assigned 196.26.4.0/26, it doesn't mean the user has to use all the IP ranges. In
this case, the given assignable IP range is 196.26.4.1 to 196.26.4.62. The user chose to use
CIDR of 27 instead of 26 which give assignable IP range of 196.26.4.1 to 196.26.4.30 which
evidently within the given range.
The gateway on other hand is 196.24.4.1, a completely different subnet.
QUESTION 127
Within the realm of network security, Zero Trust:
A. prevents attackers from moving laterally through a system.

B. allows a server to communicate with outside networks without a firewall.
C. block malicious software that is too new to be found in virus definitions.
D. stops infected files from being downloaded via websites.
Answer: A
Explanation:
Zero Trust is a relatively new security model that many corporations are starting to use. As the
name indicates, this model seeks to reduce or eliminate security breaches for an organization by
trusting absolutely nothing by default. In fact, the credo of this approach is “never trust; always
verify.”
Zero Trust was created by John Kindervag of Forrester Research. He realized that traditional
security models operate on the silly assumption that everything inside an organization’s network
should be trusted. With models based on this assumption, once a network attacker has gained
access, that user account is trusted. The Zero Trust model views trust as a vulnerability. Zero
Trust is implemented using many different technologies in a network, including the following:
- Segmenting the network
- Preventing lateral movement
- Providing Layer 7 threat prevention
- Simplifying granular user access control
QUESTION 128
Which of the following service models would MOST likely be used to replace on-premises servers
with a cloud solution?
A. PaaS
B. IaaS
C. SaaS
D. Disaster recovery as a Service (DRaaS)
Answer: B
Explanation:
In an IaaS service model, a cloud provider hosts the infrastructure components that are
traditionally present in an on-premises data center.
QUESTION 129
Which of the following factors should be considered when evaluating a firewall to protect a
datacenter's east-west traffic?
A. Replication traffic between an on-premises server and a remote backup facility

B. Traffic between VMs running on different hosts
C. Concurrent connections generated by Internet DDoS attacks
D. VPN traffic from remote offices to the datacenter's VMs
Answer: B
Explanation:
Traffic flows within a datacenter typically occur within the framework of one of two models: East-
West or North-South. The names may not be the most intuitive, but the East-West traffic model
means that data is flowing among devices within a specific datacenter while North-South means
that data is flowing into the datacenter (from a system physically outside the datacenter) or out of
it (to a system physically outside the datacenter).
QUESTION 130
A technician is deploying a low-density wireless network and is contending with multiple types of
building materials. Which of the following wireless frequencies would allow for the LEAST signal
attenuation?
A. 2.4GHz
B. 5GHz
C. 850MHz
D. 900MHZ
Answer: A
QUESTION 131
A company that uses VoIP telephones is experiencing intermittent issues with one-way audio and
dropped conversations. The manufacturer says the system will work if ping times are less than
50ms.
The company has recorded the following ping times:
Which of the following is MOST likely causing the issue?
A. Attenuation
B. Latency
C. VLAN mismatch
D. Jitter
Answer: A
QUESTION 132
Which of the following security devices would be BEST to use to provide mechanical access
control to the MDF/IDF?
A. A smart card
B. A key fob
C. An employee badge
D. A door lock
Answer: B
QUESTION 133
A network technician is investigating an IP phone that does not register in the VoIP system
Although it received an IP address, it did not receive the necessary DHCP options The
information that is needed for the registration is distributes by the OHCP scope All other IP
phones are working properly. Which of the following does the technician need to verify?
A. VLAN mismatch
B. Transceiver mismatch
C. Latency
D. DHCP exhaustion
Answer: A
QUESTION 134
A network administrator is downloading a large patch that will be uploaded to several enterprise
switches simultaneously during the day's upgrade cycle. Which of the following should the
administrator do to help ensure the upgrade process will be less likely to cause problems with the
switches?
A. Confirm the patch's MD5 hash prior to the upgrade

B. Schedule the switches to reboot after an appropriate amount of time.
C. Download each switch's current configuration before the upgrade
D. Utilize FTP rather than TFTP to upload the patch
Answer: C
QUESTION 135
Which of the following is a system that is installed directly on a server's hardware and abstracts
the hardware from any guest machines?
A. Storage array
B. Type 1 hypervisor
C. Virtual machine
D. Guest QS
Answer: B
Explanation:
A Type 1 hypervisor runs directly on the underlying computer's physical hardware, interacting
directly with its CPU, memory, and physical storage. For this reason, Type 1 hypervisors are also
referred to as bare-metal hypervisors. A Type 1 hypervisor takes the place of the host operating
system.
QUESTION 136
A city has hired a new employee who needs to be able to work when traveling at home and at the
municipal sourcing of a neighboring city that snares services. The employee is issued a laptop,
and a technician needs to train the employee on the appropriate solutions for secure access to
the network from all the possible locations On which of the following solutions would the
technician MOST likely train the employee?
A. Site-to-site VPNs between the two city locations and client-to-site software on the employee's
laptop tor all other remote access
B. Client-to-site VPNs between the travel locations and site-to-site software on the employee's
laptop for all other remote access
C. Client-to-site VPNs between the two city locations and site-to-site software on the employee's
laptop for all other remote access
D. Site-to-site VPNs between the home and city locations and site-to-site software on the
employee's laptop for all other remote access
Answer: A
QUESTION 137
A firewall administrator is implementing a rule that directs HTTP traffic to an internal server
listening on a non-standard socket.
Which of the following types of rules is the administrator implementing?
A. NAT
B. PAT
C. STP
D. SNAT
E. ARP
Answer: B
Explanation:
Static Network Address Translation (SNAT) would be used to translate from one address to
another. The question asks how to convert from one port to another; this is called Port Address
Translation (PAT).
QUESTION 138
A technician is configuring a network switch to be used in a publicly accessible location. Which of
the following should the technician configure on the switch to prevent unintended connections?
A. DHCP snooping
B. Geofencing
C. Port security
D. Secure SNMP
Answer: C
QUESTION 139
Which of the following is used to track and document various types of known vulnerabilities?
A. CVE
B. Penetration testing
C. Zero-day
D. SIEM
E. Least privilege
Answer: A
Explanation:
CVE is the acronym for Common Vulnerabilities and Exposures and the link to the website is
posted by EpitomeOfSalt.
QUESTION 140
The network administrator is informed that a user's email password is frequently hacked by brute-
force programs. Which of the following policies should the network administrator implements to
BEST mitigate this issue? (Choose two.)
A. Captive portal
B. Two-factor authentication
C. Complex passwords
D. Geofencing
E. Role-based access
F. Explicit deny
Answer: BC
QUESTION 141
A network engineer performs the following tasks to increase server bandwidth:
- Connects two network cables from the server to a switch stack

- Configure LACP on the switchports
- Verifies the correct configurations on the switch interfaces
Which of the following needs to be configured on the server?
A. Load balancing
B. Multipathing
C. NIC teaming
D. Clustering
Answer: C
Explanation:
Link Aggregation Control Protocol (LACP) is implemented specifically to enable port aggregation
(AKA NIC teaming).
QUESTION 142
A network technician is manually configuring the network settings for a new device and is told the
network block is 192.168.0.0/20. Which of the following subnets should the technician use?
A. 255.255.128.0
B. 255.255.192.0
C. 255.255.240.0
D. 255.255.248.0
Answer: C
Explanation:
192.168.0.0/20 CIDR is in the third octet.
/1-8 (1st octet), /9-16 (2nd octet), /17-24 (3rd octet), /25-32 (4th octet).
/17 = 128
/18 = 192
/19 = 224
/20 = 240 is the answer
/21 = 248
/22 = 252
/23 = 254
/24 = 255
QUESTION 143
A network administrator is securing the wireless network in a multitenant building. The network
uses a passphrase for authentication so it is easy to allow guests onto the wireless network, but
management would like to prevent users from outside the office space from accessing the
network. Which of the following security mechanisms would BEST meet this requirement?
A. MAC filtering
B. WPA-PSK
C. 802.1X
D. Geofencing
Answer: D
QUESTION 144
A technician is asked to provide centralized SSID management across the entire WAN. The
BEST solution would be to:
A. use a configuration management server

B. configure a multilayer switch
C. install a wireless controller
D. use a proxy server
Answer: C
QUESTION 145
A systems administrator needs to improve WiFi performance in a densely populated office tower
and use the latest standard.
There is a mix of devices that use 2.4 GHz and 5 GHz.
Which of the following should the systems administrator select to meet this requirement?
A. 802.11ac
B. 802.11ax
C. 802.11g
D. 802.11n
Answer: B
Explanation:
Wi-Fi 6 (802.11ax) can now divide a wireless channel into a large number of subchannels. Each
of these subchannels can carry data intended for a different device. This is achieved through
something called Orthogonal Frequency Division Multiple Access, or OFDMA. The Wi-Fi access
point can talk to more devices at once.
The new riderless standard also has improved MIMO - Multiple In/Multiple Out. This involves
multiple antennas, which let the access point talk to multiple devices at once. With Wi-Fi 5, the
access point could talk to devices at the same time, but those devices couldn’t respond at the
same time. Wi-Fi 6 has an improved version of multi-user or MU-MIMO that lets devices respond
to the wireless access point at the same time.
QUESTION 146
Which of the following would be BEST to use to detect a MAC spoofing attack?
A. Internet Control Message Protocol

B. Reverse Address Resolution Protocol
C. Dynamic Host Configuration Protocol
D. Internet Message Access Protocol
Answer: B
Explanation:
A MAC spoofing attack consists of changing the MAC address of a network device (network
card). A client computer can use Revers Address Resolution Protocol to request its Internet
Protocol (IPv4) address and MAC address from a computer network to check its accuracy.
QUESTION 147
A technician receives feedback that some users are experiencing high amounts of jitter while
using the wireless network. While troubleshooting the network, the technician uses the ping
command with the IP address of the default gateway and verifies large variations in latency.
The technician thinks the issue may be interference from other networks and non-802.11 devices.
Which of the following tools should the technician use to troubleshoot the issue?
A. NetFlow analyzer
B. Bandwidth analyzer
C. Protocol analyzer
D. Spectrum analyzer
Answer: D
Explanation:
A spectrum analyzer is a tool that focuses on the physical layer, which will vary based on the type
of analyzer. Although vendors make these analyzers for both audio and optical signals, in most
cases spectrum analyzers are used to analyze wireless or radio frequency signals. Spectrum
analyzers are primarily used to identify and measure the strength of radio signals that are present
in the area. They can visually display these signals by frequency on
the device. These devices are used to locate sources of interference that may impact the
operation of a wireless network.
QUESTION 148
Wireless users are reporting intermittent internet connectivity. Connectivity is restored when the
users disconnect and reconnect, utilizing the web authentication process each time. The network
administrator can see the devices connected to the APs at all times.
Which of the following steps will MOST likely determine the cause of the issue?
A. Verify the session time-out configuration on the captive portal settings

B. Check for encryption protocol mismatch on the client's wireless settings
C. Confirm that a valid passphrase is being used during the web authentication
D. Investigate for a client's disassociation caused by an evil twin AP
Answer: A
Explanation:
Captive Portal user authentication provides a means to authenticate the clients through an
external web server.
QUESTION 149
SIMULATION
You are tasked with verifying the following requirements are met in order to ensure network
security.
Requirements:
Datacenter
- Ensure network is subnetted to allow all devices to communicate properly while minimizing
address space usage
- Provide a dedicated server to resolve IP addresses and hostnames correctly and handle
port 53 traffic
Building A
address space usage
- Provide devices to support 5 additional different office users
- Add an additional mobile user
- Replace the Telnet server with a more secure solution
Screened subnet
address space usage
- Provide a server to handle external 80/443 traffic
- Provide a server to handle port 20/21 traffic
INSTRUCTIONS
Drag and drop objects onto the appropriate locations. Objects can be used multiple times and not
all placeholders need to be filled.
Available objects are located in both the Servers and Devices tabs of the Drag & Drop menu.
All button.
Answer:
Top left subnet - 206.208.134.0/28
Top right subnet - 10.72.63.0/28
Bottom subnet - 192.168.11.0/28
Screened Subnet devices - Web server, FTP server

Building A devices - SSH server top left, workstations on all 5 on the right, laptop on bottom left
DataCenter devices - DNS server.
QUESTION 150
Which of the following is used to prioritize Internet usage per application and per user on the
network?
A. Bandwidth management
B. Load balance routing
C. Border Gateway Protocol
D. Administrative distance
Answer: A
Explanation:
Bandwidth management is the process of measuring and controlling the communications (traffic,
packets) on a network link, to avoid filling the link to capacity or overfilling the link, which would
result in network congestion and poor performance of the network.
QUESTION 151
A network administrator needs to query the NSs for a remote application. Which of the following
commands would BEST help the administrator accomplish this task?
A. dig
B. arp
C. show interface
D. hostname
Answer: A
Explanation:
The Linux/Unix dig (short for domain information groper) utility does the exact same thing as
nslookup. It’s primarily a command-line utility that allows you to perform a single DNS lookup for a
specific entity, but it can also be employed in batch mode for a series of
lookups.
QUESTION 152
Which of the following would MOST likely be used to review previous upgrades to a system?
A. Business continuity plan

C. System life cycle
D. Standard operating procedures
Answer: B
Explanation:
The change-management process includes Request for Change (RFC) documentation -
resources that record why and when a change, such as an upgrade, was made.
None of the other options would provide documentation for PREVIOUS changes to a system.
Standard operating procedures might document work instructions for handling previously
encountered incidents, but not for systemic changes like upgrades.
QUESTION 153
A technician is deploying a new switch model and would like to add it to the existing network
monitoring software. The technician wants to know what metrics can be gathered from a given
switch. Which of the following should the technician utilize for the switch?
A. MIB
B. Trap
C. Syslog
D. Audit log
Answer: A
Explanation:
MIB (Management Information Base) A data set that defines the criteria that can be retrieved and
set on a device using SNMP.
QUESTION 154
A network device is configured to send critical events to a syslog server; however, the following
alerts are not being received:
Severity 5 LINK-UPDOWN: Interface 1/1, changed state to down

Severity 5 LINK-UPDOWN: Interface 1/3, changed state to down
Which of the following describes the reason why the events are not being received?
A. The network device is not configured to log that level to the syslog server
B. The network device was down and could not send the event
C. The syslog server is not compatible with the network device
D. The syslog server did not have the correct MIB loaded to receive the message
Answer: A
Explanation:
There are 7 severity logging levels: Emergency, Alert, Critical, Error, Warning, Notice,
Informational, Debug (0-7).
The question states the log is only configured to report "CRITICAL" events, and the events that
occurred are level 5 i.e (NOTICE) events.
QUESTION 155
Which of the following is the LARGEST MTU for a standard Ethernet frame?
A. 1452
B. 1492
C. 1500
D. 2304
Answer: C
QUESTION 156
Given the following information:
Which of the following command-line tools would generate this output?
A. netstat
B. arp
C. dig
D. tracert
Answer: A
QUESTION 157
According to troubleshooting methodology, which of the following should the technician do NEXT
after determining the most likely probable cause of an issue?
A. Establish a plan of action to resolve the issue and identify potential effects
B. Verify full system functionality and, if applicable, implement preventive measures
C. Implement the solution or escalate as necessary
D. Test the theory to determine the cause
Answer: D
Explanation:
1. Identify the problem
2. Establish a theory of probable cause ***The question is here.
3. Test the theory to determine the cause
4. Establish a plan of action to resolve the problem and identify potential effects
5. Implement the solution or escalate as necessary
6. Verify full system functionality and, if applicable, implement preventive measures
7. Document findings, actions, and outcomes and lessons learned
QUESTION 158
Which of the following BEST describes a network appliance that warns of unapproved devices
that are accessing the network?
A. Firewall
B. AP
C. Proxy server
D. IDS
Answer: D
Explanation:
IDS is a monitoring system that detects suspicious activities and generates alerts when they are
detected.
QUESTION 159
A technician is installing a cable modem in a SOHO. Which of the following cable types will the
technician MOST likely use to connect a modem to the ISP?
A. Coaxial
B. Single-mode fiber
C. Cat 6e
D. Multimode fiber
Answer: A
Explanation:
Your internet service provider will send a data signal through the coaxial cable or coax cable to
your modem. A coaxial cable helps cable internet service providers transmit data between
servers.
QUESTION 160
A network technician is reviewing the interface counters on a router interface. The technician is
attempting to confirm a cable issue. Given the following information:
Which of the following metrics confirms there is a cabling issue?
A. Last cleared
B. Number of packets output
C. CRCs
D. Giants
E. Multicasts
Answer: C
Explanation:
CRC errors mean that packets have been damaged. This can be caused by a faulty port on the
device or a bad Ethernet cable. Changing the cable or apping the port is a relatively easy fix.
Occasionally, they are generated on layer 2 by a duplex mismatch. It can also be the result of
collisions or a tation transmitting bad data.
QUESTION 161
Which of the following attacks encrypts user data and requires a proper backup implementation to
recover?
A. DDoS
B. Phishing
C. Ransomware
D. MAC spoofing
Answer: C
Explanation:
Ransome is a kind of attache that encrypts your data or OS and require payment in a give time.
QUESTION 162
A network administrator wants to analyze attacks directed toward the company's network. Which
of the following must the network administrator implement to assist in this goal?
A. A honeypot
B. Network segmentation
C. Antivirus
D. A screened subnet
Answer: A
Explanation:
Honeypot is a kind trap for attackers made available so that you can study the attack patterns.
QUESTION 163
A network administrator is configuring a database server and would like to ensure the database
engine is listening on a certain port. Which of the following commands should the administrator
use to accomplish this goal?
A. nslookup
B. netstat -a
C. ipconfig /a
D. arp -a
Answer: B
Explanation:
The network statistics ( netstat ) command is a networking tool used for troubleshooting and
configuration, that can also serve as a monitoring tool for connections over the network. Both
incoming and outgoing connections, routing tables, port listening, and usage statistics are
common uses for this command.
QUESTION 164
A technician is implementing a new wireless network to serve guests at a local office. The
network needs to provide Internet access but disallow associated stations from communicating
with each other. Which of the following would BEST accomplish this requirement?
A. Wireless client isolation

B. Port security
C. Device geofencing
D. DHCP snooping
Answer: A
Explanation:
Wireless Client Isolation is a security feature that prevents wireless clients from communicating
with one another. This feature is useful for guest and BYOD SSIDs adding a level of security to
limit attacks and threats between devices connected to the wireless networks.
QUESTION 165
A company requires a disaster recovery site to have equipment ready to go in the event of a
disaster at its main datacenter. The company does not have the budget to mirror all the live data
to the disaster recovery site. Which of the following concepts should the company select?
A. Cold site
B. Hot site
C. Warm site
D. Cloud site
Answer: C
Explanation:
A warm site is a leased facility that contains electrical and communications wiring, full utilities,
and networking equipment. In most cases, the only thing that needs to be restored is the software
and the data. A warm site takes longer to restore than a hot site but less than a cold site.
QUESTION 166
An IT technician suspects a break in one of the uplinks that provides connectivity to the core
switch. Which of the following command-line tools should the technician use to determine where
the incident is occurring?
A. nslookup
B. show config
C. netstat
D. show interface
E. show counters
Answer: D
Explanation:
show interface will allow one to see the uplink states of each port.
QUESTION 167
A technician is connecting DSL for a new customer. After installing and connecting the on-
premises equipment, the technician verifies DSL synchronization. When connecting to a
workstation, however, the link LEDs on the workstation and modem do not light up. Which of the
following should the technician perform during troubleshooting?
A. Identify the switching loops between the modem and the workstation.
B. Check for asymmetrical routing on the modem.
C. Look for a rogue DHCP server on the network.
D. Replace the cable connecting the modem and the workstation.
Answer: D
Explanation:
The link LEDs on the workstation and modem do not light up, so cable may be a root cause.
QUESTION 168
Which of the following services can provide data storage, hardware options, and scalability to a
third-party company that cannot afford new devices?
A. SaaS
B. IaaS
C. PaaS
D. DaaS
Answer: B
Explanation:
IaaS is the better answer because DaaS require compatible devices thus the scalability is
proportional to the availability of these devices. IaaS on the other hand is servers and one can
scale those up in the background with just a click of the mouse.
QUESTION 169
A network administrator is talking to different vendors about acquiring technology to support a
new project for a large company.
Which of the following documents will MOST likely need to be signed before information about
the project is shared?
A. BYOD policy
B. NDA
C. SLA
D. MOU
Answer: B
Explanation:
NDAs can also be used when two organizations work together to develop a new product.
Because certain information must be shared to make the partnership successful, NDAs are
signed to ensure that each partner’s data is protected.
QUESTION 170
Two remote offices need to be connected securely over an untrustworthy MAN. Each office
needs to access network shares at the other site. Which of the following will BEST provide this
functionality?
A. Client-to-site VPN
B. Third-party VPN service
C. Site-to-site VPN
D. Split-tunnel VPN
Answer: C
QUESTION 171
A network requirement calls for segmenting departments into different networks. The campus
network is set up with users of each department in multiple buildings. Which of the following
should be configured to keep the design simple and efficient?
A. MDIX
B. Jumbo frames
C. Port tagging
D. Flow control
Answer: C
Explanation:
Port Tagging is the best answer. Port tagging is used for connecting switches that may be on
different networks (trunking).
QUESTION 172
Which of the following protocols will a security appliance that is correlating network events from
multiple devices MOST likely rely on to receive event messages?
A. Syslog
B. Session Initiation Protocol
C. Secure File Transfer Protocol
D. Server Message Block
Answer: A
Explanation:
A log collector aggregates event messages from numerous devices to a single storage location.
Syslog is an example of a protocol and supporting software that facilitates log collection.
QUESTION 173
Which of the following is MOST commonly used to address CVEs on network equipment and/or
operating systems?
A. Vulnerability assessment
B. Factory reset
C. Firmware update
D. Screened subnet
Answer: C
Explanation:
A Vulnerability assessment would find the problem and the firmware update would fix it.
QUESTION 174
A network technician is investigating an issue with handheld devices in a warehouse. Devices
have not been connecting to the nearest APs, but they have been connecting to an AP on the far
side of the warehouse. Which of the following is the MOST likely cause of this issue?
A. The nearest APs are configured for 802.11g.

B. An incorrect channel assignment is on the nearest APs.
C. The power level is too high for the AP on the far side.
D. Interference exists around the AP on the far side.
Answer: C
Explanation:
When a access points signal power is higher than the closer AP, the device will connect to the far
AP automatically.
QUESTION 175
Which of the following uses the destination IP address to forward packets?
A. A bridge
B. A Layer 2 switch
C. A router
D. A repeater
Answer: C
Explanation:
A router is a device that connects two or more packet-switched networks or subnetworks. It
serves two primary functions: managing traffic between these networks by forwarding data
packets to their intended IP addresses, and allowing multiple devices to use the same Internet
connection.
QUESTION 176
Which of the following OSI model layers is where conversations between applications are
established, coordinated, and terminated?
A. Session
B. Physical
C. Presentation
D. Data link
Answer: A
Explanation:
The session layer sets up, coordinates and terminates conversations between applications.
QUESTION 177
A business is using the local cable company to provide Internet access. Which of the following
types of cabling will the cable company MOST likely use from the demarcation point back to the
central office?
A. Multimode
B. Cat 5e
C. RG-6
D. Cat 6
E. 100BASE-T
Answer: C
QUESTION 178
A network administrator decided to use SLAAC in an extensive IPv6 deployment to alleviate IP
address management. The devices were properly connected into the LAN but autoconfiguration
of the IP address did not occur as expected. Which of the following should the network
administrator verify?
A. The network gateway is configured to send router advertisements.

B. A DHCP server is present on the same broadcast domain as the clients.
C. The devices support dual stack on the network layer.
D. The local gateway supports anycast routing.
Answer: A
Explanation:
IPv6 networks use Stateless Address Auto Configuration (SLAAC) to assign IP addresses. With
SLAAC, devices send the router a request for the network prefix, and the device then uses the
prefix along with its own MAC address to create an IP address.
QUESTION 179
Which of the following is used to provide networking capability for VMs at Layer 2 of the OSI
model?
A. VPN
B. VRRP
C. vSwitch
D. VIP
Answer: C
QUESTION 180
A network administrator is required to ensure that auditors have read-only access to the system
logs, while systems administrators have read and write access to the system logs, and operators
have no access to the system logs. The network administrator has configured security groups for
each of these functional categories. Which of the following security capabilities will allow the
network administrator to maintain these permissions with the LEAST administrative effort?
A. Mandatory access control

B. User-based permissions
C. Role-based access
D. Least privilege
Answer: C
QUESTION 181
Which of the following would be used to expedite MX record updates to authoritative NSs?
A. UDP forwarding
B. DNS caching
C. Recursive lookup
D. Time to live
Answer: D
Explanation:
To speed up resolution, the client will often store the results of resolution locally (in the browser
quite often) so that it does not have to query again if the same resolution needs to be done. This
is known as DNS caching, and this is also done by caching nameservers (also known as
recursive nameservers). Since it is possible that values change (a different IP address issued to a
host than it previously had), caches typically come with TTL (time to live) values and time out
after a while.
QUESTION 182
A client moving into a new office wants the IP network set up to accommodate 412 network-
connected devices that are all on the same subnet. The subnet needs to be as small as possible.
Which of the following subnet masks should be used to achieve the required result?
A. 255.255.0.0
B. 255.255.252.0
C. 255.255.254.0
D. 255.255.255.0
Answer: C
Explanation:
An class C give you at most 256 addresses including network ID and broadcast address. In this
case, we need more than 256 addresses while being smallest thus we looking at class B of at
least 2 host size.
QUESTION 183
A company is being acquired by a large corporation. As part of the acquisition process, the
company's address should now redirect clients to the corporate organization page. Which of the
following DNS records needs to be created?
A. SOA
B. NS
C. CNAME
D. TXT
Answer: C
Explanation:
CNAME can be used to direct an domain to another domain. You can do so with A or AAAA as
well but it will be domain to an IP.
QUESTION 184
A user is having difficulty with video conferencing and is looking for assistance. Which of the
following would BEST improve performance?
A. Packet shaping
B. Quality of service
C. Port mirroring
D. Load balancing
Answer: B
Explanation:
QoS for video conferencing is essential to deliver robust, reliable service across your
organization.
QUESTION 185
A network technician is configuring a new firewall for a company with the necessary access
requirements to be allowed through the firewall. Which of the following would normally be applied
as the LAST rule in the firewall?
A. Secure SNMP
B. Port security
C. Implicit deny
D. DHCP snooping
Answer: C
Explanation:
Enforce firewall rules: Firewall rules are used to dictate what traffic can pass between the firewall
and the internal network. Three possible actions can be taken based on the rule’s criteria: block
the connection (explicit deny), accept the connection, or allow the connection if conditions are
met (such as it being secured). It is this last condition that is the most difficult to configure, and
conditions usually end with an implicit deny clause. An implicit deny clause means that if the
proviso in question has not been explicitly granted, access is denied.
QUESTION 186
Which of the following is a requirement when certifying a network cabling as Cat 7?
A. Ensure the patch panel is certified for the same category.

B. Limit 10Gb transmissions to 180ft (55m).
C. Use F-type connectors on the network terminations.
D. Ensure the termination standard is TIA/EIA-568-A.
Answer: A
QUESTION 187
A systems administrator is running a VoIP network and is experiencing jitter and high latency.
Which of the following would BEST help the administrator determine the cause of these issues?
A. Enabling RADIUS on the network

B. Configuring SNMP traps on the network
C. Implementing LDAP on the network
D. Establishing NTP on the network
Answer: B
Explanation:
SNMP traps would allow him to analyze the problem with MIB information collected.
QUESTION 188
The following instructions were published about the proper network configuration for a
videoconferencing device:
"Configure a valid static RFC1918 address for your network. Check the option to use a
connection over NAT."
Which of the following is a valid IP address configuration for the device?
A. FE80::1
B. 100.64.0.1
C. 169.254.1.2
D. 172.19.0.2
E. 224.0.0.12
Answer: D
Explanation:
RFC 1918 is a private IP address.
Private addresses:
10.0.0.0 to 10.255.255.255 (Class A private address range).
172.16.0.0 to 172.31.255.255 (Class B private address range).
192.168.0.0 to 192.168.255.255 (Class C private address range).
QUESTION 189
A network administrator is reviewing interface errors on a switch. Which of the following indicates
that a switchport is receiving packets in excess of the configured MTU?
A. CRC errors
B. Giants
C. Runts
D. Flooding
Answer: B
Explanation:
Giants are large packets that are discarded or dropped.
QUESTION 190
A network administrator needs to implement an HDMI over IP solution. Which of the following will
the network administrator MOST likely use to ensure smooth video delivery?
A. Link aggregation control

B. Port tagging
C. Jumbo frames
D. Media access control
Answer: C
QUESTION 191
A network administrator wants to reduce overhead and increase efficiency on a SAN. Which of
the following can be configured to achieve these goals?
A. Port aggregation
B. Traffic shaping
C. Jumbo frames
D. Flow control
Answer: C
QUESTION 192
A rogue AP was found plugged in and providing Internet access to employees in the break room.
Which of the following would be BEST to use to stop this from happening without physically
removing the WAP?
A. Password complexity
B. Port security
C. Wireless client isolation
D. Secure SNMP
Answer: B
QUESTION 193
A company's network is set up so all Internet-bound traffic from all remote offices exits through a
main datacenter. Which of the following network topologies would BEST describe this setup?
A. Bus
B. Spine-and-leaf
C. Hub-and-spoke
D. Mesh
Answer: C
Explanation:
A hub-and-spoke can be WAN configured between a central office and branch offices.
QUESTION 194
To comply with industry requirements, a security assessment on the cloud server should identify
which protocols and weaknesses are being exposed to attackers on the Internet. Which of the
following tools is the MOST appropriate to complete the assessment?
A. Use tcpdump and parse the output file in a protocol analyzer.

B. Use an IP scanner and target the cloud WAN network addressing.
C. Run netstat in each cloud server and retrieve the running processes.
D. Use nmap and set the servers' public IPs as the targets.
Answer: D
QUESTION 195
A systems administrator is configuring a firewall using NAT with PAT. Which of the following
would be BEST suited for the LAN interface?
A. 172.15.0.0/18
B. 172.18.0.0/10
C. 172.23.0.0/16
D. 172.28.0.0/8
E. 172.32.0.0/14
Answer: C
Explanation:
Network address translation (NAT) and Port address translation (PAT) are often used to translate
between global and private ip addresses. Private address for Class B is 172.16.0.0 to
172.31.255.255. Only 172.23.0.0/16 fit the range.
QUESTION 196
A packet is assigned a value to ensure it does not traverse a network indefinitely. Which of the
following BEST represents this value?
A. Zero Trust
B. Planned obsolescence
C. Time to live
D. Caching
Answer: C
Explanation:
Time to Live (TTL) IP header field is decreased by at least 1.
This could be greater if the router is congested. The TTL is nominally the number of seconds a
packet can stay on the network before being discarded.
QUESTION 197
Which of the following policies should be referenced when a user wants to access work email on
a personal cell phone?
A. Offboarding policy
B. Acceptable use policy
C. BYOD policy
D. Remote access policy
Answer: C
Explanation:
BYOD (bring your own device) is a policy that allows employees in an organization to use their
personally owned devices for work-related activities.
QUESTION 198
After a firewall replacement, some alarms and metrics related to network availability stopped
updating on a monitoring system relying on SNMP. Which of the following should the network
administrator do FIRST?
A. Modify the device's MIB on the monitoring system.

B. Configure syslog to send events to the monitoring system.
C. Use port mirroring to redirect traffic to the monitoring system.
D. Deploy SMB to transfer data to the monitoring system.
Answer: A
QUESTION 199
At the destination host, which of the following OSI model layers will discard a segment with a bad
checksum in the UDP header?
A. Network
B. Data link
C. Transport
D. Session
Answer: C
Explanation:
Basic load balancers make forwarding decisions on IP address and TCP/UDP header values,
working at the transport layer of the OSI model.
QUESTION 200
A voice engineer is troubleshooting a phone issue. When a call is placed, the caller hears echoes
of the receiver's voice. Which of the following are the causes of this issue? (Choose two.)
A. Jitter
B. Speed mismatch
C. QoS misconfiguration
D. Protocol mismatch
E. CRC errors
F. Encapsulation errors
Answer: AC
QUESTION 201
Which of the following VPN configurations should be used to separate Internet and corporate
traffic?
A. Split-tunnel
B. Remote desktop gateway
C. Site-to-site
D. Out-of-band management
Answer: A
Explanation:
Split tunnel VPN configuration is where only traffic for the private network is routed via the VPN
gateway.
QUESTION 202
Which of the following is required when connecting an endpoint device with an RJ45 port to a
network device with an ST port?
A. A media converter
B. A bridge
C. An MDIX
D. A load balancer
Answer: A
QUESTION 203
The management team has instituted a 48-hour RTO as part of the disaster recovery plan. Which
of the following procedures would meet the policy's requirements?
A. Recover all systems to a loss of 48 hours of data.

B. Limit network downtime to a maximum of 48 hours per year.
C. Recover all systems within 48 hours.
D. Require 48 hours of system backup maintenance.
Answer: C
Explanation:
Recovery time objective (RTO) is the period following a disaster that an individual IT system may
remain offline. This represents the maximum amount of time allowed to identify that there is a
problem and then perform recovery (restore from backup or switch in an alternative system, for
instance).
QUESTION 204
Which of the following cable types would MOST likely be used to provide high-speed network
connectivity between nearby buildings?
A. UTP
B. Coaxial
C. Fiber
D. Cat 5
E. Twinaxial
Answer: C
QUESTION 205
Which of the following is the physical security mechanism that would MOST likely be used to
enter a secure site?
A. A landing page
B. An access control vestibule
C. A smart locker
D. A firewall
Answer: B
Explanation:
A access control vestibule is another name for a mantrap or a secure entry system with two
gateways.
QUESTION 206
Which of the following BEST describes a North-South traffic flow?
A. A public Internet user accessing a published web server

B. A database server communicating with another clustered database server
C. A Layer 3 switch advertising routes to a router
D. A management application connecting to managed devices
Answer: A
Explanation:
North-South exact traffic would be entering the Datacenter from outside. The management
application connecting to managed devices doesn't give any indication of internal or external
communication.
QUESTION 207
A network switch was installed to provide connectivity to cameras monitoring wildlife in a remote
location. The organization is concerned that intruders could potentially leverage unattended
equipment in the remote location to connect rogue devices and gain access to the organization's
resources. Which of the following techniques would BEST address the concern?
A. Configure port security using MAC filtering.

B. Manually register the cameras on the switch address table.
C. Activate PoE+ on the active switchports.
D. Disable Neighbor Discovery Protocol on the switch.
Answer: A
QUESTION 208
A technician is documenting an application that is installed on a server and needs to verify all
existing web and database connections to the server. Which of the following tools should the
technician use to accomplish this task?
A. tracert
B. ipconfig
C. netstat
D. nslookup
Answer: C
QUESTION 209
A technician is assisting a user who cannot access network resources when the workstation is
connected to a VoIP phone. The technician identifies the phone as faulty and replaces it.
According to troubleshooting methodology, which of the following should the technician do
NEXT?
A. Implement the solution.

B. Test the theory.
C. Duplicate the issue.
D. Document the findings.
E. Verify functionality.
Answer: E
QUESTION 210
Which of the following OSI model layers contains IP headers?
A. Presentation
B. Application
C. Data link
D. Network
E. Transport
Answer: D
QUESTION 211
A small office is running WiFi 4 APs, and neighboring offices do not want to increase the
throughput to associated devices. Which of the following is the MOST cost-efficient way for the
office to increase network performance?
A. Add another AP.

B. Disable the 2.4GHz radios.
C. Enable channel bonding.
D. Upgrade to WiFi 5.
Answer: C
Explanation:
Channel bonding combines multiple channels - or lanes - to increase the amount of traffic that a
modem's highway can comfortably support.
QUESTION 212
A network technician is troubleshooting an application issue. The technician is able to recreate
the issue in a virtual environment. According to the troubleshooting methodology, which of the
following actions will the technician most likely perform NEXT?
A. Gather information from the initial report.

B. Escalate the issue to a supervisor.
C. Implement a solution to resolve the issue.
D. Establish a theory of probable cause.
Answer: D
QUESTION 213
Which of the following types of datacenter architectures will MOST likely be used in a large SDN
and can be extended beyond the datacenter?
A. iSCSI
B. FCoE
C. Three-tiered network
D. Spine and leaf
E. Top-of-rack switching
Answer: D
Explanation:
The main issue with this design for the modern data center is that intra-DC traffic is the new
norm. Due to server-to-server traffic, three hops now quickly become four, five or more, adding
significant latency per flow as well as increasing the risk of bottlenecks, buffer overruns and
dropped packets.
QUESTION 214
A technician is troubleshooting a client's report about poor wireless performance. Using a client
monitor, the technician notes the following information:
Which of the following is MOST likely the cause of the issue?
A. Channel overlap
B. Poor signal
C. Incorrect power settings
D. Wrong antenna type
Answer: A
Explanation:
Channel overlap will happen here you need a gap between channels.
Ex: 1, 6, 11, etc..
QUESTION 215
A network technician reviews an entry on the syslog server and discovers the following message
from a switch:
SPANNING-TREE Port 1/1 BLOCKED
Which of the following describes the issue?
A. A loop was discovered, and the impact was mitigated.

B. An incorrectly pinned cable was disconnected.
C. The link-local address on the port is incorrect.
D. The port was shut down, and it needs to be reactivated.
Answer: A
QUESTION 216
A company just migrated its email service to a cloud solution. After the migration, two-thirds of the
internal users were able to connect to their mailboxes, but the connection fails for the other one-
third of internal users. Users working externally are not reporting any issues. The network
administrator identifies the following output collected from an internal host:
c:\user> nslookup newmail.company.com

Non-Authoritative answer:
Name: newmail.company.com
IPs: 3.219.13.186, 64.58.225.184, 184.168.131.243
Which of the following verification tasks should the network administrator perform NEXT?
A. Check the firewall ACL to verify all required IP addresses are included.
B. Verify the required router PAT rules are properly configured.
C. Confirm the internal DNS server is replying to requests for the cloud solution.
D. Validate the cloud console to determine whether there are unlicensed requests.
Answer: A
QUESTION 217
A network technician was hired to harden the security of a network. The technician is required to
enable encryption and create a password for AP security through the web browser. Which of the
following would BEST support these requirements?
A. ESP
B. WPA2
C. IPSec
D. ACL
Answer: B
QUESTION 218
Which of the following ports are associated with IMAP? (Choose two.)
A. 25
B. 110
C. 143
D. 587
E. 993
F. 995
Answer: CE
QUESTION 219
A network administrator is trying to identify a device that is having issues connecting to a
switchport. Which of the following would BEST help identify the issue?
A. A syslog server
B. Change management records
C. A rack diagram
D. The security log
Answer: C
Explanation:
A rack diagram will provide the IP address of switching, the VLAN assigned to ports and tech
could confirm PC on correct subnet and GW.
QUESTION 220
A company with multiple routers would like to implement an HA network gateway with the least
amount of downtime possible. This solution should not require changes on the gateway setting of
the network clients. Which of the following should a technician configure?
A. Automate a continuous backup and restore process of the system's state of the active
gateway.
B. Use a static assignment of the gateway IP address on the network clients.
C. Configure DHCP relay and allow clients to receive a new IP setting.
D. Configure a shared VIP and deploy VRRP on the routers.
Answer: D
Explanation:
The open standard protocol Virtual Router Redundancy Protocol (VRRP) is similar to HSRP, the
differences mainly being in terminology and packet formats. In VRRP, the active router is known
as the master, and all other routers in the group are known as backup routers. There is no
specific standby router; instead, all backup routers monitor the status of the master, and in the
event of a failure, a new master router is selected from the available backup routers based on
priority.
QUESTION 221
Which of the following protocols would allow a secure connection to a Linux-based system?
A. SMB
B. FTP
C. RDP
D. SSH
Answer: D
QUESTION 222
A network administrator is troubleshooting the communication between two Layer 2 switches that
are reporting a very high runt count. After trying multiple ports on both switches, the issue
persists. Which of the following should the network administrator perform to resolve the issue?
A. Increase the MTU size on both switches.

B. Recertify the cable between both switches.
C. Perform a factory reset on both switches.
D. Enable debug logging on both switches.
Answer: B
Explanation:
In the past, collisions (which were eliminated with full-duplex Ethernet decades ago) were likely
causes of runts. Nowadays, bad wiring and electrical interference are leading causes of runts.
QUESTION 223
Users attending security training at work are advised not to use single words as passwords for
corporate applications. Which of the following does this BEST protect against?
A. An on-path attack
B. A brute-force attack
C. A dictionary attack
D. MAC spoofing
E. Denial of service
Answer: C
Explanation:
A dictionary attack software matches the hash to those produced by ordinary words found in a
dictionary.
QUESTION 224
A network administrator needs to run a single command-line tool capable of displaying routing
table and multicast memberships.
Which of the following would BEST help the administrator achieve the requirements?
A. arp
B. show route
C. show config
D. netstate
Answer: A
QUESTION 225
Which of the following topologies requites the MOST connections when designing a network?
A. Mesh
B. Star
C. Bus
D. Ring
Answer: A
QUESTION 226
A technician is assisting a user who cannot connect to a website. The technician attempts to ping
the default gateway and DNS server of the workstation.
According to troubleshooting methodology, this is an example of:
A. a divide-and-conquer approach
B. gathering information
C. a top-to-bottom approach
D. Implementing a solution
Answer: B
Explanation:
The technician is just starting to look at the problem, so he is beginning to gather information to
determine what the root CAUSE is. This would be step #1 Identify the Problem. "gathering
information" (in this case, can certain devices be pinged on the network) is a part of step one.
https://www.comptia.org/blog/troubleshooting-methodology
QUESTION 227
A network administrator is troubleshooting an issue with a new Internet connection.
The ISP is asking detailed questions about the configuration of the router that the network
administrator is troubleshooting.
Which of the following commands is the network administrator using? (Select TWO.)
A. tcpdump
B. show config
C. hostname
D. show route
E. netstate
F. show ip arp
Answer: BD
Explanation:
The show config command (or some variation of it) is used to examine the configuration of a
network device. For example, on a Cisco router, the show running-configuration command
permits you to see the current configuration of the device, which is stored in the RAM of the
device. To view the saved configuration that is loaded when the system is rebooted, you can use
the show startup-configuration command.
The show route command (or some variation of it) is used to view the routing table configuration
of the network device. On a Cisco router, you can use show ip route to view the IPv4 routing
table.
Remember this is on a ROUTER, so netstat (Win/UNIX) does not work.
QUESTION 228
Which of the following BEST describes hosting several businesses on the same physical
infrastructure?
A. Hybrid
B. Elasticity
C. laaS
D. Multitenancy
Answer: D
Explanation:
Multitenancy, which is when several different cloud customers are accessing the same computing
resources, such as when several different companies are storing data on the same physical
server.
https://www.cloudflare.com/learning/cloud/what-is-multitenancy/
QUESTION 229
An IT officer is installing a new WAP. Which of the following must the officer change to connect
users securely to the WAP?
A. AES encryption
B. Channel to the highest frequency within the band
C. TKIP encryption protocol
D. Dynamic selection of the frequency
Answer: A
QUESTION 230
Which of the following architectures is used for FTP?
A. Client-server
B. Service-oriented
C. Connection-oriented
D. Data-centric
Answer: A
QUESTION 231
A technician is connecting a Cat 6 Ethernet cable to a device that only has LC ports. Which of the
following will the technician MOST likely use to accomplish this task?
A. A bridge
B. A media converter
C. A repeater
D. A router
Answer: B
QUESTION 232
A network administrator would like to enable NetFlow on a Layer 3 switch but is concerned about
how the feature may impact the switch. Which of the following metrics should the administrator
graph using SNMP to BEST measure the feature's impact?
A. CPU usage
B. Temperature
C. Electrical consumption
D. Bandwidth usage
Answer: A
QUESTION 233
A technician is troubleshooting a report about network connectivity issues on a workstation. Upon
investigation, the technician notes the workstation is showing an APIPA address on the network
interface. The technician verifies that the VLAN assignment is correct and that the network
interface has connectivity. Which of the following is MOST likely the issue the workstation is
experiencing?
A. DHCP exhaustion
B. A rogue DHCP server
C. A DNS server outage
D. An incorrect subnet mask
Answer: A
Explanation:
Each DHCP request with a different MAC address is regarded by the DHCP server as a new
network client request. If the attacker sends an ample number of requests, the server's address
pool will ultimately be exhausted. Hence, new network clients will be denied the DHCP service
and will be unable to join the network.
QUESTION 234
A technician performed a manual reconfiguration of a firewall, and network connectivity was
reestablished. Some connection events that were previously sent to a syslog server are no longer
being generated by the firewall. Which of the following should the technician perform to fix the
issue?
A. Adjust the proper logging level on the new firewall.

B. Tune the filter for logging the severity level on the syslog server.
C. Activate NetFlow traffic between the syslog server and the firewall
D. Restart the SNMP service running on the syslog server.
Answer: A
Explanation:
If the syslog server is no longer receiving previous messages from the firewall after changes were
done to the firewall, I think it makes more sense to adjust something on the firewall so those
messages get sent to the syslog server again.
QUESTION 235
Switch 3 was recently added to an existing stack to extend connectivity to various parts of the
network. After the update, new employees were not able to print to the main networked copiers
from their workstations. Following are the port configurations for the switch stack in question:
Switch 1:
Switch 2:
Switch 3:
Which of the following should be configured to resolve the issue? (Choose two.)
A. Enable the printer ports on Switch 3.

B. Reconfigure the duplex settings on the printer ports on Switch 3.
C. Reconfigure the VLAN on an printer ports to VLAN 20.
D. Enable all ports that are shut down on the stack.
E. Reconfigure the VLAN on the printer ports on Switch 3.
F. Enable wireless APs on Switch 3.
Answer: AE
Explanation:
A- because the printer ports are shutdown on Switch 3.
E- because the printer is on a different VLAN on Switch 3 (should be 60, not 80).
QUESTION 236
At which of the following OSI model layers does an IMAP client run?
A. Layer 2
B. Layer 4
C. Layer 6
D. Layer 7
Answer: D
Explanation:
IMAP is an application layer Internet Protocol using the underlying transport layer protocols to
establish host-to-host communication services for applications.
QUESTION 237
Which of the following attack vectors represents a large number of devices sending access
requests to a website, making it unavailable to respond?
A. Virus
B. Botnet
C. ARP spooling
D. DDoS
Answer: D
QUESTION 238
A network technician needs to determine the IPv6 address of a malicious website. Which of the
following record types would provide this information?
A. A
B. AAAA
C. CNAME
D. PTR
Answer: B
Explanation:
An AAAA record maps a domain name to the IP address (Version 6) of the computer hosting the
domain. An AAAA record is used to find the IP address of a computer connected to the internet
from a name.
QUESTION 239
Which of the following use cases would justify the deployment of an mGRE hub-and-spoke
topology?
A. An Increase In network security using encryption and packet encapsulation

B. A network expansion caused by an increase in the number of branch locations to the
headquarters
C. A mandatory requirement to increase the deployment of an SOWAN network
D. An Improvement In network efficiency by increasing the useful packet payload
Answer: B
QUESTION 240
A network technician receives a support ticket about an employee who has misplaced a
company-owned cell phone that contains private company information.
Which of the following actions should the network technician take to prevent data loss?
A. Disable the user account.

B. Lock the phone.
C. Turn off the service.
D. Execute remote wipe.
Answer: D
QUESTION 241
A client utilizes mobile tablets to view high-resolution images and videos via Wi-Fi within a
corporate office building. The previous administrator installed multiple high-density APs with Wi-Fi
5, providing maximum coverage, but the measured performance is still below expected levels.
Which of the following would provide the BEST solution?
A. Channel bonding
B. EiRP power settings
C. Antenna polarization
D. A directional antenna
Answer: A
Explanation:
It lets you use Wi-Fi, 3G, 4G, and wired connections simultaneously to speed up your internet
speed through channel bonding.
QUESTION 242
A network technician is responding to an issue with a local company. To which of the following
documents should the network technician refer to determine the scope of the issue?
A. MTTR
B. MOU
C. NDA
D. SLA
Answer: D
Explanation:
A service-level agreement (SLA) defines the level of service expected by a customer from a
supplier, laying out the metrics by which that service is measured, and the remedies or penalties,
if any, should the agreed-on service levels not be achieved. Usually, SLAs are between
companies and external suppliers, but they may also be between two departments within a
company.
QUESTION 243
Several end users viewing a training video report seeing pixelated images while watching. A
network administrator reviews the core switch and is unable to find an immediate cause. Which of
the following BEST explains what is occurring?
A. Jitter
B. Bandwidth
C. Latency
D. Giants
Answer: A
Explanation:
Jitter is the loss of packets due to an overworked WAP. Jitter shows up as choppy conversations
over a video call, strange jumps in the middle of an online game - pretty much anything that feels
like the network has missed some data. Latency is when data stops moving for a moment due to
a WAP being unable to do the work. This manifests as a Word document that stops loading, for
example, or an online file that stops downloading.
QUESTION 244
An administrator notices that after contact with several switches in an MDF they failed due to
electrostatic discharge. Which of the following sensors should the administrator deploy to BEST
monitor static electricity conditions in the MDF?
A. Temperature
B. Humidity
C. Smoke
D. Electrical
Answer: B
Explanation:
Humidity control prevents the buildup of static electricity and reduces the chances of electronic
components becoming vulnerable to damage from electrostatic shock; not only can very low
humidity lead to increased static electricity, but it can also contribute to health problems, such as
skin irritation.
QUESTION 245
A medical building offers patients Wi-Fi in the waiting room. Which of the following security
features would be the BEST solution to provide secure connections and keep the medical data
protected?
A. Isolating the guest network
B. Securing SNMP
C. MAC filtering
D. Disabling unneeded switchports
Answer: A
QUESTION 246
A malicious user is using special software to perform an on-path attack. Which of the following
best practices should be configured to mitigate this threat?
A. Dynamic ARP inspection

B. Role-based access
C. Control plane policing
D. MAC filtering
Answer: A
Explanation:
Dynamic ARP Inspection (DAI) is a security feature that validates Address Resolution Protocol
(ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard
ARP packets with invalid MAC address to IP address bindings. This capability protects the
network from certain “man-in-the-middle” attacks.
QUESTION 247
A systems administrator wants to use the least amount of equipment to segment two departments
that nave cables terminating in the same room. Which of the following would allow this to occur?
A. A load balancer
B. A proxy server
C. A Layer 3 switch
D. A hub
E. A Layer 7 firewall
F. The RSSI was not strong enough on the link
Answer: C
QUESTION 248
Two network technicians are installing a fiber-optic link between routers. The technicians used a
light meter to verify the correct fibers. However, when they connect the fibers to the router
interface, the link does not connect. Which of the following would explain the issue? (Choose
two.)
A. They used the wrong type of fiber transceiver.

B. Incorrect TX/RX polarity exists on the link
C. The connection has duplexing configuration issues.
D. Halogen light fixtures are causing interference.
E. One of the technicians installed a loopback adapter.
F. The RSSI was not strong enough on the link
Answer: AB
QUESTION 249
A network administrator is testing performance improvements by configuring channel bonding on
an 802.11ac AP. Although a site survey detected the majority of the 5GHz frequency spectrum
was idle, being used only by the company's WLAN and a nearby government radio system, the
AP is not allowing the administrator to manually configure a large portion of the 5GHz frequency
range. Which of the following would be BEST to configure for the WLAN being tested?
A. Upgrade the equipment to an AP that supports manual configuration of the ElRP power
settings.
B. Switch to 802.11n, disable channel auto-selection, and enforce channel bonding on the
configuration.
C. Set up the AP to perform a dynamic selection of the frequency according to regulatory
requirements.
D. Deactivate the band 5GHz to avoid Interference with the government radio
Answer: C
QUESTION 250
An ISP is unable to provide services to a user in a remote area through cable and DSL. Which of
the following is the NEXT best solution to provide services without adding external infrastructure?
A. Fiber
B. Leased line
C. Satellite
D. Metro optical
Answer: C
Explanation:
Fiber: Typically, fiber costs more than cable and DSL because providers must invest in new
infrastructure like underground fiber-carrying cables to build out fiber networks. As a result, fiber
is only available in certain parts of the country, but it’s becoming more accessible each year.
location.
Satellite internet access doesn’t require phone lines, cable lines or any other similar connection.
Satellite internet isn’t usually as fast as DSL or cable. Plus, it can be expensive, especially if you
live in a remote location. Also, you’ll need to keep a satellite on your property.
QUESTION 251
To comply with an industry regulation, all communication destined to a secure server should be
logged and archived on a storage device. Which of the Mowing can be configured to fulfill this
requirement?
A. QoS traffic classification

B. Port mirroring
C. Flow control
D. Link Aggregation Control Protocol
Answer: B
Explanation:
Port mirroring is used on a network switch to send a copy of network packets seen on one switch
port (or an entire VLAN) to a network monitoring connection on another switch port.
QUESTION 252
A technician removes an old PC from the network and replaces it with a new PC that is unable to
connect to the LAN.
Which of the Mowing is MOST likely the cause of the issue?
A. Port security
B. Port tagging
C. Port aggregation
D. Port mirroring
Answer: A
QUESTION 253
A network technician is having issues connecting an IoT sensor to the internet. The WLAN
settings were entered via a custom command line, and a proper IP address assignment was
received on the wireless interface. However, when trying to connect to the internet, only HTTP
redirections are being received when data is requested. Which of the following will point to the
root cause of the issue?
A. Verifying if an encryption protocol mismatch exists.

B. Verifying if a captive portal is active for the WLAN.
C. Verifying the minimum RSSI for operation in the device's documentation.
D. Verifying EIRP power settings on the access point.
Answer: B
QUESTION 254
A corporate client is experiencing global system outages. The IT team has identified multiple
potential underlying causes throughout the enterprise. Each team member has been assigned an
area to troubleshoot. Which of the following approaches is being used?
A. Divide-and-conquer
B. Top-to-bottom
C. Bottom-to-top
D. Determine if anything changed
Answer: A
QUESTION 255
A network administrator is troubleshooting a connectivity performance issue. As part of the
troubleshooting process, the administrator performs a traceroute from the client to the server, and
also from the server to the client. While comparing the outputs, the administrator notes they show
different hops between the hosts. Which of the following BEST explains these findings?
A. Asymmetric routing
B. A routing loop
C. A switch loop
D. An incorrect gateway
Answer: A
Explanation:
Asymmetric routing is when the flow of packets in one direction passes through a different
interface than that used for the return path.
QUESTION 256
Which of the following describes the BEST device to configure as a DHCP relay?
A. Bridge
B. Router
C. Layer 2 switch
D. Hub
Answer: B
Explanation:
A DHCP relay agent is a host or router that forwards DHCP packets between clients and servers.
Network administrators can use the DHCP Relay service of the SD-WAN appliances to relay
requests and replies between local DHCP Clients and a remote DHCP Server. It allows local
hosts to acquire dynamic IP addresses from the remote DHCP Server. Relay agent receives
DHCP messages and generates a new DHCP message to send out on another interface.
QUESTION 257
When accessing corporate network resources, users are required to authenticate to each
application they try to access.
Which of the following concepts does this BEST represent?
A. SSO
B. Zero Trust
C. VPN
D. Role-based access control
Answer: B
QUESTION 258
Which of the following would MOST likely utilize PoE?
A. A camera
B. A printer
C. A hub
D. A modem
Answer: A
Explanation:
A camera would MOST likely utilize PoE (Power over Ethernet) because it allows the camera to
be powered through the Ethernet cable, eliminating the need for a separate power source and
making installation and maintenance easier.
QUESTION 259
Which of the following network devices can perform routing between VLANs?
A. Layer 2 switch
B. Layer 3 switch
C. Load balancer
D. Bridge
Answer: B
QUESTION 260
An international company is transferring its IT assets, including a number of WAPs, from the
United States to an office in Europe for deployment. Which of the following considerations should
the company research before implementing the wireless hardware?
A. WPA2 cipher
B. Regulatory impacts
C. CDMA configuration
D. 802.11 standards
Answer: B
Explanation:
Products sold or exported into different countries need to comply with market access and local
mandatory approvals or certifications.
QUESTION 261
Network connectivity in an extensive forest reserve was achieved using fiber optics. A network
fault was detected, and now the repair team needs to check the integrity of the fiber cable. Which
of the following actions can reduce repair time?
A. Using a tone generator and wire map to determine the fault location
B. Using a multimeter to locate the fault point
C. Using an OTDR in one end of the optic cable to get the fiber length information
D. Using a spectrum analyzer and comparing the current wavelength with a working baseline
Answer: C
QUESTION 262
Which of the following would be used to enforce and schedule critical updates with supervisory
approval and include backup plans in case of failure?

B. Onboarding and offboarding policies
D. System life cycle
E. Change management
Answer: E
Explanation:
Change management can help ensure that your network keeps running in good health. It can also
ensure that your documentation reflects the true and current state of the objects it is describing.
This is very important for many aspects of your operations, including security responses and
troubleshooting operations. Change management documentation often includes the following:
- A documented reason for a change
- The actual change request
- The approval process
- The required maintenance window
- The change notification process
QUESTION 263
Which of the following would be the MOST cost-effective recovery solution for a company's lower-
priority applications?
A. Warm site
B. Cloud site
C. Hot site
D. Cold site
Answer: B
Explanation:
For many companies, the most cost-effective solution is to move processing and data storage to
a cloud site.
QUESTION 264
A technician is troubleshooting reports that a networked printer is unavailable. The printer's IP
address is configured with a DHCP reservation, but the address cannot be pinged from the print
server in the same subnet.
Which of the following is MOST likely the cause of the connectivity failure?
A. Incorrect VLAN
B. DNS failure
C. DHCP scope exhaustion
D. Incorrect gateway
Answer: A
QUESTION 265
An administrator would like to create a fault-tolerant ring between three switches within a Layer 2
network.
Which of the following Ethernet features should the administrator employ?
A. Spanning Tree Protocol

B. Open Shortest Path First
C. Port mirroring
D. An interior gateway protocol
Answer: A
Explanation:
Spanning tree protocol(STP) is a layer 2 network protocol used to prevent looping within a
Network topology. STP was created to avoid the problems that arise from computers exchanging
data on a local area network that contains redundant paths.
QUESTION 266
A systems operator is granted access to a monitoring application, configuration application, and
timekeeping application. The operator is denied access to the financial and project management
applications by the system's security configuration. Which of the following BEST describes the
security principle in use?
A. Network access control

B. Least privilege
C. Multifactor authentication
D. Separation of duties
Answer: B
Explanation:
Separation of duties has to do with splitting tasks among employees to reduce the chance of one
employee committing fraud. Least privilege is when you only provide employees with the account
privileges they need to complete their work.
QUESTION 267
Which of the following physical security methods Is the MOST effective to prevent tailgating?
A. Biometrics in an access control vestibule

B. IP cameras with motion detection
C. Smart lockers with tamper protection
D. Badge readers plus a PIN pad
Answer: A
QUESTION 268
Which of the following is used to provide disaster recovery capabilities to spin up all critical
devices using internet resources?
A. Cloud site
B. Hot site
C. Cold site
D. Warm site
Answer: A
Explanation:
A cloud site is the correct answer and provides disaster recovery capabilities to spin up all critical
devices using internet resources. A cloud site is a type of disaster recovery solution that allows an
organization to access and use its critical systems and data in the cloud, rather than on physical
servers. In the event of a disaster, an organization can use its cloud site to quickly spin up all its
critical devices and continue operations using internet resources.
A hot site, is not the correct answer in this scenario. A hot site is a type of disaster recovery site
that is fully equipped and ready for immediate use. It typically includes all the necessary
hardware, software, and infrastructure to support an organization's operations in the event of a
disaster. However, a hot site is not necessarily designed to use internet resources to spin up
critical devices, as is the case with a cloud site.
QUESTION 269
Which of the following would be used to adjust resources dynamically for a virtual web server
under variable loads?
A. Elastic computing
B. Scalable networking
C. Hybrid deployment
D. Multitenant hosting
Answer: A
Explanation:
Elastic Computing. Elasticity refers to a systems ability to adjust dynamically to a changing
workload.
QUESTION 270
After a critical power issue, the network team was not receiving UPS status notifications. The
network team would like to be alerted on these status changes.
Which of the following would be BEST to use for these notifications?
A. Traps
B. MB
C. NetFlow
D. Syslog
Answer: A
Explanation:
Trap - The agent informs the monitor of a notable event (port failure, for instance). The threshold
for triggering traps can be set for each value.
QUESTION 271
Which of the following needs to be tested to achieve a Cat 6a certification for a company's data
cabling?
A. RJ11
B. LC ports
C. Patch panel
D. F-type connector
Answer: C
Explanation:
CAT6A structured cabling channel solution consists of CAT6A bulk and patch Ethernet cable,
patch panels, keystone jacks, and wallplates. Each part of the solution is tested individually in an
end-to-end-channel by an independent third-party organization to guarantee optimum
performance.
QUESTION 272
A company's data center is hosted at its corporate office to ensure greater control over the
security of sensitive data. During times when there are increased workloads, some of the
company's non-sensitive data is shifted to an external cloud provider.
Which of the following cloud deployment models does this describe?
A. Hybrid
B. Community
C. Public
D. Private
Answer: A
QUESTION 273
A network administrator wants to test the throughput of a new metro Ethernet circuit to verify that
its performance matches the requirements specified in the SLA.
Which of the following would BEST help measure the throughput?
A. iPerf
B. Ping
C. NetFlow
D. Netstat
Answer: A
QUESTION 274
A Wi-Fi network was recently deployed in a new, multilevel building. Several issues are now
being reported related to latency and drops in coverage. Which of the following is the FIRST step
to troubleshoot the issues?
A. Perform a site survey.

B. Review the AP placement
C. Monitor channel utilization.
D. Test cable attenuation.
Answer: A
Explanation:
Incorrect antenna placement could cause or exacerbate attenuation and interference problems.
Use a site survey and heat map to determine the optimum position for APs and (if available) the
direction in which to point adjustable antennas.
QUESTION 275
A network technician needs to install security updates on several switches on the company's
network. The management team wants this completed as quickly and efficiently as possible.
Which of the following should the technician do to perform the updates?
A. Upload the security update onto each switch using a terminal emulator and a console cable.
B. Configure a TFTP server. SSH into each device, and perform the update.
C. Replace each old switch with new switches that have the updates already performed.
D. Connect a USB memory stick to each switch and perform the update.
Answer: B
QUESTION 276
Which of the following routing protocols is generally used by major ISPs for handling large-scale
internet traffic?
A. RIP
B. EIGRP
C. OSPF
D. BGP
Answer: D
Explanation:
The Border Gateway Protocol is the internet standard External Gateway Protocol (EGP). BGP
detects modifications to routing tables and selectively communicates those changes to other
routers over TCP/IP.
QUESTION 277
A network administrator is installing a new server in the datacenter. The administrator is
concerned the amount of traffic generated will exceed 1GB, and higher- throughput NICs are not
available for installation. Which of the following is the BEST solution for this issue?
A. Install an additional NIC and configure LACP.

B. Remove some of the applications from the server.
C. Configure the NIC to use fun duplex
D. Configure port mirroring to send traffic to another server.
E. Install a SSD to decrease data processing time.
Answer: A
Explanation:
Link Aggregation is the combining of multiple network connections in parallel by any of several
methods, in order to increase throughput.
QUESTION 278
Which of the following security controls indicates unauthorized hardware modifications?
A. Biometric authentication
B. Media device sanitization
C. Change management policy
D. Tamper-evident seals
Answer: D
Explanation:
Tamper evident seals protect against tampering by providing irreversible, visible evidence of
tampering to help reduce the chance of liability issues due to unauthorized service or misuse
QUESTION 279
Which of the following topologies requires the MOST connections when designing a network?
A. Mesh
B. Star
C. Bus
D. Ring
Answer: A
QUESTION 280
An administrator would like to allow Windows clients from outside the office to access
workstations without using third-party software.
Which or the following access methods would meet this requirement?
A. Remote desktop gateway

B. Spit tunnel
C. Site-to-site VPN
D. VNC
Answer: A
Explanation:
Building on RDP, a Remote Desktop Gateway offers an RDP-type of HTTPS VPN service over
TCP 443 and UDP 3391. This allows users from outside the corporate firewall to connect to
internal network resources (such as a work computer) from a remote device (Windows PC, Mac,
tablet, smartphone, etc.) using Microsoft’s Remote Desktop connection. The benefit of a remote
desktop gateway is that it increases security by encapsulating the session with TLS and does not
require a VPN.
QUESTION 281
Which of the following is a benefit of the spine-and-leaf network topology?
A. Increased network security

B. Stable network latency
C. Simplified network management
D. Eliminated need for inter-VLAN routing
Answer: B
Explanation:
A solution that has been proposed is a spine and leaf topology, a topology that ensures that all
devices are the same number of network hops away, thereby providing predictable and
consistent network latency.
QUESTION 282
To access production applications and data, developers must first connect remotely to a different
server.
From there, the developers are able to access production data. Which of the following does this
BEST represent?
A. A management plane
B. A proxy server
C. An out-of-band management device
D. A site-to-site VPN
E. A jump box
Answer: E
Explanation:
A jump box is a "secure computer" to access other servers and OOBM "controls assets and
network equipment".
QUESTION 283
A network administrator is reviewing the following metrics from a network management system
regarding a switchport. The administrator suspects an issue because users are calling in regards
to the switch port's performance:
Based on the information in the chart above, which of the following is the cause of these
performance issues?
A. The connected device is exceeding the configured MTU.

B. The connected device is sending too many packets
C. The switchport has been up for too long
D. The connected device is receiving too many packets.
E. The switchport does not have enough CRCs
Answer: A
QUESTION 284
A network engineer receives the following when connecting to a switch to configure a port:
telnet 10.1.200.1
Connecting to 10.1.200.1..Could not open connection to the host, on
port 23: Connect failed.
Which of the following is the MOST likely cause for the failure?
A. The network engineer is using the wrong protocol

B. The network engineer does not have permission to configure the device
C. SNMP has been secured with an ACL
D. The switchport the engineer is trying to configure is down
Answer: A
QUESTION 285
During a risk assessment, which of the following should be considered when planning to mitigate
high CPU utilization of a firewall?
A. Recovery time objective

B. Uninterruptible power supply
C. NIC teaming
D. Load balancing
Answer: D
Explanation:
The recovery time objective (RTO) is the maximum tolerable length of time that a computer,
system, network or application can be down after a failure or disaster occurs. This does nothing
to help with CPU utilization. Load balancing does this.
QUESTION 286
A help desk technician is concerned that a client's network cable issues may be causing
intermittent connectivity.
Which of the following would help the technician determine if this is the issue?
A. Run the show interface command on the switch

B. Run the traceroute command on the server.
C. Run iperf on the technician's desktop
D. Ping the client's computer from the router
E. Run a port scanner on the client's IP address
Answer: A
Explanation:
Cisco routers and switches have a show interfaces IOS command that provides interface
statistics/status information, including link state (up/down), speed/duplex, send/receive traffic,
cyclic redundancy checks (CRCs), and protocol packet and byte counts.
QUESTION 287
A security engineer is installing a new IOS on the network. The engineer has asked a network
administrator to ensure all traffic entering and leaving the router interface is available for the IDS.
Which of the following should the network administrator do?
A. Install a network tap for the IDS

B. Configure ACLs to route traffic to the IDS.
C. Install an additional NIC into the IDS
D. Install a loopback adapter for the IDS.
E. Add an additional route on the router for the IDS.
Answer: A
QUESTION 288
Two users on a LAN establish a video call. Which of the following OSI model layers ensures the
initiation, coordination, and termination of the call?
A. Session
B. Physical
C. Transport
D. Data link
Answer: A
Explanation:
The OSI model layer that ensures the initiation, coordination, and termination of a video call is the
session layer. The session layer is responsible for establishing, maintaining, and terminating
communication sessions between two devices on a network.
QUESTION 289
A false camera is installed outside a building to assist with physical security.
Which of the following is the device assisting?
A. Detection
B. Recovery
C. Identification
D. Prevention
Answer: D
Explanation:
The false camera is seen by people. They think it is real and this prevents them from doing
something wrong.
QUESTION 290
A network administrator is reviewing the network device logs on a syslog server. The messages
are normal, but the time stamps on the messages are incorrect.
Which of the following actions should the administrator take to ensure the log message time
stamps are correct?
A. Change the NTP settings on the network device

B. Change the time on the syslog server
C. Update the network device firmware
D. Adjust the timeout settings on the syslog server
E. Adjust the SSH settings on the network device.
Answer: A
QUESTION 291
Which of the following DHCP settings would be used to ensure a device gets the same IP
address each time it is connected to the network?
A. Scope options
B. Reservation
C. Exclusion
D. Relay
E. Pool
Answer: B
Explanation:
IP reservation assigns the same IP upon requesting IP renewal by a client.
QUESTION 292
Which of the following is the primary function of the core layer of the three-tiered model?
A. Routing
B. Repeating
C. Bridging
D. Switching
Answer: A
Explanation:
Core Layer consists of biggest, fastest, and most expensive routers with the highest model
numbers and Core Layer is considered as the back bone of networks. Core Layer routers are
used to merge geographically separated networks. The Core Layer routers move information on
the network as fast as possible. The switches operating at core layer switches packets as fast as
possible.
QUESTION 293
Logs show an unauthorized IP address entering a secure part of the network every night at 8:00
pm. The network administrator is concerned that this IP address will cause an issue to a critical
server and would like to deny the IP address at the edge of the network.
Which of the following solutions would address these concerns?
A. Changing the VLAN of the web server

B. Changing the server's IP address
C. Implementing an ACL
D. Instating a rule on the firewall connected to the web server
Answer: C
QUESTION 294
Due to concerns around single points of failure, a company decided to add an additional WAN to
the network. The company added a second MPLS vendor to the current MPLS WAN and
deployed an additional WAN router at each site. Both MPLS providers use OSPF on the WAN
network, and EIGRP is run internally. The first site to go live with the new WAN is successful, but
when the second site is activated significant network issues occur. Which of the following is the
MOST likely cause for the WAN instability?
A. A routing loop
B. Asymmetrical routing
C. A switching loop
D. An incorrect IP address
Answer: B
Explanation:
Asymmetrical routing is the most likely cause for the WAN instability. When two different routing
protocols are used, like OSPF and EIGRP, it can cause asymmetrical routing, which results in
traffic being routed differently in each direction. This can lead to instability in the WAN. A CDP
neighbor change, a switching loop, or an incorrect IP address are not likely causes for WAN
instability.
QUESTION 295
A network technician receives a report from the server team that a server's network connection is
not working correctly. The server team confirms the server is operating correctly except for the
network connection. The technician checks the switchport connected to the server and reviews
the following data;
Which of the following should the network technician perform to correct the issue?
A. Replace the Cat 5 patch cable with a Cat 6 cable

B. Install a crossover cable between the server and the switch
C. Reset the switchport configuration.
D. Use NetFlow data from the switch to isolate the issue.
E. Disable MDIX on the switchport and reboot the server.
Answer: A
Explanation:
Bad cables, incorrect pinouts, or bent pins: Faulty cables (with electrical characteristics
preventing successful transmission) or faulty connectors (which do not properly make
connections) can prevent successful data transmission at Layer 1. A bad cable could simply be
an incorrect category of cable being used for a specific purpose. For example, using a Cat 5
cable (instead of a Cat 6 or higher cable) to connect two 1000BASE-TX devices would result in
data corruption. Bent pins in a connector or incorrect pinouts could also cause data to become
corrupted.
QUESTION 296
Which of the following types of connections would need to be set up to provide access from the
internal network to an external network so multiple satellite offices can communicate securely
using various ports and protocols?
A. Client-to-site VPN
B. Clientless VPN
C. RDP
D. Site-to-site VPN
E. SSH
Answer: D
Explanation:
Whereas remote-access VPNs securely connect individual devices to a remote LAN, site-to-site
VPNs securely connect two or more LANs in different physical locations. Site-to-site VPNs use
the public internet to extend your company’s network across multiple office locations.
QUESTION 297
Which of the following will reduce routing table lookups by performing packet forwarding
decisions independently of the network layer header?
A. MPLS
B. mGRE
C. EIGRP
D. VRRP
Answer: A
Explanation:
MPLS is a networking technology that allows data packets to be forwarded based on short path
labels rather than long network addresses. This reduces the need for routing table lookups, as
the packet forwarding decisions can be made independently of the network layer header.
QUESTION 298
An employee reports to a network administrator that internet access is not working. Which of the
following should the administrator do FIRST?
A. Establish a theory of probable cause.

B. Identify symptoms.
C. Determine if anything has changed.
D. Ask the user to restart the computer.
Answer: C
QUESTION 299
A company is utilizing multifactor authentication for data center access. Which of the following is
the MOST effective security mechanism against physical intrusions due to stolen credentials?
A. Biometrics security hardware

B. Access card readers
C. Access control vestibule
D. Motion detection cameras
Answer: C
Explanation:
An access control vestibule, or mantrap, is part of a physical access control system that typically
provides a space between two sets of interlocking doors.
QUESTION 300
A network client is trying to connect to the wrong TCP port. Which of the following responses
would the client MOST likely receive?
A. RST
B. FIN
C. ICMP Time Exceeded
D. Redirect
Answer: A
Explanation:
A RST response is generated by the server when a client attempts to connect to a TCP port that
is not open. The RST message informs the client that the port is not available, and the client
should reset its connection. The RST response is generated by the server to immediately
terminate the connection attempt and prevent the client from wasting resources attempting to
connect to a port that will not respond.
QUESTION 301
A security administrator is trying to prevent incorrect IP addresses from being assigned to clients
on the network. Which of the following would MOST likely prevent this and allow the network to
continue to operate?
A. Configuring DHCP snooping on the switch

B. Preventing broadcast messages leaving the client network
C. Blocking ports 67/68 on the client network
D. Enabling port security on access ports
Answer: A
Explanation:
In computer networking, DHCP snooping is a series of techniques applied to improve the security
of a DHCP infrastructure.
DHCP servers allocate IP addresses to clients on a LAN. DHCP snooping can be configured on
LAN switches to exclude rogue DHCP servers and remove malicious or malformed DHCP traffic.
In addition, information on hosts which have successfully completed a DHCP transaction is
accrued in a database of bindings which may then be used by other security or accounting
features.
Other features may use DHCP snooping database information to ensure IP integrity on a Layer 2
switched domain. This information enables a network to:
Track the physical location of IP addresses when combined with AAA accounting or SNMP.
Ensure that hosts only use the IP addresses assigned to them when combined with source-guard
a.k.a. source-lockdown
Sanitize ARP requests when combined with arp-inspection a.k.a. arp-protect
QUESTION 302
A technician is configuring a wireless network and needs to ensure users agree to an AUP before
connecting. Which of the following should be implemented to achieve this goal?
A. Captive portal
B. Geofencing
C. Wireless client isolation
D. Role-based access
Answer: A
Explanation:
A captive portal is a Web page that the user of a public-access network is obliged to view and
interact with before access is granted. Captive portals are typically used by business centers,
airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hot spots for Internet
users.
QUESTION 303
Due to a surge in business, a company is onboarding an unusually high number of salespeople.
The salespeople are assigned desktops that are wired to the network. The last few salespeople to
be onboarded are able to access corporate materials on the network but not sales-specific
resources. Which of the following is MOST likely the cause?
A. The switch was configured with port security.

B. Newly added machines are running into DHCP conflicts.
C. The IPS was not configured to recognize the new users.
D. Recently added users were assigned to the wrong VLAN
Answer: D
QUESTION 304
A network security engineer locates an unapproved wireless bridge connected to the corporate
LAN that is broadcasting a hidden SSID, providing unauthenticated access to internal resources.
Which of the following types of attacks BEST describes this finding?
A. Rogue access point

B. Evil twin
C. ARP spoofing
D. VLAN hopping
Answer: A
Explanation:
A rogue access point is an illegitimate access point plugged into a network to create a bypass
from outside into the legitimate network. By contrast, an evil twin is a copy of a legitimate access
point.
QUESTION 305
A technician is consolidating a topology with multiple SSIDs into one unique SSID deployment.
Which of the following features will be possible after this new configuration?
A. Seamless roaming
B. Basic service set
C. WPA
D. MU-MIMO
Answer: A
QUESTION 306
Which of the following is the MOST cost-effective alternative that provides proper cabling and
supports gigabit Ethernet devices?
A. Twisted cable with a minimum Cat 5e certification

B. Multimode fiber with an SC connector
C. Twinaxial cabling using an F-type connector
D. Cable termination using TIA/EIA-568-B
Answer: A
Explanation:
Twisted cable with a minimum Cat 5e certification is the MOST cost-effective alternative that
provides proper cabling and supports gigabit Ethernet devices. B, C, and D are not correct
because they are not cost-effective options and do not provide proper cabling and support for
gigabit Ethernet devices.
QUESTION 307
A new company recently moved into an empty office space. Within days, users in the next office
began noticing increased latency and packet drops with their Wi-Fi-connected devices. Which of
the following is the MOST likely reason for this issue?
A. Channel overlap
B. Distance from the AP
C. Bandwidth latency
D. RF attenuation
E. Network congestion
Answer: E
Explanation:
Empty office gets filled with new people for using wifi, other office is now experiencing
slowdowns.
QUESTION 308
A network administrator is given the network 80.87.78.0/26 for specific device assignments.
Which of the following describes this network?
A. 80.87.78.0 - 80.87.78.14
B. 80.87.78.0 - 80.87.78.110
C. 80.87.78.1 - 80.87.78.62
D. 80.87.78.1 - 80.87.78.158
Answer: C
Explanation:
A CIDR notation of /26 refers to the number of bits used for the network prefix. In this case, the
network prefix is 26 bits long, which leaves 6 bits for the host addresses. In a CIDR notation /26,
the first 26 bits of the IP address represent the network and the last 6 bits represent the host
addresses.
In this case, the IP address range is 80.87.78.0 - 80.87.78.63 and the network address is
80.87.78.0, so the first usable IP address for devices is 80.87.78.1 and the last usable IP address
is 80.87.78.62.
QUESTION 309
A network technician is performing tests on a potentially faulty network card that is installed in a
server. Which of the following addresses will MOST likely be used during traffic diagnostic tests?
A. 10.10.10.10
B. 127.0.0.1
C. 192.168.0.1
D. 255.255.255.0
Answer: B
Explanation:
The loopback address being used for testing.
QUESTION 310
Which of the following provides guidance to an employee about restricting non-business access
to the company's videoconferencing solution?
A. Acceptable use policy

B. Data loss prevention
C. Remote access policy
D. Standard operating procedure
Answer: A
Explanation:
An acceptable use policy (AUP) is a set of rules that outline the proper and improper use of an
organization's resources, such as its videoconferencing solution. An AUP can provide guidance
to employees about what is expected of them when using the organization's videoconferencing
solution, including restricting non-business access to it.
QUESTION 311
An employee working in a warehouse facility is experiencing interruptions in mobile applications
while walking around the facility. According to a recent site survey, the WLAN comprises
autonomous APs that are directly connected to the internet, providing adequate signal coverage.
Which of the following is the BEST solution to improve network stability?
A. Implement client roaming using an extended service deployment employing a wireless

controller.
B. Remove omnidirectional antennas and adopt a directional bridge.
C. Ensure all APs of the warehouse support MIMO and Wi-Fi 4.
D. Verify that the level of EIRP power settings is set to the maximum permitted by regulations.
Answer: A
Explanation:
With multiple WAPs in an ESS, clients will connect to whichever WAP has the strongest signal.
As clients move through the space covered by the broadcast area, they will change WAP
connections seamlessly, a process called roaming.
QUESTION 312
Which of the following can be used to decrease latency during periods of high utilization of a
firewall?
A. Hot site
B. NIC teaming
C. HA pair
D. VRRP
Answer: B
Explanation:
NIC Teaming, also known as load balancing and failover (LBFO), allows multiple network
adapters on a computer to be placed into a team for the following purposes: Bandwidth
aggregation. Traffic failover to prevent connectivity loss in the event of a network component
failure.
QUESTION 313
A company's web server is hosted at a local ISP. This is an example of:
A. colocation.
B. an on-premises data center.
C. a branch office.
D. a cloud provider.
Answer: A
Explanation:
Co-location refers to the way IT equipment and resources are located or installed. This usually
refers to the networking hardware resources owned by an organization, such as Web or database
servers, which are located outside the vicinity of the organization's premises and "co-located"
with another organization's hardware, usually an ISP or a service provider. This is usually done
because the ISP might be the best candidate for maintaining the Web server hardware for the
organization and it would be better to keep the hardware in a more suitable place since ISPs
have specially built places for networking hardware.
QUESTION 314
An engineer is gathering data to determine the effectiveness of UPSs in use at remote retail
locations. Which of the following statistics can the engineer use to determine the availability of the
remote network equipment?
A. Uptime
B. NetFlow baseline
C. SNMP traps
D. Interface statistics
Answer: A
Explanation:
ATEN's SP100 (SNMP card) is an UPS monitoring equipment. Allows connection of the UPS
directly to the ethernet network through a RJ-45 connector without using RS-232 ports on the
computer and without loading any individual UPS management software on the network server.
QUESTION 315
A network technician is planning a network scope. The web server needs to be within 12.31.69.1
to 12.31.69.29. Which of the following would meet this requirement?
A. Lease time
B. Range reservation
C. DNS
D. Superscope
Answer: B
Explanation:
A DHCP reservation is a permanent IP address assignment. It is a specific IP address within a
DHCP scope that is permanently reserved for leased use to a specific DHCP client.
QUESTION 316
Which of the following would be used when connecting devices that have different physical
characteristics?
A. A proxy server
B. An industrial control system
C. A load balancer
D. A media converter
Answer: D
QUESTION 317
A network technician receives a report about a performance issue on a client PC that is
connected to port 1/3 on a network switch. The technician observes the following configuration
output from the switch:
Which of the following is a cause of the issue on port 1/3?
A. Speed
B. Duplex
C. Errors
D. VLAN
Answer: A
Explanation:
Speed is determined by voltage, duplex is by negotiation or direct settings. If its running at 10mb
it because the switch or the device has been hard set to it.
QUESTION 318
Which of the following must be functioning properly in order for a network administrator to create
an accurate timeline during a troubleshooting process?
A. NTP
B. IP helper
C. Syslog
D. MySQL
Answer: A
QUESTION 319
Which of the following issues are present with RIPv2? (Select TWO).
A. Route poisoning
B. Time to converge
C. Scalability
D. Unicast
E. Adjacent neighbors
F. Maximum transmission unit
Answer: BC
Explanation:
Scalability is an issue with RIPv2 because it is limited to a maximum of 15 hops, which means
that it is not suitable for larger networks. Time to converge is an issue because when a link goes
down, it can take up to 180 seconds for the entire network to converge and for the new best path
to be determined.
QUESTION 320
Which of the following is considered a physical security detection device?
A. Cameras
B. Biometric readers
C. Access control vestibules
D. Locking racks
Answer: A
QUESTION 321
A network administrator is trying to add network redundancy for the server farm. Which of the
following can the network administrator configure to BEST provide this capability?
A. VRRP
B. DNS
C. UPS
D. RPO
Answer: A
Explanation:
VRRP is an IP routing redundancy protocol designed to allow for transparent failover at the first-
hop IP router. VRRP enables a group of routers to form a single virtual router . The LAN clients
can then be configured with the virtual router as their default gateway.
QUESTION 322
The power company notifies a network administrator that it will be turning off the power to the
building over the weekend.
Which of the following is the BEST solution to prevent the servers from going down?
A. Redundant power supplies

B. Uninterruptible power supply
C. Generator
D. Power distribution unit
Answer: C
Explanation:
UPS is an almost instant battery backup that prevents your devices and power from being
interrupted, while generators have a longer start up time. Generators provide a much longer
lasting backup power supply and can sustain your business for much longer than a UPS.
QUESTION 323
A network engineer needs to reduce the overhead of file transfers. Which of the following
configuration changes would accomplish that goal?
A. Link aggregation
B. Jumbo frames
C. Port security
D. Flow control
E. Lower FTP port
Answer: B
Explanation:
Jumbo frames are larger than standard frames, fewer frames are needed and therefore CPU
processing overhead is reduced. Jumbo frames are packets that are longer than the standard
Ethernet (IEEE 802.3) frame size of 1,518 bytes.
QUESTION 324
A technician is monitoring a network interface and notices the device is dropping packets. The
cable and interfaces, however, are in working order.
Which of the following is MOST likely the cause?
A. OID duplication
B. MIB mismatch
C. CPU usage
D. Encapsulation errors
Answer: C
Explanation:
Overworking CPU or max Ram, general the encapsulation failed error message indicates that the
router has a layer 3 packet to forward and is lacking some element of the layer 2 header that it
needs to be able to forward the packet toward the next hop.
QUESTION 325
A security engineer is trying to determine whether an internal server was accessed by hosts on
the internet. The internal server was shut down during the investigation.
Which of the following will the engineer review to determine whether the internal server had an
unauthorized access attempt?
A. The ARP table

B. The NetFlow statistics
C. The firewall logs
D. The audit logs on the core switch
Answer: C
QUESTION 326
Which of the following types of attacks can be used to gain credentials by setting up rogue APs
with identical corporate SSIDs?
A. VLAN hopping
B. Evil twin
C. DNS poisoning
D. Social engineering
Answer: B
Explanation:
Evil twin, attacker AP setup with for example Starbucks1Guest to get you to attach, you still get
out to internet but attacker can see all you do. FYI always use VPN when in public WIFI, or better
yet NEVER EVER attach to any public WIFI use your cell service instead w/ VPN on of course.
QUESTION 327
A company joins a bank's financial network and establishes a connection to the clearinghouse
servers in the range 192 168.124.0/27. An IT technician then realizes the range exists within the
VM pool at the data center. Which of the following is the BEST way for the technician to connect
to the bank's servers?
A. NAT
B. PAT
C. CIDR
D. SLAAC
Answer: A
QUESTION 328
A user in a branch office reports that access to all files has been lost after receiving a new PC. All
other users in the branch can access fileshares. The IT engineer who is troubleshooting this
incident is able to ping the workstation from the branch router, but the machine cannot, ping the
router. Which of the following is MOST likely the cause of the incident?
A. Incorrect subnet mask

B. Incorrect DNS server
C. Incorrect IP class
D. Incorrect TCP port
Answer: A
QUESTION 329
A network administrator would like to purchase a device that provides access ports to endpoints
and has the ability to route between networks. Which of the following would be BEST for the
administrator to purchase?
A. An IPS
B. A Layer 3 switch
C. A router
D. A wireless LAN controller
Answer: B
QUESTION 330
Which of the following would be used to forward requests and replies between a DHCP server
and client?
A. Relay
B. Lease
C. Scope
D. Range
Answer: A
Explanation:
As DHCP messages are broadcast, these broadcast messages are not forwarded out of subnet
by router to other subnets (Assuming that you have more than one subnet). It means you need to
have a DHCP server for each of your subnet, which is not practical. The DHCP relay agent
receives DHCP Discover and Request messages broadcasted by the PC, and unicasts them
directly to the DHCP server. With each of your subnets configured with a relay agent, one DHCP
server can cater to all the clients in different subnets.
QUESTION 331
At which of the following OSI model layers does routing occur?
A. Data link
B. Transport
C. Physical
D. Network
Answer: D
QUESTION 332
A network technician has determined the cause of a network disruption. Which of the following is
the NEXT step for the technician to perform?
A. Validate the findings in a top-to-bottom approach

B. Duplicate the issue, if possible
C. Establish a plan of action to resolve the issue
D. Document the findings and actions
Answer: C
Explanation:
1. Identify the problem. Done
2. Establish a theory of probable cause. Done
3. Test the theory to determine the cause. The question states that he has "determined" the
cause. Done
4. Establish a plan of action to resolve the problem and implement the solution
5. Verify full system functionality, and, if applicable, implement preventive measures
6. Document findings, actions and outcomes
QUESTION 333
A company streams video to multiple devices across a campus. When this happens, several
users report a degradation of network performance. Which of the following would MOST likely
address this issue?
A. Enable IGMP snooping on the switches.

B. Implement another DHCP server.
C. Reconfigure port tagging for the video traffic.
D. Change the SSID of the APs
Answer: A
Explanation:
Another approach to mitigating multicast issues is to enable IGMP snooping on your switches.
This will prune multicast traffic and let your switches only forward multicast traffic to ports with
hosts that are members of a multicast group. IGMP snooping works by letting the switch “listen”
for when the host joins a multicast group, and only then will the switch forward frames from that
multicast to that host
QUESTION 334
Which of the following can be used to store various types of devices and provide contactless
delivery to users?
A. Asset tags
B. Biometrics
C. Access control vestibules
D. Smart lockers
Answer: D
Explanation:
Smart Lockers provide secure, fully integrated systems to simplify product pickup for unattended
rentals, device charging, package drop off and retrieval, and much more. Designed with the end-
user in mind, electronic locker systems enhance, complement, and expand upon the processes
and service that they use and rely on across a variety of industries.
QUESTION 335
Which of the following connectors and terminations are required to make a Cat 6 cable that
connects from a PC to a non-capable MDIX switch? (Choose two.)
A. TIA-568-A - TIA-568-B
B. TIA-568-B - TIA-568-B
C. RJ11
D. RJ45
E. F-type
Answer: BD
Explanation:
Cat6 cable is twisted pair cable, so you would use RJ45.
When connecting unlike devices:
PC - Hub
PC - Switch
Hub - Router
Switch - Router
A straight-through cable is used. You can terminate a straight-through cable two ways:
568A --- 568A
568B --- 568B
Since you are connecting to a non-compliant MDI/MDI-X device, you must use the correct
physical cable. If both devices were "Auto MDI/MDI-X" compatible, either a straight-through or
crossover cable would work. Auto "MDI/MDI-X" was created because silly humans kept putting
the wrong cables between two devices.
QUESTION 336
Users are reporting intermittent WiFi connectivity in specific parts of a building. Which of the
following should the network administrator check FIRST when troubleshooting this issue?
(Choose two.)
A. Site survey
B. EIRP
C. AP placement
D. Captive portal
E. SSID assignment
F. AP association time
Answer: AC
QUESTION 337
A network manager is configuring switches in IDFs to ensure unauthorized client computers are
not connecting to a secure wired network. Which of the following is the network manager MOST
likely performing?
A. Disabling unneeded switchports

B. Changing the default VLAN
C. Configuring DHCP snooping
D. Writing ACLs to prevent access to the switch
Answer: C
Explanation:
It is likely that the network manager will configure DHCP snooping on the switches in order to
verify that only approved DHCP servers are able to supply client PCs with IP addresses. It is also
possible to employ DHCP snooping to stop unapproved client computers from joining to a
network. The network manager is able to help ensure that only approved client computers are
able to join to the secure wired network by implementing DHCP snooping. This helps to keep the
network safe.
QUESTION 338
Which of the following OSI model layers is where a technician would view UDP information?
A. Physical
B. Data link
C. Network
D. Transport
Answer: D
QUESTION 339
A technician installed an 8-port switch in a user's office. The user needs to add a second
computer in the office, so the technician connects both PCs to the switch and connects the switch
to the wall jack. However, the new PC cannot connect to network resources. The technician then
observes the following:
- The new computer does not get an IP address on the client's VLAN.
- Both computers have a link light on their NICs.
- The new PC appears to be operating normally except for the network issue.
- The existing computer operates normally.
Which of the following should the technician do NEXT to address the situation?
A. Contact the network team to resolve the port security issue.

B. Contact the server team to have a record created in DNS for the new PC.
C. Contact the security team to review the logs on the company's SIEM.
D. Contact the application team to check NetFlow data from the connected switch.
Answer: A
QUESTION 340
Which of the following devices have the capability to allow communication between two different
subnetworks? (Select TWO).
A. IDS
B. Access point
C. Layer 2 switch
D. Layer 3 switch
E. Router
F. Media converter
Answer: DE
QUESTION 341
Which of the following describes traffic going in and out of a data center from the internet?
A. Demarcation point
B. North-South
C. Fibre Channel
D. Spine and leaf
Answer: B
QUESTION 342
A network is experiencing extreme latency when accessing a particular website. Which of the
following commands will BEST help identify the issue?
A. ipconfig
B. netstat
C. tracert
D. ping
Answer: C
QUESTION 343
report, the engineer finds hundreds of CRC errors on an interface. Which of the following is the
MOST likely cause of these errors?
A. A bad wire on the Cat 5e cable

B. The wrong VLAN assignment to the switchport
C. A misconfigured QoS setting on the router
D. Both sides of the switch trunk set to full duplex
Answer: A
Explanation:
CRC errors indicate a problem on the physical layer. Usually cable issues.
QUESTION 344
A company wants to set up a backup data center that can become active during a disaster. The
site needs to contain network equipment and connectivity. Which of the following strategies
should the company employ?
A. Active-active
B. Warm
C. Cold
D. Cloud
Answer: B
Explanation:
Active-active refers to more than one NIC being active at the same time. This question is referring
to a recovery site (hot, warm, cold, cloud).
QUESTION 345
A small office has a wireless network with several access points that are used by mobile devices.
Users occasionally report that the wireless connection drops or becomes very slow. Reports
confirm that this only happens when the devices are connected to the office wireless network.
Which of the following is MOST likely the cause?
A. The configuration of the encryption protocol
B. Interference from other devices
C. Insufficient bandwidth capacity
D. Duplicate SSIDs
Answer: B
QUESTION 346
A network technician is implementing a solution that will allow end users to gain access to
multiple applications after logging on. Which of the following authentication methods would allow
this type of access?
A. SSO
B. LDAP
C. EAP
D. TACACS+
Answer: A
Explanation:
Single sign-on (SSO) is an authentication method that enables users to securely authenticate
with multiple applications and websites by using just one set of credentials.
QUESTION 347
A network attack caused a network outage by wiping the configuration and logs of the border
firewall. Which of the following sources, in an investigation to determine how the firewall was
compromised, can provide the MOST detailed data?
A. Syslog server messages

B. MIB of the attacked firewall
C. Network baseline reports
D. NetFlow aggregate data
Answer: D
Explanation:
NetFlow is a protocol for collecting, aggregating and recording traffic flow data in a network.
NetFlow data provide a more granular view of how bandwidth and network traffic are being used
than other monitoring solutions, such as SNMP.
QUESTION 348
Which of the following is the MOST appropriate use case for the deployment of a clientless VPN?
A. Secure web access to internal corporate resources.

B. Upgrade security via the use of an NFV technology
C. Connect two data centers across the internet.
D. Increase VPN availability by using a SDWAN technology.
Answer: A
QUESTION 349
A newly installed VoIP phone is not getting the DHCP IP address it needs to connect to the
phone system. Which of the following tasks needs to be completed to allow the phone to operate
correctly?
A. Assign the phone's switchport to the correct VLAN

B. Statically assign the phone's gateway address.
C. Configure a route on the VoIP network router.
D. Implement a VoIP gateway
Answer: A
QUESTION 350
Which of the following options represents the participating computers in a network?
A. Nodes
B. CPUs
C. Servers
D. Clients
Answer: A
QUESTION 351
A technician is trying to determine whether an LACP bundle is fully operational. Which of the
following commands will the technician MOST likely use?
A. show interface
B. show config
C. how route
D. show arp
Answer: A
Explanation:
LACP, a subcomponent of IEEE 802.3ad, provides additional functionality for link aggregation
groups (LAGs). Use the link aggregation feature to aggregate one or more Ethernet interfaces to
form a logical point-to-point link, known as a LAG, virtual link, or bundle.
QUESTION 352
Which of the following is conducted frequently to maintain an updated list of a system's
weaknesses?
A. Penetration test
B. Posture assessment
C. Risk assessment
D. Vulnerability scan
Answer: D
QUESTION 353
Which of the following protocols is widely used in large-scale enterprise networks to support
complex networks with multiple routers and balance traffic load on multiple links?
A. OSPF
B. RIPv2
C. QoS
D. STP
Answer: A
QUESTION 354
A network administrator is planning a WLAN for a soccer stadium and was advised to use MU-
MIMO to improve connection performance in high-density areas. The project requires
compatibility with clients connecting using 2.4GHz or 5GHz frequencies. Which of the following
would be the BEST wireless standard for this project?
A. 80211ac
B. 802.11ax
C. 802.11g
D. 80211n
Answer: B
QUESTION 355
An auditor assessing network best practices was able to connect a rogue switch into a network
Jack and get network connectivity. Which of the following controls would BEST address this risk?
A. Activate port security on the switchports providing end user access.

B. Deactivate Spanning Tree Protocol on network interfaces that are facing public areas.
C. Disable Neighbor Resolution Protocol in the Layer 2 devices.
D. Ensure port tagging is in place for network interfaces in guest areas
Answer: A
QUESTION 356
A technician knows the MAC address of a device and is attempting to find the device's IP
address. Which of the following should the technician look at to find the IP address? (Choose
two.)
A. ARP table
B. DHCP leases
C. IP route table
D. DNS cache
E. MAC address table
F. STP topology
Answer: AB
Explanation:
A DHCP lease is a temporary assignment of an IP address to a device on the network.
MAC address table maps MAC addresses to switchports where the owners of individual MAC
addresses are attached.
ARP table maps IP addresses of directly attached neighbors to their MAC addresses.
QUESTION 357
A technician needs to configure a routing protocol for an internet-facing edge router. Which of the
following routing protocols will the technician MOST likely use?
A. BGP
B. RIPv2
C. OSPF
D. EIGRP
Answer: A
Explanation:
Border Gateway Protocol (BGP) is used to Exchange routing information for the internet and is
the protocol used between ISP which are different ASes. The protocol can connect together any
internetwork of autonomous system using an arbitrary topology.
QUESTION 358
An administrator is attempting to add a new system to monitoring but is unsuccessful. The
administrator notices the system is similar to another one on the network; however, the new one
has an updated OS version. Which of the following should the administrator consider updating?
A. Management information bases

B. System baseline
C. Network device logs
D. SNMP traps
Answer: A
Explanation:
The structure of the management data of a device subsystem using a hierarchical namespace
containing object identifiers.
QUESTION 359
Several employees have expressed concerns about the company monitoring their internet activity
when they are working from home. The company wants to mitigate this issue and reassure
employees that their private internet activity is not being monitored. Which of the following would
satisfy company and employee needs?
A. Split tunnel
B. Full tunnel
C. Site-to-site tunnel
D. Virtual desktop
Answer: A
Explanation:
Split tunneling is when only the traffic destined for resources at the corporate site go through a
VPN. The rest is sent from the remote user's device through the internet and directly to other
sites on the internet.
QUESTION 360
A device is connected to a managed Layer 3 network switch. The MAC address of the device is
known, but the static IP address assigned to the device is not. Which of the following features of a
Layer 3 network switch should be used to determine the IPv4 address of the device?
A. MAC table
B. Neighbor Discovery Protocol
C. ARP table
D. IPConfig
E. ACL table
Answer: C
Explanation:
To determine the IPv4 address of a device that is connected to a managed Layer 3 network
switch, you can use the ARP (Address Resolution Protocol) table.
The ARP table is a database that is used by a device to map MAC addresses to their
corresponding IP addresses. When a device sends a packet to another device on the same
network, it uses the MAC address of the destination device to deliver the packet. The ARP table
allows the device to determine the IP address of the destination device based on its MAC
address.
QUESTION 361
Which of the following protocols would enable a company to upgrade its internet connection by
acquiring its own public IP prefixes and autonomous system number?
A. EIGRP
B. BGP
C. IPv6
D. MPLS
Answer: B
Explanation:
Public BGP routing prefixes must be registered. There is no requirement anywhere to register
EIGRP AS numbers, since it is an Interior Gateway Protocol (IGP) like RIP and OSPF.
QUESTION 362
A network administrator installed an additional IDF during a building expansion project.
Which of the following documents need to be updated to reflect the change? (Choose two.)
A. Data loss prevention policy

B. BYOD policy
D. Non-disclosure agreement
E. Disaster recovery plan
F. Physical network diagram
Answer: EF
QUESTION 363
A user reports that a new VoIP phone works properly, but the computer that is connected to the
phone cannot access any network resources. Which of the following MOST likely needs to be
configured correctly to provide network connectivity to the computer?
A. Port duplex settings

B. Port aggregation
C. ARP settings
D. VLAN tags
E. MDIX settings
Answer: D
Explanation:
VLAN (virtual LAN) tags are used to identify packets as belonging to a particular VLAN. VLANs
are used to segment a network into logical sub-networks, and each VLAN is assigned a unique
VLAN tag. If the VLAN tag is not configured correctly, the computer may not be able to access
network resources.
QUESTION 364
A client who shares office space and an IT closet with another company recently reported
connectivity issues throughout the network. Multiple third-party vendors regularly perform on-site
maintenance in the shared IT closet. Which of the following security techniques would BEST
secure the physical networking equipment?
A. Disabling unneeded switchports

B. Implementing role-based access
C. Changing the default passwords
D. Configuring an access control list
Answer: B
Explanation:
Implementing role-based access would be the BEST solution as it would ensure that only
authorized personnel have access to the physical networking equipment in the shared IT closet,
reducing the risk of accidental or malicious tampering. This would help to secure the equipment
and prevent connectivity issues caused by unauthorized access.
QUESTION 365
Which of the following would be the BEST choice to connect branch sites to a main office
securely?
A. VPN headend
B. Proxy server
C. Bridge
D. Load balancer
Answer: A
Explanation:
Host-to-Site, or Client-to-Site, VPN allows for remote servers, clients, and other hosts to establish
tunnels through a VPN gateway (or VPN headend) via a private network. The tunnel between the
headend and the client host encapsulates and encrypts data.
QUESTION 366
A network administrator is designing a wireless network. The administrator must ensure a rented
office space has a sufficient signal. Reducing exposure to the wireless network is important, but it
is secondary to the primary objective. Which of the following would MOST likely facilitate the
correct accessibility to the Wi-Fi network?
A. Polarization
B. Channel utilization
C. Channel bonding
D. Antenna type
E. MU-MIMO
Answer: A
Explanation:
Polarization is important because it describes the orientation in which most signals will be
transmitted. Any Wi-Fi device must have an antenna, and that antenna has a polarization. Many
Wi-Fi clients use vertically polarized antennas.
QUESTION 367
A company wants to add a local redundant data center to its network in case of failure at its
primary location. Which of the following would give the LEAST amount of redundancy for the
company's network?
A. Cold site
B. Hot site
C. Cloud site
D. Warm site
Answer: A
QUESTION 368
A technician was cleaning a storage closet and found a box of transceivers labeled 8Gbps. Which
of the following protocols uses those transceivers?
A. Coaxial over Ethernet

B. Internet Small Computer Systems Interface
C. Fibre Channel
D. Gigabit interface converter
Answer: C
Explanation:
Fibre Channel for storage-area networks is getting faster, with Emulex and QLogic Wednesday
airing plans to support the 8Gbps Channel standard.
QUESTION 369
During a client audit, a network analyst is tasked with recommending changes to upgrade the
client network and readiness. A field technician has submitted the following report:
Based on this report, which of the following metrics or sensors would be the BEST
recommendation to the client?
A. Electrical
B. Humidity
C. Flooding
D. Temperature
Answer: D
QUESTION 370
During an annual review of policy documents, a company decided to adjust its recovery time
frames. The company agreed that critical applications can be down for no more than six hours,
and the acceptable amount of data loss is no more than two hours. Which of the following should
be documented as the RPO?
A. Two hours
B. Four hours
C. Six hours
D. Eight hours
Answer: A
Explanation:
RPO (Recovery Point Objective) is the point in time to which data must be recovered after a
disaster or interruption. It represents the maximum amount of data loss that the organization can
tolerate. In this case, the company agreed that the acceptable amount of data loss is no more
than two hours, therefore two hours should be documented as the RPO.
The maximum amount of downtime (Recovery Time Objective) for critical applications is no more
than six hours, this is not related to RPO.
QUESTION 371
A new global ISP needs to connect from central offices in North America to the United Kingdom.
Which of the following would be the BEST cabling solution for this project?
A. Single-mode
B. Coaxial
C. Cat 6a
D. Twinaxial
Answer: A
Explanation:
For a new global ISP to connect from central offices in North America to the United Kingdom, the
best cabling solution would be single-mode fiber optic cable. Single-mode fiber optic cable is a
type of cable that is used to transmit data over long distances using light signals. It is typically
used in long-haul communication networks, such as those that connect different countries or
continents.
QUESTION 372
Which of the following would be BEST to install to find and block any malicious users within a
network?
A. IDS
B. IPS
C. SCADA
D. ICS
Answer: B
Explanation:
After detecting an anomaly, the IPS device will perform inspection in real-time for every packet
traveling in the network. If it finds any packet suspicious, the IPS can block the suspicious user or
IP address from accessing the network or application, terminate its TCP session, reconfigure or
reprogram the firewall, or replace or remove malicious content if it remains after the attack.
QUESTION 373
Which of the following layers of the OSI model is between the Data Link and Transport layers?
A. Application
B. Session
C. Network
D. Physical
Answer: C
QUESTION 374
An administrator is troubleshooting analog telephony issues on the punch down block. Which of
the following tools would be MOST useful in this scenario?
A. T1 loopback
B. Butt set
C. Multimeter
D. Protocol analyzer
Answer: B
Explanation:
The clips on the butt set can be used to connect to a punch down block (for example, a 66 block
or a 110 block) connecting to a telephone.
QUESTION 375
Which of the following protocols is used to allow multiple hosts to share a common IP address?
A. HTTPS
B. ARP
C. CARP
D. NAT
Answer: D
QUESTION 376
Which of the following tools can the technician use to analyze TCP/IP packets when trying to
determine a connection problem within a subnet?
A. Wire mapper
B. Protocol analyzer
C. Cable tester
D. SYSLOG server
Answer: B
QUESTION 377
Which of the following is used to classify network data for the purpose of providing QoS?
A. STP
B. VLANs
C. SIP
D. DSCP
Answer: D
QUESTION 378
A network technician needs to separate a web server listening on port 80 from the internal LAN
and secure the server from the public Internet. The web server should be accessible to the public
Internet over port 80 but not the private LAN. Currently, the network is segmented with a network-
based firewall using the following IP addressing scheme on each interface:
Which of the following ones should the technician use to place the web server and which of the
following firewall rules should the technician configure?
A. Place the web server in the public zone with an inbound rule from eth0 interface to accept traffic
over port 80 designated to the web server
B. Place the web server in the DMZ with an inbound rule from eth0 interface to eth1 to accept traffic
C. Place the web server in the private zone with an inbound rule from eth2 interface to eth1 to
accept traffic over port 80 designated to the web server
D. Place the web server in the DMZ with an inbound rule from eth1 interface to eth0 to accept traffic
Answer: B
QUESTION 379
A company recently upgraded all of its printers to networked multifunction devices. Users can
print to the new devices, but they would also like the ability to scan and fax files from their
computers. Which of the following should the technician update to allow this functionality?
A. Device software
B. Printer drivers
C. Printer firmware
D. NIC drivers
Answer: C
QUESTION 380
A disgruntled employee executes a man-in-the-middle attack on the company network. Layer 2
traffic destined for the gateway is redirected to the employee's computer. This type of attack is an
example of:
A. ARP cache poisoning

B. IP spoofing
C. amplified DNS attack
D. evil twin
Answer: A
QUESTION 381
The process of attempting to exploit a weakness in a network after being given permission by the
company is known as:
A. penetration testing
B. vulnerability scanning
C. reconnaissance
D. social engineering
Answer: A
QUESTION 382
The security manager reports that individual systems involved in policy or security violations or
incidents cannot be located quickly. The security manager notices the hostnames all appear to be
randomly generated characters. Which of the following would BEST assist the security manager
identifying systems involved in security incidents?
A. Enforce port security to require system authentication

B. Implement a standardized UNC
C. Label existing systems with current hostnames
D. Forward the DHCP logs to the security manager every day
Answer: B
QUESTION 383
A building is equipped with light sensors that turn off the fluorescent lights when natural light is
above a certain brightness. Users report experiencing network connection issues only during
certain hours. The west side of the building experiences connectivity issues in the morning hours
and the east side near the end of the day. At night the connectivity issues affect the entire
building. Which of the following could be the cause of the connectivity issues?
A. Light sensors are interfering with the network

B. EMI from the lights is interfering with the network cables
C. Network wiring is run perpendicular to electrical conduit
D. Temperature changes are causing attenuation in copper cabling
Answer: C
QUESTION 384
A network technician configures a firewall's ACL to allow outgoing traffic for several popular
services such as email and web browsing. However, after the firewall's deployment, users are still
unable to retrieve their emails. Which of the following would BEST resolve this issue?
A. Allow the firewall to accept inbound traffic to ports 25, 67, 179, and 3389
B. Allow the firewall to accept inbound traffic to ports 80, 110, 143, and 443
C. Set the firewall to operate in transparent mode
D. Allow the firewall to accept inbound traffic to ports 21, 53, 69, and 123
Answer: B
QUESTION 385
A network security technician observes multiple attempts to scan network hosts and devices. All
the attempts originate from a single host on the network. Which of the following threats is MOST
likely involved?
A. Smurf attack
B. Rogue AP
C. Compromised system
D. Unintentional DoS
Answer: C
QUESTION 386
A network technician is troubleshooting an end-user connectivity problem. The network technician
goes to the appropriate IDF but is unable to identify the appropriate cable due to poor labeling.
Which of the following should the network technician use to help identify the appropriate cable?
A. Tone generator
B. Multimeter
C. OTDR
D. Loopback adapter
Answer: A
QUESTION 387
A network technician notices the site-to-site VPN and Internet connection have not come back up
at a branch office after a recent power outage. Which of the following is an out-of-band method
the technician would MOST likely utilize to check the branch office's router status?
A. Use a modem to console into the router

B. Walk a user through troubleshooting the connection
C. Travel to the branch office
D. Hire a contractor to go on-site
Answer: A
QUESTION 388
A network technician is considering opening ports on the firewall for an upcoming VoIP PBX
implementation. Which of the following protocols is the technician MOST likely to consider?
(Choose three.)
A. SIP
B. NTP
C. H.323
D. SMB
E. ICMP
F. RTP
G. IPSec
H. RDP
Answer: ACF
QUESTION 389
A device operating at Layer 3 of the OSI model uses which of the following protocols to determine
the path to a different network?
A. STP
B. RTP
C. RIP
D. NTP
E. SIP
Answer: C
QUESTION 390
Lisa, a technician, is tasked to monitor various analog POTS lines for voice activity. Which of the
following hardware tools would be used?
A. Butt set
B. Toner probe
C. Wire mapper
D. Cable certifier
Answer: A
QUESTION 391
An organization wants to perform maintenance on any of its web servers without affecting the
service availability during a scheduled change window. Which of the following network devices
would be required to provide this functionality?
A. Router
B. Forward proxy
C. Load balancer
D. Firewall
Answer: C
QUESTION 392
Which of the following communication modes has the LOWEST overhead necessary to support
streaming protocols such as RTP?
A. Connectionless
B. Stateful
C. Full Duplex
D. Quality of Service
Answer: A
QUESTION 393
Which of the following diagnostic commands relies on proper forwarding of ICMP ECHO packets?
A. ipconfig
B. ping
C. route
D. nbstat
Answer: B
QUESTION 394
A technician replaces a customer's router, and is now unable to ping the ISP's gateway. Which of
the following should the technician check?
A. The arp table of the new customer's router.

B. The route table of the next-hop router.
C. The route table of the new customer's router.
D. The arp table of a network user.
Answer: C
QUESTION 395
When Jeff, a technician, is troubleshooting a problem, which of the following is the NEXT step
after verifying full system functionality?
A. Establish a plan of action to resolve the problem and identify potential effects.
B. Implement the solution.
C. Establish a theory of probable cause.
D. Document findings, actions, and outcomes.
Answer: D
QUESTION 396
A technician needs to verify an Ethernet run is functioning properly.
Which of the following tools should be used?
A. Protocol analyzer
B. Crimper
C. Cable tester
D. Punch down tool
Answer: C
QUESTION 397
A network administrator is testing connectivity at a new corporate site. The site has a wireless
guest as well as a wired employee network. After verifying connectivity, the administrator checks
link speeds by using a speed testing website. The speed testing website shows lower download
and upload speeds for the wired network than the wireless network. Which of the following is the
MOST likely explanation?
A. There is less local congestion on the wireless network

B. The testing server for the wired network was farther away
C. The firewall is configured to throttle traffic to specific websites
D. The wireless access points were misconfigured
Answer: B
QUESTION 398
A technician replaces a failed router with a spare that has been in inventory for some time. After
attempting to enable HTTPS on the spare router, the technician discovers the feature is
unavailable. The support office was able to connect to the previous router. Which of the following
actions should the technician perform to enable HTTPS access for the support team?
A. Reboot the router

B. Enable HTTP on the router
C. Update the firmware of the spare router
D. Perform a factory reset on the router
Answer: C
QUESTION 399
A technician is trying to configure a previously owned WAP. The technician successfully logs into
the administrative console and attempts to input the IP address on the WAP. However, the WAP
is not accepting the command. Which of the following is causing the problem?
A. The WAP antenna is damaged

B. The WAP transmitter light is dim
C. The terminal emulation software is misconfigured
D. The LWAPP image is installed on the WAP
Answer: C
QUESTION 400
Which of the following protocols would the network administrator use to protect login credentials
when accessing a router terminal session?
A. SCP
B. SNMPv3
C. SSL
D. SSH
Answer: D
QUESTION 401
A network technician is doing a wireless audit and finds an SSID that does not match the
company's SSID. The company uses the SSID of ABC123, and the SSID the technician found is
Default. Which of the following threats did the network technician find?
A. AP isolation
B. DDoS
C. Evil twin
D. Rogue AP
Answer: D
QUESTION 402
A network administrator notices that load balancing is not working properly on the web cluster as
previously configured. In speaking with management, a change to the IP addressing scheme was
made yesterday which possibly affected one member of the cluster. Due to the timing of the
events, the administrator theorizes that this change caused the problem. Which of the following
should the administrator do NEXT?
A. Escalate to the management team

B. Change the IP address back to its previous state
C. Test the theory by analyzing logs
D. Create a plan of action to present to management
Answer: C
QUESTION 403
Which of the following are standard fiber cable connector types? (Select TWO).
A. RJ-11
B. F-connector
C. MTRJ
D. DB-9
E. ST
Answer: CE
QUESTION 404
A user would like to connect two laptops together and transfer files via the Ethernet ports. Which
of the following should MOST likely be provided to the user to accomplish this?
A. Crossover
B. Rollover
C. Loopback
D. Straight cable
Answer: A
QUESTION 405
Hubs are differentiated from switches in that between the two, only hubs have:
A. a single collision domain.

B. a single broadcast domain.
C. multiple collision domains.
D. multiple broadcast domains.
Answer: A
QUESTION 406
The phone company has provided a channelized T1 line. Which of the following should this line
be connected to?
A. Switch
B. CSU/DSU
C. IDF
D. MDF
Answer: B
QUESTION 407
Which of the following spreads out each of the individual wires of a UTP cable onto their own
metal connector?
A. BNC connection
B. 110 block
C. Plenum
D. LC connector
Answer: B
QUESTION 408
A user at a hotel sees two SSIDs; both are called "HotelWireless". After the PC connects to one
of the APs, the user notices their browser homepage has been changed. Which of the following
BEST describes this AP?
A. Man-in-the-middle
B. DDoS
C. Evil twin
D. War driving
Answer: C
QUESTION 409
An administrator would like to search for network vulnerabilities on servers, routers, and
embedded appliances. Which of the following tools would MOST likely accomplish this?
A. Baseline analyzer
B. Ping
D. Nessus
Answer: D
QUESTION 410
A technician needs to install a new wireless encryption system. They are evaluating the feasibility
of implementing WPA. WPA increases protection over WEP by implementing which of the
following?
A. Strong RC4 encryption

B. Shared secret keys
C. AES encryption
D. Key rotation
Answer: D
QUESTION 411
A network administrator wants to perform a test to see if any systems are passing clear text
through the network. Which of the following would be used?
A. Social engineering
B. Packet sniffing
C. Rogue access point
D. Man-in-the-middle
Answer: B
QUESTION 412
A network administrator is setting up a WAP and wants to disable the ability of gaining access
from the parking garage. Which of the following should the network administrator review?
A. Signal strength
B. SSID name
C. WPA2 encryption
D. WEP encryption
Answer: A
QUESTION 413
A network administrator wants to balance the amount of data between two networking cards.
Which of the following can be used for two or more networking cards?
A. NIC bonding
B. Proxy server
C. Firewall ACLs
D. VLANs
Answer: A
QUESTION 414
Which of the following assists a network administrator in reverse engineering malware and
viruses?
A. Virtual switches
B. Virtual machines
C. VLANs
D. IDS
Answer: B
QUESTION 415
A home user states during a basement remodel, one of the workers cut the network cable that
goes from the modem to the WAP and nothing else has changed. According to the network
troubleshooting methodology, which of the following is the NEXT step?
A. Identify the problem

B. Question the user
C. Establish a plan of action
D. Establish a theory of probable cause
Answer: C
QUESTION 416
Which of the following layers of the OSI model make up the Network Interface layer of the TCP/IP
model? (Select TWO).
A. Application
B. Physical
C. Presentation
D. Transport
E. Data Link
F. Network
Answer: BE
QUESTION 417
At which layer of the OSI model do MAC addresses operate?
A. Data Link
B. Network
C. Application
D. Physical
Answer: A
QUESTION 418
A network technician recently replaced a managed switch in an enterprise network with a new
managed switch. Users on the switch can communicate with each other but now cannot access
other network segments. Which of the following is the MOST likely reason that the users are
unable to access any network segments?
A. The newly installed switch is defective and must be returned.

B. The newly installed switch is using a different MAC address than the previous switch.
C. The technician forgot to change the VTP mode on the new switch to server.
D. The technician did not use the correct cable when trunking the new switch.
Answer: D
QUESTION 419
A network administrator currently collects log files from several different servers. Which of the
following would allow the network administrator to collect log files on a centralized host?
A. The network administrator should install and configure a traffic analysis server.
B. The network administrator should install and configure a DMZ server.
C. The network administrator should install and configure a syslog server.
D. The network administrator should install and configure a network sniffer.
Answer: C
QUESTION 420
A company has been given a Class C address to be utilized for all devices. The company has
several subnets and the largest subnet has 15 hosts. Which of the following represents the
MINIMUM CIDR notation of this subnet mask?
A. /26
B. /27
C. /28
D. /29
Answer: B
QUESTION 421
A company has gone through several upgrades on their network but unfortunately have no way of
identifying who approved the upgrades. Which of the following should be implemented to track
this type of work?
A. Change management
B. Asset management
C. Access log
D. Baselines
Answer: A
QUESTION 422
An administrator is trying to retrieve management information from the network devices on their
LAN. Which of the following monitoring resources provides the ability to collect this information
encrypted over the network?
A. SNMPv3
B. VTP
C. CDP
D. IPSec
Answer: A
QUESTION 423
Which of the following WAN technologies utilizes an optical SONET carrier and has a maximum
bandwidth of 155.54Mbps?
A. DS3
B. E3
C. OC3
D. T3
Answer: C
QUESTION 424
A network administrator decides to secure their small network by allowing only specific MAC
addresses to gain access to the network from specific switches. Which of the following is
described by this example?
A. Packet filtering
B. Hardware firewalls
C. Port security
D. Stateful inspection
Answer: C
QUESTION 425
Which of the following is used to limit the amount of bandwidth used on a link for different
applications to improve overall performance?
A. QoS
B. Fault tolerance
C. Load balancing
D. Traffic shaping
Answer: D
QUESTION 426
Users are reporting that all of a sudden some of the files stored on the remote file server share
are becoming corrupted and cannot be opened. A technician is dispatched to the server room to
troubleshoot. The technician verifies that no changes to the network infrastructure occurred
recently. Which of the following tools is MOST likely to reveal why files are becoming corrupted?
A. Environmental monitor
B. OTDR
C. Cable tester
D. Punch down tool
Answer: A
QUESTION 427
A large corporate office is looking to place smaller network closets around campus to handle
switching for remote workstations. To which of the following is this referring?
A. MDF
B. VPN
C. RDP
D. IDF
Answer: D
QUESTION 428
MIMO technology in the 802.11n standard provides for which of the following benefits?
A. Channel expansion
B. Gigabit wireless bandwidth
C. Multipath support
D. Channel bonding
Answer: C
QUESTION 429
A small office is looking to deploy wireless to cover one half of the work area only. The technician
is restricted to suspending the WAP in the middle of the office due to network jack limitations.
Which of the following antenna types would BEST meet these requirements?
A. Dipole
B. Parabolic
C. Directional
D. Omni-directional
Answer: C
QUESTION 430
If a technician does not assign an IP address to a device, the DHCP server will assign the device
A. static IP address.
B. reservation.
C. dynamic IP address.
D. MAC address.
Answer: C
QUESTION 431
A technician has been called about intermittent connectivity near IDF 2. Multiple cables were
recently pulled through a common conduit. Which of the following is MOST likely the cause of the
problem?
A. Crosstalk
B. Bad connectors
C. Wrong DNS
D. Duplicate IP address
Answer: A
QUESTION 432
Which of the following would be used on a network to ensure access to resources if a critical host
becomes unavailable?
A. QoS
B. CARP
C. VLAN
D. DHCP server
Answer: B
QUESTION 433
Which of the following is used to ensure traffic flows efficiently on multiple T-1 circuits?
A. DNS server
B. Content filter
C. Proxy server
D. Load balancer
Answer: D
QUESTION 434
All users on a specific network segment report losing access to the wired network. During
troubleshooting, the network administrator observes link lights on the workstations. When
physically reviewing each switch, the network administrator changes the switch view settings to
Activity and sees that all port lights remain solid green. Which of the following is MOST likely
causing this issue?
A. STP convergence
B. Power failure
C. Excessive bandwidth usage
D. Broadcast storm
Answer: D
QUESTION 435
Which of the following STP states indicates an inactivated port due to a loop?
A. Disabled
B. Learning
C. Blocking
D. Forwarding
Answer: C
QUESTION 436
Which of the following cables supports 10Gbps throughput and 100 meters as the maximum
distance?
A. T1 crossover
B. Singlemode fiber
C. CAT6a
D. Coaxial
Answer: C
QUESTION 437
A number of remote users have reported being unable to securely log on to the company's
network. Upon speaking with some of the employees experiencing the issue, no changes were
made to their configurations, usernames, or passwords. The technician establishes a theory that
one of the VPN concentrators may be down. Which of the following should the technician do
NEXT?
A. Plan to reboot the concentrator as the potential solution

B. Escalate the problem to management
C. Continue to speak to users, questioning if changes have been made
D. Test access to the concentrator to confirm the status
Answer: D
QUESTION 438
In a small office environment, one computer is set up to provide Internet access to three other
computers that are not interconnected. This is an example of which of the following topology
types?
A. Peer-to-peer
B. Point-to-multipoint
C. Hybrid
D. Point-to-point
Answer: B
QUESTION 439
A network technician is trying to run a protocol analyzer and is instructed to record the chimney
offload state of TCP. Which of the following utilities did the technician use to check this parameter
with the output listed below?
Querying active state...

TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State : enabled
Chimney Offload State : disabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : ctcp
ECN Capability : disabled
RFC 1323 Timestamps : disabled
A. net
B. netstat
C. nbtstat
D. netsh
Answer: D
QUESTION 440
Which of the following can use a third party back-end LDAP user database for authentication?
A. ISAKMP
B. TACACS+
C. PKI
D. CHAP
Answer: B
QUESTION 441
A technician has spent most of the day replacing a server running DHCP. Some of the users
have begun to call the help desk stating that Internet connection stopped working even after
rebooting. Upon investigation, the users' PCs with issues all have IP addresses that start with
169.254.x.x. The technician completes the replacement and powers on the new DHCP server.
Which of the following is the BEST way to provide the PCs with issues a new IP address?
A. Statically assign a legitimate IP address, and then set the PCs' NICs to DHCP
B. Inform each user to replace 169.254 with 192.168
C. Wait five minutes until the PC resends a DHCP request
D. Run netstat on each PC and then reboot into safe mode
Answer: C
QUESTION 442
A network administrator is implementing an IPS on VLAN 1 and wants the IPS to learn what to
prevent on its own. Which of the following would MOST likely be installed?
A. Honeynet
B. Signature based IPS
C. Behavior based IPS
D. Host based IPS
Answer: C
QUESTION 443
Which of the following network topologies is ONLY possible between two users?
A. Star
B. Client-server
C. Hybrid
D. Peer-to-peer
Answer: D
QUESTION 444
Ann, a new user, is unable to communicate on the network from her computer. A technician has
verified that the cables are functioning properly. Based on the information below, which action
should the technician take to correct Ann's problem?
Computer_A Switch_A
IP: 10.0.0.60 Int VLAN10
SM: 255.255.255.0 IP address 10.0.0.1/28
GW: 10.0.0.1 Speed 100 Duplex Full
A. Change the duplex on the switch interface to half

B. Change the speed on the switch interface to 10Mbps
C. Change the subnet mask of the computer to 255.255.255.240
D. Change the IP address of the computer to 10.0.0.12
Answer: D
QUESTION 445
A new technician has been tasked with implementing a QoS policy for the Network. The
technician decides it would be best to monitor the information traversing the network to gain
statistical information on ports and protocols utilized. Which of the following tools should the
technician use to complete this objective QUICKEST?
A. Traffic analyzer
B. Network sniffer
C. SNMPv3
D. System logs
Answer: A
QUESTION 446
Users report that they are unable to access the production server with IP address 192.168.30.17.
These users need to be provided access without changing any subnet to VLAN information.
The VLANs configured on the network are listed below:
DepartmentVLAN #Subnet used

Marketing 20 192.168.20.0/28
Customer Service 25 192.168.20.64/28
Finance 30 192.168.30.0/28
WHSE 35 192.168.30.16/28
Sales 40 192.168.3.16/28
The users experiencing this issue need to be added to which of the following VLANs?
A. 25
B. 30
C. 35
D. 40
Answer: C
QUESTION 447
A technician is installing an 802.11n network. The technician is using a laptop that can connect at
a maximum speed of 11 Mbps. The technician has configured the 802.11n network correctly but
thinks it could be the type of WLAN card used on the laptop. Which of the following wireless
standards is the WLAN card MOST likely using?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n
Answer: B
QUESTION 448
Which of the following firewall rules will block destination telnet traffic to any host with the source
IP address 1.1.1.2/24?
A. Deny any source host on source port 23 to destination any

B. Deny any source network 1.1.1.0/24 to destination any on port 23
C. Deny source host 1.1.12 on source port 23 to destination any
D. Deny any source network 1.1.1.0/24 with source port 23 to destination any
Answer: B
QUESTION 449
Which of the following addresses is a class B private address?
A. 132.216.14.184
B. 152.119.25.213
C. 162.17.43.22
D. 172.23.226.34
Answer: D
QUESTION 450
A technician installs a wireless router on an existing network by connecting it directly to the
firewall. By default, the main network is a Class A network, while the wireless network is a Class
C network. After the wireless router is installed, users connected to the wireless network report
they are unable to connect to the Internet. Which of the following needs to be configured to BEST
resolve this issue?
A. Configure the main network to Class C

B. Allow for duplicate IP addresses
C. Allow the main network to handle DHCP
D. Create a spanning tree to prevent switching loops
Answer: C
QUESTION 451
Which of the following configurations of a wireless network would be considered MOST secure?
A. WEP using MAC Filtering

B. WEP and hiding the SSID
C. WPA2
D. WPA TKIP and hiding the SSID
Answer: C
QUESTION 452
Which of the following is the minimum subnet mask to allow 172.16.1.5 and 172.16.4.3 to be on
the same subnet?
A. /19
B. /21
C. /22
D. /24
Answer: B
QUESTION 453
DHCP uses which of the following ports by default?
A. 21
B. 23
C. 68
D. 443
Answer: C
QUESTION 454
Which of the following describes a manually entered route?
A. Static
B. Dynamic
C. Multicast
D. Unicast
Answer: A
QUESTION 455
Which of the following is the unit used to transfer information at Layer 2 of the OSI model?
A. Packet
B. Socket
C. Session
D. Frame
Answer: D
QUESTION 456
A network technician visits a site that needs voice connectivity to the corporate office and installs
four IP phones. The phone exchange resides at the telephone company. Which of the following
technologies is being used?
A. Virtual switch
B. Virtual server
C. Virtual desktop
D. Virtual PBX
Answer: D
QUESTION 457
A client has just leased a new office space in a busy commercial building and would like to install
a wireless network. Several other tenants are on the same floor. Multiple wireless networks are
present in the building. Which of the following can be changed on the client's wireless network to
help ensure that interference from other wireless networks is at a minimum?
A. WPA encryption key selection

B. Channel selection
C. Antenna types
D. Disable SSID
Answer: B
QUESTION 458
A MAC address is a part of which of the following OSI model layers?
A. Network
B. Data Link
C. Physical
D. Transport
Answer: B
QUESTION 459
Which of the following is the reason why a company's network may contain a DHCP server?
A. To assign IP addresses to devices on the network

B. To convert IP addresses to fully qualified domain names
C. To provide POP3 and IMAP email functionality
D. To allow secure remote access
Answer: A
QUESTION 460
A company recently added an addition to their office building. A technician runs new plenum
network cables from the switch on one side of the company's gymnasium 80 meters (262 ft.) to
the new offices on the other side, draping the wires across the light fixtures. Users working out of
the new offices in the addition complain of intermittent network connectivity. Which of the
following is MOST likely the cause of the connectivity issue?
A. dB loss
B. Distance
C. Incorrect connector type
D. EMI
E. Crosstalk
Answer: D
QUESTION 461
Which of the following tools would a technician use to determine if a CAT6 cable is properly
terminated?
A. Cable tester
B. Punch down tool
C. Crimper
D. Multimeter
Answer: A
QUESTION 462
An administrator is able to list the interfaces on a switch after providing the community string
"public". Which of the protocols is the administrator MOST likely using?
A. Telnet
B. RADIUS
C. SSH
D. SNMP
Answer: D
QUESTION 463
Which of the following characteristics allows an 802.11g WAP to have transfer speeds up to
108Mbps?
A. MIMO technology
B. Channel bonding
C. Encryption type
D. Frequency
Answer: B
QUESTION 464
The systems administrator has assigned an IP address and default gateway to a standard Layer
2 switch. Which of the following would be the primary purpose of doing this?
A. Allow VLAN routing

B. Enable packet filtering on the switch
C. Allow remote administration of the switch
D. Enable MAC filtering on the switch
Answer: C
QUESTION 465
Ann, a technician, installs a wireless router in a network closet in a large office. She then
configures all workstations in various offices on that floor to use the wireless connection.
Maximum connection speed at each workstation is 54 Mbps. Some users complain that their
network connection is very slow. Which of the following is MOST likely the problem?
A. Workstations were configured with the wrong connection speed on the wireless adapter.
B. Users with a slow connection are too far away from the wireless router.
C. Users that cannot connect are configured on the wrong channel.
D. Wireless network SSID is incorrect.
Answer: B
QUESTION 466
Which of the following dynamic routing protocols selects routing paths based upon hop count?
A. BGP
B. RIP
C. OSPF
D. IGRP
Answer: B
QUESTION 467
A technician, Joe, visits a site that has reported a network down emergency. He immediately
reboots the switches and the router since the network is down. Which of the following network
troubleshooting methodology steps should Joe have performed FIRST?
A. Determine if anything has changed

B. Once a theory is confirmed determine the next step is to resolve the problem
C. Implement the solution or escalate as necessary
D. Question the obvious
Answer: A
QUESTION 468
A network technician is designing a SOHO environment where cost is a consideration. The
requirements include access to the Internet and access to the guest house which is 100 feet
away. The location of the Internet modem is located in the main house. Which of the following is
the BEST option to accomplish these requirements?
A. Use two combined Internet/router/wireless devices, one in each house.

B. Use a Layer 3 switch in the main house and a combined Internet/router/wireless device in the
guest house.
C. Use a combined Internet/router/wireless device in the main house and a wireless access point
in the guest house.
D. Use a single combined Internet/router/wireless device at the guest house.
Answer: C
QUESTION 469
Which of the following cable types is MOST commonly used with POTS?
A. CAT3
B. Multimode
C. CAT6
D. Coaxial
Answer: A
QUESTION 470
Which of the following is used to determine whether or not a user's account is authorized to
access a server remotely?
A. VPN
B. RDP
C. LDAP
D. Encryption
Answer: C
QUESTION 471
A firewall that detects and prevents attacks from outside the network based on learned data
patterns can BEST be described as which of the following?
A. Signature based IDS

B. Behavior based IPS
C. Host based IPS
D. Network based IDS
Answer: B
QUESTION 472
Which of the following technologies prevents network collisions to maximize safe delivery of
network data?
A. CSMA/CA
B. DWDM
C. RADIUS
D. SONET
Answer: A
QUESTION 473
Which of the following are authentication methods that can use AAA authentication? (Select
TWO).
A. Kerberos
B. PKI
C. TKIP/AES
D. MS-CHAP
E. RADIUS
F. TACACS+
Answer: EF
QUESTION 474
A company is connected to an ISP, but owns the premise router with an internal CSU/DSU.
Which of the following is considered the demarc?
A. Premise router
B. ISP router
C. Smart jack
D. CSU/DSU
Answer: C
QUESTION 475
Which of the following are considered AAA authentication methods? (Select TWO).
A. Kerberos
B. Radius
C. MS-CHAP
D. TACACS+
E. 802.1X
Answer: BD
QUESTION 476
An IP camera has a failed PoE NIC. This is the third time in months that a PoE NIC has failed on
this device. The technician suspects a possible power issue. Which of the following should be
used to test the theory?
A. Toner probe
B. Loopback plug
D. Multimeter
Answer: D
QUESTION 477
A technician is troubleshooting a network issue and needs to view network traffic on a switch in
real-time. Which of the following would allow the technician to view network traffic on a switch?
A. ISAKMP
B. Port forwarding
C. Port security
D. Port mirroring
Answer: D
QUESTION 478
A technician finds that the network card is no longer functioning. At which of the following OSI
layers is the problem occurring?
A. Layer 1
B. Layer 3
C. Layer 5
D. Layer 7
Answer: A
QUESTION 479
The address 6FFE:FFFF:0000:2F3B:04AC:00FF:FEBE:5C4A is an example of which of the
following?
A. APIPA
B. MAC
C. IPv4
D. IPv6
Answer: D
QUESTION 480
An administrator has added four switches to a campus network. The switch in wiring closet A is
only connected to the switch in wiring closet C. The switch in wiring closet B is connected to the
switch in wiring closet C as well as wiring closet D. The switch in wiring closet D is only
connected to the switch in wiring closet B. Which of the following topologies is represented in this
design?
A. Ring
B. Star
C. Bus
D. Mesh
Answer: C
QUESTION 481
A company wants an administrator to perform a vulnerability test. The administrator finds the
company has a POTS phone system. Which of the following can the administrator use to point
out the phone system vulnerability?
A. Honeypot
B. Butt set
C. Spyware
D. Blue jacking
Answer: B
QUESTION 482
Which of the following is used to explain guidelines for users while using network resources?
A. Network cut sheet

B. Baselines
D. Regulations
Answer: C
QUESTION 483
Standards such as JPEG and ASCII operate at which of the following OSI model layers?
A. Presentation
B. Data link
C. Session
D. Application
Answer: A
QUESTION 484
Which of the following cable types is employed to protect against interference in the physical
environment or when security is a concern?
A. STP
B. RG-6
C. Fiber
D. RG-59
Answer: C
QUESTION 485
A technician is responsible for configuring a new firewall. The hardware team has already
installed, powered, and connected the system. Which of the following types of documentation
should the technician utilize to complete the task?
A. Rack diagram
B. IDF/MDF documentation
C. Network performance baseline
D. Logical and physical diagrams
Answer: D
QUESTION 486
Which of the following networking devices operates at Layer1?
A. Router
B. Firewall
C. Hub
D. Bridge
Answer: C
QUESTION 487
A disgruntled employee decides to leak critical information about a company's new product. The
employee places keyloggers on the department's computers, allowing the information to be sent
out to the Internet.
Which of the following attacks is occurring?
A. Man-in-the-middle
B. Logic bomb
C. Insider threat
D. Social engineering
Answer: C
QUESTION 488
A network technician needs to set up an access method for Ann, a manager, to work from home.
Ann needs to locally mapped corporate resources to perform her job. Which of the following
would provide secure access to the corporate resources?
A. Utilize an SSH connection to the corporate server.

B. Use TFTP to transfer files to corporate resources.
C. Allow RDP through an external firewall.
D. Connect utilizing client-to-site VPN.
Answer: D
QUESTION 489
Which of the following DNS record types is an alias?
A. CNAME
B. PTR
C. NS
D. SRV
Answer: A
QUESTION 490
A recently constructed building makes use of glass and natural light. Users in the building are
reporting poor cellular connectivity and speeds. Which of the following is MOST likely the cause?
A. Absorption
B. Channel overlap
C. Reflection
D. Frequency mismatch
Answer: C
QUESTION 491
A network technician is working on a new switch implementation to expand the network. Which of
the following is the BEST option to ensure the implementation goes according to business
requirements?
A. AUP
B. NDA
C. SOP
D. SLA
Answer: C
QUESTION 492
A technician is utilizing SNMPv3 to monitor network statistics. Which of the following actions
would occur immediately of a server's utilization spikes above the prescribed value?
A. A trap message is sent via UDP to the monitoring workstation.

B. The SET function pushes an alert to the MIB database.
C. The object identifier is modified and reported during the next monitoring cycle.
D. A response message is sent from the agent to the manager.
Answer: A
QUESTION 493
In which of the following scenarios should a technician use a cross-over cable to provide
connectivity?
A. PC to switch
B. Switch to AP
C. Router to switch
D. Router to modem
E. PC to PC
Answer: E
QUESTION 494
802.11n clients currently have no way to connect to the network. Which of the following devices
should be implemented to let the clients connect?
A. Router
B. Range extender
C. VoIP endpoint
D. Access point
Answer: D
QUESTION 495
A network technician is setting up a new router. Since it is exposed to the public, which of the
following are the BEST steps the technician should take when setting up this device? (Choose
two.)
A. Disable unnecessary services.

B. Use private IP addresses.
C. Allow remote management access.
D. Disable the console port.
E. Enable encryption.
F. Upgrade to the latest firmware.
Answer: AF
QUESTION 496
Which of the following records can be used to track the number of changes on a DNS zone?
A. SOA
B. SRV
C. PTR
D. NS
Answer: A
Explanation:
The DNS ‘start of authority’ (SOA) record stores important information about a domain or zone
such as the email address of the administrator, when the domain was last updated, and how long
the server should wait between refreshes.
All DNS zones need an SOA record in order to conform to IETF standards. SOA records are also
important for zone transfers.
QUESTION 497
A network technician is troubleshooting a new web server connectivity issue. The network
technician discovers the following on the support ticket
- The server's IP address can be pinged from the client PCs.

- Access to the web resource works correctly when on the server's
console.
- No clients can access the servers data via URL.
- The server does not have a firewall configured
- No ACLs are preventing connectivity from the client's network.
- All services on the server are operating normally, which was
confirmed by the server team.
Which of the following actions will resolve the issue?
A. Reset port security on the switchport connecting the server.

B. Adjust the web server's NTP settings to match the client settings.
C. Configure A records for the web server.
D. Install the correct MIB on the web server
Answer: C
Explanation:
The problem is likely related to DNS resolution, as the clients are able to ping the server's IP
address but not access the web resource via URL. The other answers do not address this issue.
Configuring A records for the web server will ensure that clients are able to access the web
resource via its domain name.
QUESTION 498
A Chief Executive Officer and a network administrator came to an agreement with a vendor to
purchase new equipment for the data center. A document was drafted so all parties would be
informed about the scope of the project before it started. Which of the following terms BEST
describes the document used?
A. Contract
B. Project charter
C. Memorandum of understanding
D. Non-disclosure agreement
Answer: B
Explanation:
What is in a project charter?
A project charter is a formal short document that states a project exists and provides project
managers with written authority to begin work. A project charter document describes a project to
create a shared understanding of its goals, objectives and resource requirements before the
project is scoped out in detail.
What are the 5 elements of the project charter?

What Are the Contents of a Project Charter? A project charter should always include an overview,
an outline of scope, an approximate schedule, a budget estimate, anticipated risks, and key
stakeholders.
QUESTION 499
A technician is trying to install a VoIP phone, but the phone is not turning on. The technician
checks the cable going from the phone to the switch, and the cable is good. Which of the
following actions is needed for this phone to work?
A. Add a POE injector

B. Enable MDIX.
C. Use a crossover cable.
D. Reconfigure the port.
Answer: A
QUESTION 500
Which of the following compromises Internet-connected devices and makes them vulnerable to
becoming part of a botnet? (Choose two.)
A. Deauthentication attack
B. Malware infection
C. IP spoofing
D. Firmware corruption
E. Use of default credentials
F. Dictionary attack
Answer: BE
Explanation:
An attacker must install malware that opens a backdoor remote connection by using the default
credentials.
QUESTION 501
A user calls the IT department to report being unable to log in after locking the computer. The
user resets the password, but later in the day the user is again unable to log in after locking the
computer. Which of the following attacks against the user is MOST likely taking place?
A. Brute-force
B. On-path
C. Deauthentication
D. Phishing
Answer: A
Explanation:
In cryptography, a brute-force attack consists of an attacker submitting many passwords or
passphrases with the hope of eventually guessing correctly.
QUESTION 502
An administrator needs to connect two laptops directly to each other using 802.11ac but does not
have an AP available. Which of the following describes this configuration?
A. Basic service set

B. Extended service set
C. Independent basic service set
D. MU-MIMO
Answer: C
Explanation:
Independent BSS (IBSS), or ad hoc network, is created by peer devices among themselves
without network infrastructure.
QUESTION 503
A network administrator needs to configure a server to use the most accurate NTP reference
available. Which of the following NTP devices should the administrator select?
A. Stratum 1
B. Stratum 2
C. Stratum 3
D. Stratum 4
Answer: A
Explanation:
As you progress through different strata there are network delays involved that reduce the
accuracy of the NTP server in relation to UTC. Timestamps generated by an EndRun Stratum 1
Time Server will typically have 10 microseconds accuracy to UTC. A stratum-2 server will have
anywhere from 1/2 to 100 ms accuracy to UTC and each subsequent stratum layer (stratum-3,
etc.) will add an additional 1/2-100 ms of inaccuracy.
QUESTION 504
A Fortune 500 firm is deciding on the kind of data center equipment to install given its five-year
budget outlook. The Chief Information Officer is comparing equipment based on the life
expectancy of different models. Which of the following concepts BEST represents this metric?
A. MTBF
B. MTRR
C. RPO
D. RTO
Answer: A
Explanation:
MTBF is a crucial maintenance metric to measure performance, safety, and equipment design,
especially for critical or complex assets, like generators or airplanes. It is also used to determine
the reliability of an asset.
QUESTION 505
While setting up a new workstation, a technician discovers that the network connection is only
100 full duplex (FD), although it is connected to a gigabit switch.
While reviewing the interface information in the switch CLI, the technician notes the port is
operating at IOOFD but Shows many RX and TX errors. The technician moves the computer to
another switchport and experiences the same issues.
Which of the following is MOST likely the cause of the low data rate and port errors?
A. Bad switch ports

B. Duplex issues
C. Cable length
D. Incorrect pinout
Answer: D
Explanation:
If the pinout is incorrect on the cable, it doesn't matter where you plug it in, you're gonna get tx/rx
errors.
QUESTION 506
A network administrator wants to check all network connections and see the output in integer
form. Which of the following commands should the administrator run on the command line?
A. netstat
B. netstat -a
C. netstat -e
D. netstat -n
Answer: D
Explanation:
-a Display All connections and listening ports.
-e Display Ethernet statistics. (may be combined with -s)
-n Display addresses and port numbers in Numerical form.
-r Display the Routing table.
-o Display the Owning process ID associated with each connection.
-b Display the exe involved in creating each connection or listening port.*
-v Verbose - use in conjunction with -b, to display the sequence of components involved for all
executables.
-p protocol
Show only connections for the protocol specified; can be any of: TCP, UDP, TCPv6 or UDPv6.
If used with the -s option then the following protocols can also be specified: IP, IPv6, ICMP,or
ICMPv6.
-s Display per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6,
TCP, TCPv6, UDP, and UDPv6;
(The v6 protocols are not available under 2k and NT4)
The -p option can be used to display just a subset of these.
QUESTION 507
A network engineer is investigating issues on a Layer 2 switch. The department typically shares a
switchport during meetings for presentations, but after the first user shares, no other users can
connect. Which of the following is MOST likely related to this issue?
A. Spanning Tree Protocol is enabled on the switch.

B. VLAN trunking is enabled on the switch.
C. Port security is configured on the switch.
D. Dynamic ARP inspection is configured on the switch.
Answer: C
Explanation:
The issue described in the scenario suggests that the switchport is being shut down after the first
user connects. This is a common behavior when port security is enabled on a switchport, which
limits the number of MAC addresses that can connect to the port. Once the limit is reached, the
switchport is shut down to prevent unauthorized devices from connecting.
QUESTION 508
SIMULATION
A network technician replaced a switch and needs to reconfigure it to allow the connected
devices to connect to the correct networks.
INSTRUCTIONS
Click on the appropriate port(s) on Switch 1 and Switch 3 to verify or reconfigure the correct
settings:
• Ensure each device accesses only its correctly associated network

• Disable all unused switch ports
• Require fault-tolerant connections between the switches
• Only make necessary changes to complete the above requirements
All button.
Answer:
To reconfigure the switch, the technician needs to click on the appropriate port(s) on Switch 1 and
Switch 3. The technician should ensure that each device only has access to its correctly
associated network. The technician should also disable all unused switch ports. Finally, the
technician should require fault-tolerant connections between the switches. If at any time the
technician wants to bring back the initial state of the simulation, they can click on the Reset All
button.
Tagged = Switch to Switch connections.

Untagged = Devices(WLAN, Servers, Printers, VoIP)
Port Enabled = if there is a device connected
Port Disabled = if there is nothing connection on the port.
Switch 1-Ports 1 & 2 >Port Enabled >LACP Enabled >VLAN60/90/120/150/220 Tagged

Switch 1-Ports 3 & 4 >Port Enabled >LACP Disabled >VLAN90 Untagged
Switch 1-Ports 5 & 6 >Port Enabled >LACP Enabled >VLAN60/120/150 Tagged
Switch 1-Ports 7 & 8 >Port Enabled >LACP Enabled >VLAN60/90/120/220 Tagged
Switch 3-Ports 1 & 2 >Port Enabled >LACP Enabled >VLAN60/90/120/220 Tagged
Switch 3-Ports 3 & 5 >Port Disabled
Switch 3-Port 4 >Port Enabled >LACP Disabled >VLAN120/220 Untagged
Switch 3-Port 6 >Port Enabled >LACP Disabled >VLAN120 Untagged
QUESTION 509
A technician is setting up a new router, configuring ports, and allowing access to the Internet.
However, none of the users connected to this new router are able to connect to the Internet.
Which of the following does the technician need to configure?
A. Tunneling
B. Multicast routing
C. Network address translation
D. Router advertisement
Answer: C
QUESTION 510
An administrator is working with the local ISP to troubleshoot an issue. Which of the following
should the ISP use to define the furthest point on the network that the administrator is responsible
for troubleshooting?
A. Firewall
B. A CSU/DSU
C. Demarcation point
D. Router
E. Patch panel
Answer: C
Explanation:
Demarc point denotes the separation of responsibility from ISP to administrator.
QUESTION 511
A technician recently set up a small office network for nine users. When the installation was
complete, all the computers on the network showed addresses ranging from 169.254.0.0 to
169.254.255.255. Which of the following types of address ranges does this represent?
A. Private
B. Public
C. APIPA
D. Classless
Answer: C
QUESTION 512
A network technician at a university is assisting with the planning of a simultaneous software
deployment to multiple computers in one classroom in a building.
Which of the following would be BEST to use?
A. Multicast
B. Anycast
C. Unicast
D. Broadcast
Answer: A
QUESTION 513
An organization purchased an allocation of public IPv4 addresses. Instead of receiving the
network address and subnet mask, the purchase paperwork indicates the allocation is a /28. This
type of notation is referred to as:
A. CIDR
B. classful
C. classless
D. RFC1918
Answer: A
QUESTION 514
A network technician is reviewing a document that specifies how to handle access to company
resources, such as the Internet and printers, when devices are not part of the company's assets.
Which of the following agreements would a user be required to accept before using the
company's resources?
A. BYOD
B. DLP
C. AUP
D. MOU
Answer: C
QUESTION 515
A network administrator is adding a new switch to the network. Which of the following network
hardening techniques would be BEST to use once the switch is in production?
A. Disable unneeded ports

B. Disable SSH service
C. Disable MAC filtering
D. Disable port security
Answer: A
QUESTION 516
An IT administrator received an assignment with the following objectives:
- Conduct a total scan within the company's network for all connected hosts.
- Detect all the types of operating systems running on all devices.
- Discover all services offered by hosts on the network.
- Find open ports and detect security risks.
Which of the following command-line tools can be used to achieve these objectives?
A. nmap
B. arp
C. netstat
D. tcpdump
Answer: A
QUESTION 517
A network administrator needs to provide remote clients with access to an internal web
application. Which of the following methods provides the HIGHEST flexibility and compatibility
while encrypting only the connection to the web application?
A. Clientless VPN
B. Virtual desktop
C. Virtual network computing
D. mGRE tunnel
Answer: A
Explanation:
A clientless SSL VPN is a browser-based VPN that allows a remote user to securely access the
corporate resources. They access the resources from any location using HTTP over an SSL
connection. Once they authenticate, they'll see a portal page where they can access specific,
predefined internal resources.
QUESTION 518
A user from a remote office is reporting slow file transfers. Which of the following tools will an
engineer MOST likely use to get detailed measurement data?
A. Packet capture
B. iPerf
C. NetFlow analyzer
D. Internet speed test
Answer: B
Explanation:
Iperf is a tool for network performance measurement and tuning. It is a cross-platform tool that
can produce standardized performance measurements for any network.
QUESTION 519
A company is moving to a new building designed with a guest waiting area that has existing
network ports. Which of the following practices would BEST secure the network?
A. Ensure all guests sign an NDA.

B. Disable unneeded switchports in the area.
C. Lower the radio strength to reduce Wi-Fi coverage in the waiting area.
D. Enable MAC filtering to block unknown hardware addresses.
Answer: D
QUESTION 520
A network engineer is monitoring a fiber uplink to a remote office and notes the uplink has been
operating at 100% capacity for a long duration. Which of the following performance metrics is
MOST likely to be impacted with sustained link saturation?
A. Latency
B. Jitter
C. Speed
D. Bandwidth
Answer: D
Explanation:
Bandwidth/throughput-This is the rated speed of all the interfaces available to the device,
measured in Mbps or Gbps. For wired Ethernet links, this will not usually vary, but the bandwidth
of WAN and wireless links can change over time.
QUESTION 521
After HVAC failures caused network outages, the support team decides to monitor the
temperatures of all the devices. The network administrator cannot find a command that will
display this information. Which of the following will retrieve the necessary information?
A. SNMP OID values

B. NetFlow data export
C. Network baseline configurations
D. Security information and event management
Answer: A
Explanation:
An OID is an object identifier value, typically an address used to identify a particular device and
its status.
For example, you want to monitor a remote temperature sensor sitting on the roof of your
building.
But there are three different temperature sensors placed in different parts of the roof.
How can you check the value of the sensor located on the eastern side of the roof? Using the
unique OID associated with each device.
In other words, each device has its own unique OID and using that you can track the performance
and status of that particular device.
QUESTION 522
A company needs a redundant link to provide a channel to the management network in an
incident response scenario. Which of the following remote access methods provides the BEST
solution?
A. Out-of-band access
B. Split-tunnel connections
C. Virtual network computing
D. Remote desktop gateways
Answer: A
Explanation:
Out of band access a smart out of band access Network can be effective at maintaining access to
devices even when the production network is down.
QUESTION 523
Which of the following connector types would be used to connect to the demarcation point and
provide network access to a cable modem?
A. F-type
B. RJ45
C. LC
D. RJ11
Answer: A
Explanation:
The Demarc is the point where the cable (Cable being the keyword here) company's
responsibility ends and yours begins. The media between the demarc and cable modem will be a
coaxial cable which takes an F type connector.
QUESTION 524
Which of the following can have multiple VLAN interfaces?
A. Hub
B. Layer 3 switch
C. Bridge
D. Load balancer
Answer: B
QUESTION 525
Which of the following is the IEEE link cost for a Fast Ethernet interface in STP calculations?
A. 2
B. 4
C. 19
D. 100
Answer: C
Explanation:
Link Speed Cost Value
10 Gbps 2
1 Gbps 4
100 Mbps 19
10 Mbps 100
QUESTION 526
A network engineer developed a plan of action to resolve an ongoing issue. Which of the
following steps should the engineer take NEXT?
A. Verify full system functionality and implement preventative measures.
B. Implement the solution to resolve the problem.
C. Document findings, actions, outcomes, and lessons learned.
D. Establish a theory of probable cause.
Answer: B
Explanation:
Network troubleshooting is a repeatable process, which means that you can break it down into
clear steps that anyone can follow.
Identify the Problem. ...
Develop a Theory. ...
Test the Theory. ...
Plan of Action. ...
Implement the Solution. ...
Verify System Functionality. ...
Document the Issue.
Theory of probable cause is before Plan of action.
https://www.comptia.org/content/guides/a-guide-to-network-troubleshooting
QUESTION 527
An office area contains two PoE-enabled WAPs. After the area was remodeled, new cable
uplinks were installed in the ceiling above the fluorescent lights. However, after the WAPs were
reconnected, users reported slowness and application errors. An intern reviewed the network and
discovered a lot of CRC errors. A network engineer reviewed the intern's work and realized UTP
cabling was used. Which of the following is the MOST likely cause of the CRC errors?
A. Insufficient power at the antennas

B. PoE and UTP incompatibility
C. Electromagnetic interference
D. Wrong cable pinout
Answer: C
Explanation:
CRC errors in this section is a duplicate in the objectives, and appears in the previous
section.They occur when packets contain invalid values, and possible causes include a faulty
port, poor wiring, and even electromagnetic interference (EMI).
EMI is a problem when cables are installed near electrical devices, such as air conditioners or
fluorescent light fixtures. If a network medium is placed close enough to such a device, the signal
within the cable might become corrupt. Network media vary in their resistance to the effects of
EMI. Standard unshielded twisted-pair (UTP) cable is susceptible to EMI, whereas fiber cable,
with its light transmissions, is resistant to EMI. When deciding on a particular medium, consider
where it will run and the impact EMI can have on the installation.
QUESTION 528
Several users with older devices are reporting intermittent connectivity while in an outdoor patio
area. After some research, the network administrator determines that an outdoor WAP might help
with the issue. However, the company does not want the signal to bleed into the building and
cause interference. Which of the following should the network administrator perform to BEST
resolve the issue?
A. Disable the SSID broadcast on the WAP in the patio area.
B. Install a WAP and enable 5GHz only within the patio area.
C. Install a directional WAP in the direction of the patio.
D. Install a repeater on the back wall of the patio area.
Answer: C
Explanation:
Option A (disabling the SSID broadcast on the WAP in the patio area) would not necessarily
improve connectivity in the patio, and it could make it more difficult for users to connect to the
wireless network. Option B (enabling 5GHz only within the patio area) might improve connectivity
for devices that support the 5GHz frequency band, but it would not help devices that only support
the 2.4GHz frequency band. Option D (installing a repeater on the back wall of the patio area)
might help to extend the range of the wireless network, but it would not necessarily improve
connectivity for users in the patio.
QUESTION 529
Which of the following is most likely to have the HIGHEST latency while being the most
accessible?
A. Satellite
B. DSL
C. Cable
D. 4G
Answer: A
QUESTION 530
Which of the following commands can be used to display the IP address, subnet address,
gateway address, and DNS address on a Windows computer?
A. netstat -a
B. ifconfig
C. ip addr
D. ipconfig /all
Answer: D
Explanation:
ipconfig = IP address, Subnet, Gateway, and DNS PREFIX
ipconfig /all = IP address, Subnet, Gateway, AND DNS ADDRESS.
QUESTION 531
Given the following information:
Which of the following would cause performance degradation between PC A and PC B?
A. Attenuation
B. Interference
C. Decibel loss
D. Incorrect pinout
Answer: A
Explanation:
Attenuation is the weakening of a signal as it travels long distances and is caused when wave
signals travel too far without help. As a cable run gets longer, the attenuation increases, and the
signal becomes weaker.
QUESTION 532
A technician is deploying a new SSID for an industrial control system. The control devices require
the network to use encryption that employs TKIP and a symmetrical password to connect. Which
of the following should the technician configure to ensure compatibility with the control devices?
A. WPA2-Enterprise
B. WPA-Enterprise
C. WPA-PSK
D. WPA2-PSK
Answer: C
Explanation:
WPA uses Temporal Key Integrity Protocol (TKIP) for enhanced encryption. TKIP uses RC4 for
the encryption algorithm, and the CompTIA Network+ exam may reference TKIP-RC4 in a
discussion of wireless.
WPA2 uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
(CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. On the
Network+ exam, you might find this referenced as simply CCMP-AES.
QUESTION 533
Which of the following ports should be used to securely receive mail that is synchronized across
multiple devices?
A. 25
B. 110
C. 443
D. 993
Answer: D
QUESTION 534
A technician is configuring a static IP address on a new device in a newly created subnet. The
work order specifies the following requirements:
-The IP address should use the highest address available in the subnet.
- The default gateway needs to be set to 172.28.85.94.
- The subnet mask needs to be 255.255.255.224.
Which of the following addresses should the engineer apply to the device?
A. 172.28.85.93
B. 172.28.85.95
C. 172.28.85.254
D. 172.28.85.255
Answer: A
QUESTION 535
A technician manages a DHCP scope but needs to allocate a portion of the scope’s subnet for
statically assigned devices. Which of the following DHCP concepts would be BEST to use to
prevent IP address conflicts?
A. Dynamic assignment
B. Exclusion range
C. Address reservation
D. IP helper
Answer: B
Explanation:
To prevent IP address conflicts when allocating a portion of a DHCP scope's subnet for statically
assigned devices, it is recommended to use the concept of DHCP exclusion ranges.
DHCP exclusion ranges allow a DHCP administrator to specify a range of IP addresses within the
scope that should not be assigned to DHCP clients. This can be useful in situations where some
devices on the network need to be assigned static IP addresses, as it ensures that the statically
assigned addresses do not overlap with addresses assigned by the DHCP server.
To set up a DHCP exclusion range, the administrator needs to specify the start and end IP
addresses of the range, as well as the subnet mask. The DHCP server will then exclude the
specified range of addresses from its pool of available addresses, and will not assign them to
DHCP clients.
By using DHCP exclusion ranges, the technician can ensure that the statically assigned
addresses do not conflict with addresses assigned by the DHCP server, and can prevent IP
address conflicts on the network.
QUESTION 536
Network users reported that a recent firmware upgrade to a firewall did not resolve the issue that
prompted the upgrade. Which of the following should be performed NEXT?
A. Reopen the service ticket, request a new maintenance window, and roll back to the
anterior firmware version.
B. Gather additional information to ensure users' concerns are not been caused by a
different issue with similar symptoms.
C. Employ a divide-and-conquer troubleshooting methodology by engaging the firewall
vendor's support.
D. Escalate the issue to the IT management team in order to negotiate a new SLA with
the user's manager.
Answer: B
QUESTION 537
A company's primary ISP is experiencing an outage. However, the network administrator notices
traffic continuing to flow through a secondary connection to the same ISP. Which of the following
BEST describes this configuration?
A. Diverse paths
B. Load balancing
C. Multipathing
D. Virtual Router Redundancy Protocol
Answer: A
Explanation:
It’s very common for ISPs to share common lines and such, especially when they are servicing
the same physical location. It’s therefore critically important to ensure path diversity, where the
lines out of your ISP follow diverse paths to other routers. A common method for path diversity in
smaller centers, for example, uses a fiber connection for the primary path and a very fast cellular
connection as a failover. Use of both a fiber ISP and a different cable ISP can also lead to path
diversity.
QUESTION 538
A network administrator is preparing answers for an annual risk assessment that is required for
compliance purposes. Which of the following would be an example of an internal threat?
A. An approved vendor with on-site offices

B. An infected client that pulls reports from the firm
C. A malicious attacker from within the same country
D. A malicious attacker attempting to socially engineer access into corporate offices
Answer: A
Explanation:
Insider threat = insider threat is defined as the threat that an employee or a contractor will use his
or her authorized access, wittingly or unwittingly, to do harm.
QUESTION 539
Classification using labels according to information sensitivity and impact in case of unauthorized
access or leakage is a mandatory component of:
A. an acceptable use policy.

B. a memorandum of understanding.
C. data loss prevention.
D. a non-disclosure agreement.
Answer: C
Explanation:
This is basically saying the mandatory component of data loss prevention is classifying
information sensitivity and impact of data leakage or unauthorized access using labels.
QUESTION 540
Which of the following layers of the OSI model has new protocols activated when a user moves
from a wireless to a wired connection?
A. Data link
B. Network
C. Transport
D. Session
Answer: A
Explanation:
The Data Link layer also determines how data is placed on the wire by using an access method.
The wired access method, carrier-sense multiple access with collision detection (CSMA/CD), was
once used by all wired Ethernet networks, but is automatically disabled on switched full-duplex
links, which have been the norm for decades. Carrier-sense multiple access with collision
avoidance (CSMA/CA) is used by wireless networks, in a similar fashion
QUESTION 541
A technician is assisting a user who cannot connect to a website. The technician attempts to ping
the default gateway and DNS server of the workstation. According to troubleshooting
methodology, this is an example of:
A. a divide-and-conquer approach.
B. a bottom-up approach.
C. a top-to-bottom approach.
D. implementing a solution.
Answer: B
Explanation:
Pinging the default gateway and DNS server of the workstation is an example of breaking the
problem down into smaller, more manageable parts. This is a bottom-up approach, which is a
common troubleshooting methodology.
QUESTION 542
Which of the following is the NEXT step to perform network troubleshooting after identifying an
issue?
A. Implement a solution.
B. Establish a theory.
C. Escalate the issue.
D. Document the findings.
Answer: B
Explanation:
1 Identify the Problem.
2 Develop a Theory.
3 Test the Theory.
4 Plan of Action.
5 Implement the Solution.
6 Verify System Functionality.
7 Document the Issue.
QUESTION 543
A network team is getting reports that air conditioning is out in an IDF. The team would like to
determine whether additional network issues are occurring. Which of the following should the
network team do?
A. Confirm that memory usage on the network devices in the IDF is normal.
B. Access network baseline data for references to an air conditioning issue.
C. Verify severity levels on the corporate syslog server.
D. Check for SNMP traps from a network device in the IDF.
E. Review interface statistics looking for cyclic redundancy errors.
Answer: D
Explanation:
The correct answer is D because checking for SNMP traps from a network device in the IDF will
help the network team determine whether additional network issues are occurring. A and B are
not correct because they do not provide any information regarding additional network issues. C
and E are not correct because they do not provide any information regarding the air conditioning
issue.
QUESTION 544
A technician is installing the Wi-Fi infrastructure for legacy industrial machinery at a warehouse.
The equipment only supports 802.11a and 802.11b standards. Speed of transmission is the top
business requirement. Which of the following is the correct maximum speed for this scenario?
A. 11Mbps
B. 54Mbps
C. 128Mbps
D. 144Mbps
Answer: A
Explanation:
If the equipment only supports 802.11a and 802.11b standards and speed of transmission is the
top business requirement, the correct maximum speed for this scenario would be A. 11Mbps.
802.11a and 802.11b are older Wi-Fi standards that have a maximum data transfer rate of 54
Mbps and 11 Mbps, respectively. The faster speed of 54 Mbps applies to 802.11a, while 802.11b
has a maximum speed of 11 Mbps.
QUESTION 545
During the troubleshooting of an E1 line, the point-to-point link on the core router was accidentally
unplugged and left unconnected for several hours. However, the network management team was
not notified. Which of the following could have been configured to allow early detection and
possible resolution of the issue?
A. Traps
B. MIB
C. OID
D. Baselines
Answer: A
Explanation:
Traps are a mechanism for network devices to send unsolicited notifications of events or alarms
to a management system. They can be configured to notify the network management team of
specific events, such as the unplugging of a point-to-point link on a core router. This feature
allows early detection and possible resolution of issues.
MIB (Management Information Base) is a database of information that describes the
management data of a device. OID (Object Identifier) is a unique identifier used to identify
managed objects in the MIB.
Baselines are a standard set of measurements used to establish normal network behavior, and
they are used to compare current network activity against. Baselines can be used to detect
abnormal behavior, but they are not as effective as traps for early detection of specific events.
QUESTION 546
Which of the following layers of the OSI model receives data from the application layer and
converts it into syntax that is readable by other devices on the network?
A. Layer 1
B. Layer 3
C. Layer 6
D. Layer 7
Answer: B
Explanation:
The Network layer is responsible for logical addressing and routing, which enables data to be
transmitted between different networks. It receives data from the upper layers, including the
application layer, and formats it for transmission over the network by adding routing information
and other protocol-specific details.
QUESTION 547
Which of the following topologies is designed to fully support applications hosted in on-premises
data centers, public or private clouds, and SaaS services?
A. SDWAN
B. MAN
C. PAN
D. MPLS
Answer: A
Explanation:
SD-WAN is a software-based approach to managing and optimizing the performance of wide
area networks (WANs). It allows organizations to connect users to applications through the most
appropriate path, whether it's a private WAN, a public internet connection, or a combination of
both. With SD-WAN, the network traffic is automatically routed over the best available link based
on policies set by the organization, this allows fully support applications hosted in on-premises
data centers, public or private clouds, and SaaS services.
QUESTION 548
ARP spoofing would normally be a part of:
A. an on-path attack.
B. DNS poisoning.
C. a DoS attack.
D. a rogue access point.
Answer: A
QUESTION 549
A corporation is looking for a method to secure all traffic between a branch office and its data
center in order to provide a zero-touch experience for all staff members who work there. Which of
the following would BEST meet this requirement?
A. Site-to-site VPN
B. VNC
C. Remote desktop gateway
D. Virtual LANs
Answer: A
QUESTION 550
A company cell phone was stolen from a technician's vehicle. The cell phone has a passcode, but
it contains sensitive information about clients and vendors. Which of the following should also be
enabled?
A. Factory reset
B. Autolock
C. Encryption
D. Two-factor authentication
Answer: D
QUESTION 551
An organization is interested in purchasing a backup solution that supports the organization's
goals. Which of the following concepts would specify the maximum duration that a given service
can be down before impacting operations?
A. MTTR
B. RTO
C. MTBF
D. RPO
Answer: B
Explanation:
The maximum duration that a given service can be down before it impacts operations is often
referred to as the Recovery Time Objective (RTO).
RTO is a key consideration in any backup and disaster recovery plan, as it determines how
quickly the organization needs to be able to recover from a disruption or failure. It is typically
expressed in terms of time, and it helps to inform the design and implementation of the backup
solution.
For example, if an organization has a critical service that must be available 24/7, it may have a
very low RTO, requiring that the service be restored within a matter of minutes or even seconds.
On the other hand, if the service can be down for a longer period of time without significantly
impacting operations, the organization may have a higher RTO.
When selecting a backup solution, it is important to consider the organization's RTO requirements
and ensure that the solution is capable of meeting those needs. A solution that does not meet the
organization's RTO requirements may not be sufficient to ensure the availability of critical
services in the event of a disruption or failure.
QUESTION 552
An organization set up its offices so that a desktop is connected to the network through a VoIP
phone. The VoIP vendor requested that voice traffic be segmented separately from non-voice
traffic. Which of the following would allow the organization to configure multiple devices with
network isolation on a single switch port?
A. Subinterfaces
B. Link aggregation
C. Load balancing
D. Tunneling
Answer: A
Explanation:
It stated "multiple devices with network iSOLATION(separated) on a single switch port".
Therefore, its referring to Subinterfaces. Subinterfaces is a virtual interface that divides one
physical interface into multiple logical interface.
QUESTION 553
An attacker targeting a large company was able to inject malicious A records into internal name
resolution servers. Which of the following attack types was MOST likely used?
A. DNS poisoning
B. On-path
C. IP spoofing
D. Rogue DHCP
Answer: A
QUESTION 554
A network engineer needs to pass both data and telephony on an access port. Which or the
following features should be configured to meet this requirement?
A. VLAN
B. VoIP
C. VIP
D. VRRP
Answer: A
QUESTION 555
A technician is troubleshooting a connectivity issue with an end user. The end user can access
local network shares and intranet pages but is unable to access the internet or remote resources.
Which of the following needs to be reconfigured?
A. The IP address
B. The subnet mask
C. The gateway address
D. The DNS servers
Answer: C
QUESTION 556
Which of the following protocols can be used to change device configurations via encrypted and
authenticated sessions? (Choose two.)
A. SNMPv3
B. SSH
C. Telnet
D. IPSec
E. ESP
F. Syslog
Answer: AB
Explanation:
SNMPv3 provides secure access to network devices and SSH provides a secure way to access
and manage devices remotely via a command-line interface.
QUESTION 557
A technician wants to monitor and provide traffic segmentation across the network.
The technician would like to assign each department a specific identifier.
Which of the following will the technician MOST likely use?
A. Flow control
B. Traffic shaping
C. VLAN tagging
D. Network performance baselines
Answer: C
Explanation:
To monitor and provide traffic segmentation across the network, a technician may use the
concept of VLANs (Virtual Local Area Networks). VLANs are a way of dividing a single physical
network into multiple logical networks, each with its own unique identifier or "tag."
By assigning each department a specific VLAN identifier, the technician can segment the network
traffic and ensure that the different departments' traffic is kept separate from one another. This
can help to improve network security, performance, and scalability, as well as allowing for better
monitoring and control of the network traffic.
To implement VLANs, the technician will need to configure VLAN tagging on the network devices,
such as switches and routers, and assign each department's devices to the appropriate VLAN.
The technician may also need to configure VLAN trunking to allow the different VLANs to
communicate with each other.
By using VLANs, the technician can effectively monitor and segment the network traffic, providing
better control and visibility into the network.
QUESTION 558
Which of the following is used to elect an STP root?
A. A bridge ID
B. A bridge protocol data unit
C. Interface port priority
D. A switch's root port
Answer: A
Explanation:
The bridge with the lowest bridge ID is elected as the root bridge.
QUESTION 559
A network technician needs to ensure that all files on a company's network can be moved in a
safe and protected manner without interception from someone who is not the intended recipient.
Which of the following would allow the network technician to meet these requirements?
A. FTP
B. TFTP
C. SMTP
D. SFTP
Answer: D
Explanation:
SFTP (Secure FTP) allows for file-transfers via SSH to include encryption and authentication.
QUESTION 560
Which of the following is MOST appropriate for enforcing bandwidth limits when the performance
of an application is not affected by the use of buffering but is heavily impacted by packet drops?
A. Traffic shaping
B. Traffic policing
C. Traffic marking
D. Traffic classification
Answer: B
Explanation:
Traffic policing is the most appropriate for enforcing bandwidth limits when the performance of an
application is not affected by the use of buffering but is heavily impacted by packet drops. Traffic
policing is used to enforce predetermined data rate limits by discarding excess traffic that is sent
beyond the set limit. Traffic shaping is used to manage the rate of data flow by buffering traffic
that exceeds the set limits, while traffic marking is used to identify and differentiate traffic
according to its type or priority. Traffic classification is used to identify different types of network
traffic and assign them to different classes for different levels of treatment.
QUESTION 561
Which of the following documents would be used to define uptime commitments from a provider,
along with details on measurement and enforcement?
A. NDA
B. SLA
C. MOU
D. AUP
Answer: B
Explanation:
A service level agreement (SLA) is a document that is used to define uptime commitments from a
provider, along with details on measurement and enforcement. An SLA is a contract between a
service provider and a customer that outlines the level of service that the provider is committed to
providing and the terms under which that service will be delivered.
QUESTION 562
A company rents out a large event space and includes wireless internet access for each tenant.
Tenants reserve a two-hour window from the company each week, which includes a tenant-
specific SSID. However, all users share the company's network hardware.
The network support team is receiving complaints from tenants that some users are unable to
connect to the wireless network. Upon investigation, the support team discovers a pattern
indicating that after a tenant with a particularly large attendance ends its sessions, tenants
throughout the day are unable to connect.
The following settings are common to all network configurations:
Which of the following actions would MOST likely reduce this issue? (Choose two.)
A. Change to WPA encryption

B. Change the DNS server to 10.1.10.1.
C. Change the default gateway to 10.0.0.1.
D. Change the DHCP scope end to 10.1.10.250
E. Disable AP isolation
F. Change the subnet mask lo 255.255.255.192.
G. Reduce the DHCP lease time to four hours.
Answer: DG
Explanation:
DHCP Scope contains only 139 IPs, and the 24 hour lease is allowing users to hold those IPs for
too long.
QUESTION 563
Which of the following would be increased by adding encryption to data communication across
the network?
A. Availability
B. Integrity
C. Accountability
D. Confidentiality
Answer: D
QUESTION 564
Which of the following uses the link-state routing algorithm and operates within a single
autonomous system?
A. EIGRP
B. OSPF
C. RIP
D. BGP
Answer: B
Explanation:
OSPF uses a link state routing algorithm and falls into the group of interior routing protocols,
operating within a single autonomous system (AS). OSPF is perhaps the most widely used
interior gateway protocol (IGP) in large enterprise networks.
QUESTION 565
A large metropolitan city is looking to standardize the ability for police department laptops to
connect to the city government's VPN. The city would like a wireless solution that provides the
largest coverage across the city with a minimal number of transmission towers. Latency and
overall bandwidth needs are not high priorities. Which of the following would BEST meet the city's
needs?
A. 5G
B. LTE
C. Wi-Fi 4
D. Wi-Fi 5
E. Wi-Fi 6
Answer: B
QUESTION 566
A customer wants to log in to a vendor's server using a web browser on a laptop. Which of the
following would require the LEAST configuration to allow encrypted access to the server?
A. Secure Sockets Layer

B. Site-to-site VPN
C. Remote desktop gateway
D. Client-to-site VPN
Answer: A
Explanation:
Secure Sockets Layer (SSL) would require the least configuration to allow encrypted access to
the server. SSL provides secure communication between a client and a server, such as a web
browser and a web server, by using encryption to protect the data transmitted between them. A
SSL certificate is installed on the server, and the web browser uses SSL to encrypt data before
sending it to the server. The encryption is transparent to the user and requires no additional
configuration or setup beyond ensuring that the SSL certificate is installed and recognized by the
web browser.
QUESTION 567
Which of the following would be the MOST likely attack used to bypass an access control
vestibule?
A. Tailgating
B. Phishing
C. Evil twin
D. Brute-force
Answer: A
Explanation:
Tailgating would be the MOST likely attack used to bypass an access control vestibule. An
access control vestibule is a physical security measure that requires individuals to go through a
controlled space to access a secured area. Tailgating refers to the act of following closely behind
someone who has been granted access to the controlled space, in an attempt to gain entry
without proper authorization. Tailgating can be done intentionally or unintentionally, but in either
case, it allows an unauthorized individual to gain access to the secured area.
QUESTION 568
A network administrator received a report staling a critical vulnerability was detected on an
application that is exposed to the internet. Which of the following Is the appropriate NEXT step?
A. Check for the existence of a known exploit in order to assess the risk
B. Immediately shut down the vulnerable application server.
C. Install a network access control agent on the server.
D. Deploy a new server to host the application.
Answer: A
QUESTION 569
While waking from the parking lot lo an access-controlled door an employee sees an authorized
user open the door. Then the employee notices that another person catches the door before It
closes and goes inside. Which of the following attacks Is taking place?
A. Tailgating
B. Pipgybacking
C. Shoulder surfing
D. Phisning
Answer: A
Explanation:
The difference between piggybacking and tailgaiting is that with piggybacking, the person is
willfully and intentionally letting you in. In this particular case, the person caught the door before it
closed, so it is tailgating.
QUESTION 570
Which of the Mowing architectures reduces network latency by enforcing a limit on the number of
switching devices on the frame's path between any internal hosts?
A. Spine and leaf

B. Software-defined network
C. Three-tiered
D. Collapsed core
Answer: A
Explanation:
Spine and leaf architecture reduces network latency by enforcing a limit on the number of
switching devices on the frame's path between any internal hosts.
QUESTION 571
A network engineer needs to create a subnet that has the capacity for five VLANs, with the
following number of clients lo be allowed on each:
Which of the following is the SMALLEST subnet capable of this setup that also has the capacity
to double the number of clients in the future?
A. 10.0.0.0/21
B. 10.0.0.0/22
C. 10.0.0.0/23
D. 10.0.0.0/24
Answer: B
Explanation:
It's 310 in total, but they asking for "capacity to double the number of clients in the future", so will
be 620 - have to be B.
QUESTION 572
An engineer recently decided to upgrade the firmware on a router. During the upgrade, the help
desk received calls about a network outage, and a critical ticket was opened. The network
manager would like to create a policy to prevent this from happening in the future.
Which of the following documents should the manager create?
A. Change management
B. incident response
C. Standard operating procedure
D. System life cycle
Answer: A
QUESTION 573
Which of the following bandwidth management techniques uses buffers al the client side to
prevent TCP retransmissions from occurring when the ISP starts to drop packets of specific types
that exceed the agreed traffic rate?
A. Traffic shaping
B. Traffic policing
C. Traffic marking
D. Traffic prioritization
Answer: A
Explanation:
Traffic shaping is a bandwidth management technique that allows the administrator to control the
flow of traffic from the network to the client. The technique uses buffers at the client side to
prevent TCP retransmissions from occurring when the ISP starts to drop packets of specific types
that exceed the agreed traffic rate. Traffic shaping enables the administrator to prioritize traffic
types and specify the maximum bandwidth that each traffic type can consume.
QUESTION 574
A network administrator is getting reports of some internal users who cannot connect to network
resources. The users slate they were able to connect last week, but not today. No changes have
been configured on the network devices or server during the last few weeks. Which of the
following is the MOST likely cause of the issue?
A. The client DHCP scope is fully utilized

B. The wired network is experiencing electrical interference
C. The captive portal is down and needs to be restarted
D. SNMP traps are being received
E. The packet counter on the router interface is high.
Answer: A
QUESTION 575
A company is deploying a SAN at headquarters and a branch office 1,000mi (1,609km) away that
will access small amounts of data. Which of the following types of connections would be MOST
cost effective to implement?
A. iSCSI
B. FCoE
C. Ethernet
D. FC
Answer: A
Explanation:
iSCSI (Internet Small Computer System Interface) is a cost-effective way to connect to a SAN
over a long distance. It uses standard Ethernet networks and TCP/IP protocol to transmit SCSI
commands, allowing it to run over existing IP networks. This makes it less expensive to
implement than Fibre Channel (FC) or Fibre Channel over Ethernet (FCoE) which require
specialized cabling and equipment. Additionally, iSCSI can be used to connect to both local and
remote storage devices, making it a suitable option for the branch office scenario you described.
QUESTION 576
Users within a corporate network need to connect to the Internet, but corporate network policy
does not allow direct connections. Which of the following is MOST likely to be used?
A. Proxy server
B. VPN client
C. Bridge
D. VLAN
Answer: A
QUESTION 577
Which of the following devices Is used to configure and centrally manage access points installed
at different locations?
A. Wireless controller
B. Load balancer
C. Proxy server
D. VPN concentrator
Answer: A
QUESTION 578
Users in a branch can access an in-house database server, but it is taking too long to fetch
records. The analyst does not know whether the issue is being caused by network latency. Which
of the following will the analyst MOST likely use to retrieve the metrics that are needed to resolve
this issue?
A. SNMP
B. Link state
C. Syslog
D. QoS
E. Traffic shaping
Answer: A
Explanation:
Based on the fact that it is configured to probe and measure how traffic is flowing across the
network with SNMP metric data such as response times, latency, jitter, packet loss, and device
health metrics.
QUESTION 579
A network administrator is decommissioning a server. Which of the following will the network
administrator MOST likely consult?
A. Onboarding and off boarding policies

B. Business continuity plan
C. Password requirements
D. Change management documentation
Answer: D
Explanation:
When decommissioning a server, it is important to follow proper change management procedures
to ensure that the process is documented and executed correctly. The change management
documentation will typically outline the steps that should be followed when decommissioning a
server, including any required approvals, notifications, or testing procedures.
QUESTION 580
A user calls the help desk to report being unable to reach a file server. The technician logs in to
the user's computer and verifies that pings fall to respond back when trying to reach the file
server. Which of the following would BEST help the technician verify whether the file server is
reachable?
A. netstat
B. ipconfig
C. nslookup
D. traceroute
Answer: D
Explanation:
Traceroute is a network diagnostic tool that allows you to trace the path that network packets take
from one device to another. By running traceroute to the file server, the technician can see the
sequence of devices and networks that the packets pass through on their way to the file server.
This can help the technician to determine if there is a problem with the network connection
between the user's computer and the file server, or if the issue is with the file server itself.
QUESTION 581
A technician is contracted to install a redundant cluster of devices from the ISP In case of a
hardware failure within the network. Which of the following would provide the BEST redundant
solution in Layer 2 devices?
A. Multiple routers
B. Multiple switches
C. Multiple firewalls
D. Multiple budges
Answer: B
QUESTION 582
A network administrator determines that even when optimal wireless coverage is configured, the
network users still report constant disconnections. After troubleshooting, the administrator
determines that moving from one location to another causes the disconnection. Which of the
following settings should provide better network stability?
A. Client association timeout

B. RSSl roaming threshold
C. RF attenuation ratio
D. EIRP power setting
Answer: B
Explanation:
Roaming threshold refers to the signal strength at which a client device will switch from one
access point (AP) to another in a wireless network. The roaming threshold is usually set in terms
of the received signal strength indicator (RSSI). When the signal strength drops below the
roaming threshold, the client device will attempt to roam to another AP with a stronger signal. By
optimizing the RSSI roaming threshold, the network administrator can ensure that the client
device only switches to another AP when necessary, which can help improve network stability
and reduce disconnections.
QUESTION 583
A company is reviewing ways to cut the overall cost of Its IT budget. A network technician
suggests removing various computer programs from the IT budget and only providing these
programs on an as-needed basis. Which of the following models would meet this requirement?
A. Multitinency
B. laaS
C. SaaS
D. VPN
Answer: C
Explanation:
With SaaS, a company can subscribe to software applications that are hosted by a third-party
provider and accessed over the internet. This model allows a company to pay only for what they
use and provides flexibility to scale up or down as needed.
QUESTION 584
A technician discovered that some information on the local database server was changed during
a tile transfer to a remote server. Which of the following should concern the technician the
MOST?
A. Confidentiality
B. Integrity
C. DDoS
D. On-path attack
Answer: B
Explanation:
Integrity refers to the accuracy and consistency of data over its entire lifecycle, from creation to
storage and retrieval. In this scenario, the technician has discovered that some information on the
local database server was changed during a file transfer to a remote server, indicating that the
data may have been altered or corrupted in some way. This would raise concerns about the
integrity of the data, as it may not be complete or accurate.
QUESTION 585
A network technician is troubleshooting an area where the wireless connection to devices is poor.
The technician theorizes that the signal-to-noise ratio in the area is causing the issue. Which of
the following should the technician do NEXT?
A. Run diagnostics on the relevant devices.

B. Move the access point to a different location.
C. Escalate the issue to the vendor's support team.
D. Remove any electronics that might be causing interference.
Answer: D
QUESTION 586
During a recent security audit, a contracted penetration tester discovered the organization uses a
number of insecure protocols. Which of the following ports should be disallowed so only
encrypted protocols are allowed? (Choose two.)
A. 22
B. 23
C. 69
D. 443
E. 587
F. 8080
Answer: BC
QUESTION 587
A network administrator is setting up a new phone system and needs to define the location where
VoIP phones can download configuration files. Which of the following DHCP services can be
used to accomplish this task?
A. Scope options
B. Exclusion ranges
C. Lease time
D. Relay
Answer: A
Explanation:
To define the location where VoIP phones can download configuration files, the network
administrator can use scope options within the Dynamic Host Configuration Protocol (DHCP)
service. Scope options are a set of values that can be configured within a DHCP scope, which
defines a range of IP addresses that can be leased to clients on a network.
One of the scope options that can be configured is the option for the location of the configuration
file server, which specifies the URL or IP address of the server where the configuration files can
be downloaded.
QUESTION 588
An engineer needs to restrict the database servers that are in the same subnet from
communicating with each other. The database servers will still need to communicate with the
application servers in a different subnet. In some cases, the database servers will be clustered,
and the servers will need to communicate with other cluster members.
Which of the following technologies will be BEST to use to implement this filtering without creating
rules?
A. Private VLANs
B. Access control lists
C. Firewalls
D. Control plane policing
Answer: A
Explanation:
Use private VLANs: Also known as port isolation, creating a private VLAN is a method of
restricting switch ports (now called private ports) so that they can communicate only with a
particular uplink. The private VLAN usually has numerous private ports and only one uplink,
which is usually connected to a router, or firewall.
QUESTION 589
The following DHCP scope was configured for a new VLAN dedicated to a large deployment of
325 loT sensors:
The first 244 loT sensors were able to connect to the TFTP server, download the configuration
file, and register to an loT management system. The other sensors are being shown as offline.
Which of the following should be performed to determine the MOST likely cause of the partial
deployment of the sensors?
A. Check the gateway connectivity to the TFTP server.

B. Check the DHCP network scope.
C. Check whether the NTP server is online.
D. Check the loT devices for a hardware failure.
Answer: B
Explanation:
Since the CIDR is /24, there are 256 available IPs. The first IP would be for the gateway, and the
last IP for the broadcast address, leaving you with 254 available IPs. Since the exclusion range is
from 10.10.0.1 - 10, remove 10 available IPs and you're left with 244.
244 IoT sensors were able to be assigned an IP, but the others weren't due to DHCP exhaust.
Hence the answer being "B".
QUESTION 590
A new student is given credentials to log on to the campus Wi-Fi. The student stores the
password in a laptop and is able to connect; however, the student is not able to connect with a
phone when only a short distance from the laptop. Given the following information:
Which of the following is MOST likely causing this connection failure?
A. Transmission speed
B. Incorrect passphrase
C. Channel overlap
D. Antenna cable attenuation/signal loss
Answer: B
QUESTION 591
A technician is investigating packet loss to a device that has varying data bursts throughout the
day. Which of the following will the technician MOST likely configure to resolve the issue?
A. Flow control
B. Jumbo frames
C. Duplex
D. Port mirroring
Answer: A
Explanation:
Ethernet flow control is a mechanism for temporarily stopping the transmission of data on
Ethernet family computer networks. The goal of this mechanism is to avoid packet loss in the
presence of network congestion.
QUESTION 592
A network administrator needs to provide evidence to confirm that recent network outages were
caused by increased traffic generated by a recently released application. Which of the following
actions will BEST support the administrator's response?
A. Generate a network baseline report for comparison.

B. Export the firewall traffic logs.
C. Collect the router's NetFlow data.
D. Plot interface statistics for dropped packets.
Answer: C
Explanation:
NetFlow data provides information on network traffic, including the source and destination IP
addresses, port numbers, and type of traffic, as well as bandwidth and volume of data
transferred. This information can help the administrator determine if there was an increase in
traffic from the recently released application and if it was the cause of the network outages.
QUESTION 593
A network technician is selecting a replacement for a damaged fiber cable that goes directly to an
SFP transceiver on a network switch. Which of the following cable connectors should be used?
A. RJ45
B. LC
C. MT
D. F-type
Answer: B
Explanation:
All SFP and SFP+ optics require LC connectors so the question becomes when you need single
mode fiber or multi mode fiber but the connector type is clear. SC square connectors are too big
to fit in a SFP or SFP+.
QUESTION 594
Which of the following can be used to validate domain ownership by verifying the presence of
pre-agreed content contained in a DNS record?
A. SOA
B. SRV
C. AAA
D. TXT
Answer: D
Explanation:
One final usage of the TXT resource record is how some cloud service providers, such as Azure,
validate ownership of custom domains. You are provided with data to include in your TXT record,
and once that is created, the domain is verified and able to be used. The thought is that if you
control the DNS, then you own the domain name.
QUESTION 595
Network traffic is being compromised by DNS poisoning every time a company's router is
connected to the internet. The network team detects a non-authorized DNS server being
assigned to the network clients and remediates the incident by setting a trusted DNS server, but
the issue occurs again after internet exposure. Which of the following best practices should be
implemented on the router?
A. Change the device's default password.

B. Disable router advertisement guard.
C. Activate control plane policing.
D. Disable unneeded network services.
Answer: C
Explanation:
"Activate control plane policing" is a security measure that can help prevent unauthorized access
to the router, including DNS poisoning attacks. This feature allows network administrators to set
strict access control policies on the router, including the use of specific DNS servers. By
activating control plane policing, the network team can ensure that only authorized DNS servers
are allowed to access the router, thereby mitigating the risk of DNS poisoning.
QUESTION 596
A network administrator installed a new data and VoIP network. Users are now experiencing poor
call quality when making calls. Which of the following should the administrator do to increase
VoIP performance?
A. Configure a voice VLAN.

B. Configure LACP on all VoIP phones.
C. Configure PoE on the network.
D. Configure jumbo frames on the network.
Answer: A
Explanation:
If you are configuring voice VLANs, you’ll want to configure quality of service (QoS) on the switch
ports to provide a higher precedence to voice traffic over data traffic to improve quality of the line.
QUESTION 597
A Wi-Fi network was originally configured to be able to handle interference from a microwave
oven. The microwave oven was recently removed from the office. Now the network administrator
wants to optimize the system to maximize the range of the signal. The main sources of signal
degradation are the numerous cubicles and wooden walls between the WAP and the intended
destination. Which of the following actions should the administrator take?
A. Implement CDMA.
B. Change from omni to directional.
C. Change the SSID.
D. Change the frequency.
Answer: B
Explanation:
Using a directional antenna instead of an omni-directional antenna can help the administrator to
direct the signal towards the intended destination and minimize interference from the cubicles and
wooden walls. This will help to optimize the range of the signal and maximize the coverage.
QUESTION 598
An administrator wants to increase the availability of a server that is connected to the office
network. Which of the following allows for multiple NICs to share a single IP address and offers
maximum performance while providing fault tolerance in the event of a NIC failure?
A. Multipathing
B. Spanning Tree Protocol
C. First Hop Redundancy Protocol
D. Elasticity
Answer: A
Explanation:
Multipathing (Used in Storage Area Networks) creates more than one physical path between the
server and it's storage devices for better fault tolerance and performance.
QUESTION 599
A network administrator has received calls every day for the past few weeks from three users
who cannot access the network. The administrator asks all the users to reboot their PCs, but the
same users still cannot access the system. The following day, three different users report the
same issue, and the administrator asks them all to reboot their PCs; however, this does not fix
the issue. Which of the following is MOST likely occurring?
A. Incorrect firewall settings

B. Inappropriate VLAN assignment
C. Hardware failure
D. Overloaded CAM table in switch
E. DHCP scope exhaustion
Answer: D
Explanation:
The fact that the issue is occurring with different users each day suggests that the problem is not
with the individual PCs or their configurations. Additionally, rebooting the PCs did not resolve the
issue, which further supports this idea.
The symptoms described could be caused by an overloaded CAM (Content Addressable

Memory) table in the switch. The CAM table is used to map MAC addresses to switch ports,
allowing the switch to forward frames to the correct destination. If the table becomes full, new
MAC addresses cannot be learned, and frames may be dropped, resulting in connectivity issues.
Incorrect firewall settings, inappropriate VLAN assignment, hardware failure, and DHCP scope
exhaustion are also possible causes of network connectivity issues, but they are less likely to be
the cause of the described symptoms in this particular scenario.
QUESTION 600
A network administrator is investigating a network event that is causing all communication to stop.
The network administrator is unable to use SSH to connect to the switch but is able to gain
access using the serial console port. While monitoring port statistics, the administrator sees the
following:
Which of the following is MOST likely causing the network outage?
A. Duplicate IP address
B. High collisions
C. Asynchronous route
D. Switch loop
Answer: B
QUESTION 601
A network technician recently installed 35 additional workstations. After installation, some users
are unable to access network resources. Many of the original workstations that are experiencing
the network access issue were offline when the new workstations were turned on. Which of the
following is the MOST likely cause of this issue?
A. Incorrect VLAN setting

B. Insufficient DHCP scope
C. Improper NIC setting
D. Duplicate IP address
Answer: B
QUESTION 602
A WAN technician reviews activity and identifies newly installed hardware that is causing outages
over an eight-hour period. Which of the following should be considered FIRST?
A. Network performance baselines

B. VLAN assignments
C. Routing table
D. Device configuration review
Answer: D
QUESTION 603
Which of the following would enable a network technician to implement dynamic routing?
A. An IPS
B. A bridge
C. A Layer 3 switch
D. A hub
Answer: C
QUESTION 604
Which of the following would be BEST suited for a long cable run with a 40Gbps bandwidth?
A. Cat 5e
B. Cat 6a
C. Cat 7
D. Cat 8
Answer: D
QUESTION 605
Which of the following is a valid and cost-effective solution to connect a fiber cable into a network
switch without available SFP ports?
A. Use a media converter and a UTP cable
B. Install an additional transceiver module and use GBICs
C. Change the type of connector from SC to F-type
D. Use a loopback adapter to make the connection
Answer: A
QUESTION 606
A network device needs to discover a server that can provide it with an IPv4 address. Which of
the following does the device need to send the request to?
A. Default gateway
B. Broadcast address
C. Unicast address
D. Link local address
Answer: A
Explanation:
A network device needs to discover a DHCP server in order to obtain an IP address, it will send a
broadcast message called DHCPDISCOVER. This broadcast message is sent to the broadcast
address (255.255.255.255) on the local network segment. DHCP servers listen for these
broadcast messages, and the first server to respond will provide the device with an IP address.
The default gateway, unicast address and link-local address are not the destination address to
send DHCP request.
QUESTION 607
Which of the following is an example of on-demand scalable hardware that is typically housed in
the vendor's data center?
A. DaaS
B. IaaS
C. PaaS
D. SaaS
Answer: B
QUESTION 608
Which of the following documents is MOST likely to be associated with identifying and
documenting critical applications?
A. Software development life-cycle policy

B. User acceptance testing plan
C. Change management policy
D. Business continuity plan
Answer: D
QUESTION 609
A security vendor needs to add a note to the DNS to validate the ownership of a company domain
before services begin. Which of the following records did the security company MOST likely ask
the company to configure?
A. TXT
B. AAAA
C. CNAME
D. SRV
Answer: A
QUESTION 610
A help desk engineer needs to configure two servers to have the same public IP addresses.
Which of the following technologies should the engineer use?
A. NAT
B. VIP
C. DNS caching
D. RFC 1918
E. SDWAN
Answer: B
QUESTION 611
A switch is connected to another switch. Incompatible hardware causes a surge in traffic on both
switches. Which of the following configurations will cause traffic to pause, allowing the switches to
drain buffers?
A. Speed
B. Flow control
C. 802.1Q
D. Duplex
Answer: B
QUESTION 612
A network administrator is investigating a performance issue on a dual-link connection - VPN and
MPLS - to a partner network. The MPLS is the primary path, and the VPN is used as a backup.
While communicating, the delay is measured at 18ms, which is higher than the 6ms expected
when the MPLS link is operational but lower than the 30ms expected for the VPN connection.
Which of the following will MOST likely point to the root cause of the issue?
A. Checking the routing tables on both sides to ensure there is no asymmetric routing
B. Checking on the partner network for a missing route pointing to the VPN connection
C. Running iPerf on both sides to confirm the delay that is measured is accurate
D. Checking for an incorrect VLAN assignment affecting the MPLS traffic
Answer: A
QUESTION 613
An engineer needs to verify the external record for SMTP traffic. The engineer logged in to the
server and entered the nslookup command. Which of the following commands should the
engineer send before entering the DNS name?
A. set type=A
B. ls -d company.mail.com
C. set domain=company.mail.com
D. set querytype=MX
Answer: D
QUESTION 614
An IP address is maintained despite a failing UPS that causes a workstation to restart several
times. Which of the following would allow this to occur?
A. DHCP reservation
B. DHCP scope
C. Name server
D. Root DNS server
Answer: A
QUESTION 615
A network administrator wants to control new router deployments via the use of application
programming interfaces (APIs). This would be an example of:
A. software-defined networking.
B. a three-tiered architecture.
C. collapsed backbone.
D. top-of-rack switching.
Answer: A
QUESTION 616
A technician is equipped with a tablet, a smartphone, and a laptop to troubleshoot a switch with
the help of support over the phone. However, the technician is having issues interconnecting all
these tools in troubleshooting the switch. Which of the following should the technician use to gain
connectivity?
A. PAN
B. WAN
C. LAN
D. MAN
Answer: A
Explanation:
If there is LAN connectivity, the devices should already be connected. In this case, PAN
(Personal Area Network) would be a viable alternative to interconnect the devices. PAN is a type
of network used for communicating between devices in close proximity to one another, typically
within the range of a few meters. It can be established using wireless technologies such as
Bluetooth or Wi-Fi Direct, which would allow the technician to connect their tablet, smartphone,
and laptop and troubleshoot the switch more effectively.
QUESTION 617
A network is secured and is only accessible via TLS and IPSec VPNs. Which of the following
would need to be present to allow a user to access network resources on a laptop without logging
in to the VPN application?
A. Site-to-site
B. Secure Shell
C. In-band management
D. Remote desktop connection
Answer: B
Explanation:
SSH is a cryptographic network protocol that allows for secure communication between a client
and a server over an unsecured network. It enables users to access network resources on a
laptop without logging in to the VPN application.
QUESTION 618
A technician is checking network devices to look for opportunities to improve security. Which of
the following tools would BEST accomplish this task?
A. Wi-Fi analyzer
C. Nmap
D. IP scanner
Answer: C
Explanation:
Nmap is a tool that can be used to scan and identify network devices and can help identify
potential security vulnerabilities. Wi-Fi analyzer is used to analyze wireless networks, protocol
analyzers are used to analyze network traffic, and IP scanners are used to discover devices on a
network.
QUESTION 619
Which of the following describes when an active exploit is used to gain access to a network?
A. Penetration testing
B. Vulnerability testing
C. Risk assessment
D. Posture assessment
E. Baseline testing
Answer: A
QUESTION 620
A homeowner frequently has guests visit and would like to install a wireless router for their
personal devices. The homeowner wants to ensure that the wireless router is compatible with the
widest range of devices possible. Which of the following standards should a technician suggest?
A. 802 11ac
B. 802.11b
C. 802.11g
D. 802.11n
Answer: D
QUESTION 621
A GRE tunnel has been configured between two remote sites. Which of the following features,
when configured, ensures the GRE overhead does not affect payload?
A. Jumbo frames
B. Auto medium-dependent interface
C. Interface crossover
D. Collision detection
Answer: A
QUESTION 622
Which of the following attacks MOST likely utilizes a botnet to disrupt traffic?
A. DDoS
B. Deauthentication
C. Social engineering
D. Ransomware
E. DNS poisoning
Answer: A
QUESTION 623
A network administrator is looking at switch features and is unsure whether to purchase a model
with PoE. Which of the following devices that commonly utilize PoE should the administrator
consider? (Choose two.)
A. VoIP phones
B. Cameras
C. Printers
D. Cable modems
E. Laptops
F. UPSs
Answer: AB
QUESTION 624
All packets arriving at an interface need to be fully analyzed. Which of the following features
should be used to enable monitoring of the packets?
A. LACP
B. Flow control
C. Port mirroring
D. NetFlow exporter
Answer: C
Explanation:
The feature that should be used to enable monitoring of all packets arriving at an interface is port
mirroring. Port mirroring, also known as SPAN (Switched Port Analyzer), is used to copy traffic
from one or more ports on a network switch to another port, where the traffic can be analyzed.
This feature is commonly used for network monitoring, troubleshooting, and security purposes.
QUESTION 625
Which of the following record types would be used to define where SIP is found?
A. SRV
B. CNAME
C. A
D. MX
Answer: A
Explanation:
SRV (Service) record is used to define the location (hostname and port number) of servers for
specified services. SIP (Session Initiation Protocol) is a signaling protocol used for controlling
communication sessions such as voice and video calls over IP networks. Therefore, SRV record
type is used to define where SIP is found by specifying the hostname and port number of the
server that provides the SIP service.
QUESTION 626
Which of the following is an advanced distance vector routing protocol that automates routing
tables and also uses some features of link-state routing protocols?
A. OSPF
B. RIP
C. EIGRP
D. BGP
Answer: C
Explanation:
EIGRP (Enhanced Interior Gateway Routing Protocol) is an advanced distance vector routing
protocol that automates routing tables and also uses some features of link-state routing protocols.
It is a Cisco proprietary protocol used in larger networks that require fast convergence and
scalability.
QUESTION 627
A network resource was accessed by an outsider as a result of a successful phishing campaign.
Which of the following strategies should be employed to mitigate the effects of phishing?
A. Multifactor authentication
B. Single sign-on
C. RADIUS
D. VPN
Answer: A
QUESTION 628
A PC user who is on a local network reports very slow speeds when accessing files on the
network server. The user's PC is connecting, but file downloads are very slow when compared to
other users' download speeds. The PC's NIC should be capable of Gigabit Ethernet. Which of the
following will MOST likely fix the issue?
A. Releasing and renewing the PC's IP address

B. Replacing the patch cable
C. Reseating the NIC inside the PC
D. Flushing the DNS cache
Answer: B
QUESTION 629
A network administrator is configuring logging on an edge switch. The requirements are to log
each time a switch port goes up or down. Which of the following logging levels will provide this
information?
A. Warnings
B. Notifications
C. Alert
D. Errors
Answer: B
Explanation:
The logging level "Notifications" will provide the information about when a switch port goes up or
down. This level logs important but non-critical events that occur on the switch, including port
status changes. Warnings, errors, and alerts are higher levels of logging that may not provide the
specific information required in this scenario.
QUESTION 630
An administrator is setting up a multicast server on a network, but the firewall seems to be
dropping the traffic. After logging in to the device, the administrator sees the following entries:
Which of the following firewall rules is MOST likely causing the issue?
A. Rule 1
B. Rule 2
C. Rule 3
D. Rule 4
Answer: B
QUESTION 631
A company is considering shifting its business to the cloud. The management team is concerned
about the availability of the third-party cloud service. Which of the following should the
management team consult to determine the promised availability of the cloud provider?
A. Memorandum of understanding
B. Business continuity plan
C. Disaster recovery plan
D. Service-level agreement
Answer: D
QUESTION 632
A company is designing a SAN and would like to use STP as its medium for communication.
Which of the following protocols would BEST suit the company's needs?
A. SFTP
B. Fibre Channel
C. iSCSI
D. FTP
Answer: C
Explanation:
iSCSI is a protocol that enables the transmission of block-level storage data over IP networks,
including Ethernet networks.
QUESTION 633
A technician notices that equipment is being moved around and misplaced in the server room,
even though the room has locked doors and cabinets. Which of the following would be the BEST
solution to identify who is responsible?
A. Install motion detection.

B. Install cameras.
C. Install tamper detection.
D. Hire a security guard.
Answer: B
QUESTION 634
A computer engineer needs to ensure that only a specific workstation can connect to port 1 on a
switch. Which of the following features should the engineer configure on the switch interface?
A. Port tagging
B. Port security
C. Port mirroring
D. Port aggregation
Answer: B
QUESTION 635
A cafeteria is facing lawsuits related to criminal internet access that was made over its guest
network. The marketing team, however, insists on keeping the cafeteria's phone number as the
wireless passphrase. Which of the following actions would improve wireless security while
accommodating the marketing team and accepting the terms of use?
A. Setting WLAN security to use EAP-TLS

B. Deploying a captive portal for user authentication
C. Using geofencing to limit the area covered by the WLAN
D. Configuring guest network isolation
Answer: B
Explanation:
Deploying a captive portal for user authentication can provide an additional layer of security to the
guest network and ensure that users are authorized and authenticated before they can access
the network. It can also accommodate the marketing team's request by allowing them to
customize the portal with the cafeteria's branding and message.
QUESTION 636
An administrator would like to have two servers at different geographical locations provide fault
tolerance and high performance while appearing as one URL to users. Which of the following
should the administrator implement?
A. Load balancing
B. Multipathing
C. NIC teaming
D. Warm site
Answer: A
QUESTION 637
An IT technician successfully connects to the corporate wireless network at a bank. While
performing some tests, the technician observes that the physical address of the DHCP server has
changed even though the network connection has not been lost. Which of the following would
BEST explain this change?
A. Server upgrade
B. Duplicate IP address
C. Scope exhaustion
D. Rogue server
Answer: D
Explanation:
Rogue server is the BEST explanation for the physical address of the DHCP server changing
without the network connection being lost. A rogue DHCP server is a device that has been set up
incorrectly or maliciously to act as a DHCP server on a network, providing IP addresses to clients.
When a rogue DHCP server is present on the network, it can cause network issues such as IP
address conflicts, and it can change the IP address of the legitimate DHCP server.
QUESTION 638
An ISP is providing internet to a retail store and has terminated its point of connection using a
standard Cat 6 pin-out. Which of the following terminations should the technician use when
running a cable from the ISP's port to the front desk?
A. F-type connector
B. TIA/EIA-568-B
C. LC
D. SC
Answer: B
Explanation:
TIA/EIA-568-B is a standard for structured cabling, which includes the pin-outs for various types
of Ethernet cables, including Cat 6. Using TIA/EIA-568-B standard ensures that the cable is
terminated correctly, which can help prevent network connectivity issues and signal interference.
This standard is widely used in the telecommunications industry and is the recommended choice
for terminating Cat 6 cables.
QUESTION 639
A company needs to virtualize a replica of its internal physical network without changing the
logical topology and the way that devices behave and are managed. Which of the following
technologies meets this requirement?
A. NVF
B. SDWAN
C. VIP
D. MPLS
Answer: A
Explanation:
NFV allows network functions, such as firewalls, routers, and load balancers, to be virtualized and
run on industry-standard servers instead of having dedicated hardware appliances. This
approach enables network services to be rapidly deployed, scaled, and managed in a more
flexible and cost-effective manner. By using NFV, the company can create a virtual replica of its
physical network, with the same logical topology and behavior, while running network functions as
virtualized instances.
QUESTION 640
A network technician needs to ensure the company's external mail server can pass reverse
lookup checks. Which of the following records would the technician MOST likely configure?
A. PTR
B. AAAA
C. SPF
D. CNAME
Answer: A
Explanation:
A PTR record is a type of DNS record that maps an IP address to a domain name. Reverse
lookup checks are used to verify that an IP address is associated with a valid domain name, and
are commonly used in anti-spam and anti-phishing measures. In the case of an external mail
server, a PTR record would need to be configured in the DNS server for the domain name that
corresponds to the server's IP address. This would allow reverse lookup checks to verify that the
mail server is authorized to send email from the domain name associated with its IP address.
QUESTION 641
A network administrator views a network pcap and sees a packet containing the following:
Which of the following are the BEST ways for the administrator to secure this type of traffic?
(Choose two.)
A. Migrate the network to IPv6.

B. Implement 802.1 X authentication.
C. Set a private community string.
D. Use SNMPv3.
E. Incorporate SSL encryption.
F. Utilize IPSec tunneling.
Answer: CD
Explanation:
The packet contains a community string of "public," which is the default community string for
SNMPv1 and SNMPv2c. The administrator should set a private community string, which is a
custom string used for SNMP authentication and authorization, to replace the default string.
QUESTION 642
A network technician is troubleshooting a network issue for employees who have reported issues
with speed when accessing a server in another subnet. The server is in another building that is
410ft (125m) away from the employees' building. The 10GBASE-T connection between the two
buildings uses Cat 5e. Which of the following BEST explains the speed issue?
A. The connection type is not rated for that distance.

B. A broadcast storm is occurring on the subnet.
C. The cable run has interference on it.
D. The connection should be made using a Cat 6 cable.
Answer: A
Explanation:
10GBASE-T is a type of Ethernet standard that supports data transfer rates up to 10 Gbps over
twisted-pair copper cabling. However, the maximum distance supported by 10GBASE-T over Cat
5e cabling is 328 feet (100 meters). In this scenario, the distance between the two buildings is
410 feet (125 meters), which exceeds the maximum distance limit for 10GBASE-T over Cat 5e
cabling.
QUESTION 643
Which of the following is a security flaw in an application or network?
A. A threat
B. A vulnerability
C. An exploit
D. A risk
Answer: B
Explanation:
A vulnerability is a weakness or gap in the security of an application or network that can be
exploited by attackers to gain unauthorized access, steal data, or cause damage. Vulnerabilities
can be caused by software bugs, misconfigurations, design flaws, or human errors.
QUESTION 644
An administrator is investigating reports of network slowness in a building. While looking at the
uplink interface statistics in the switch's CLI, the administrator discovers the uplink is at 100%
utilization. However, the administrator is unsure how to identify what traffic is causing the
saturation. Which of the following tools should the administrator utilize to identify the source and
destination addresses of the traffic?
A. SNMP
B. Traps
C. Syslog
D. NetFlow
Answer: B
Explanation:
NetFlow is a network protocol used by network devices such as routers and switches to collect IP
traffic data and send it to a collector or analyzer for analysis. NetFlow provides detailed
information about network traffic, including source and destination addresses, application
protocols, and traffic volumes.
By configuring NetFlow on the switch, the administrator can capture and analyze the traffic data
to identify the source and destination addresses of the traffic causing the network slowness. This
information can be used to optimize network performance and troubleshoot network issues.
QUESTION 645
Two new network switches located in different buildings are connected together with single-mode
fiber. However, no link exists between the two switches. Which of the following steps should the
technician perform FIRST to troubleshoot the issue?
A. Reverse TX/RX on the fiber patch cord at one building.

B. Replace the fiber patch cords in both buildings.
C. Clean the fiber patch cord connectors in both buildings.
D. Connect the fiber patch cord to an OTDR at one building.
Answer: C
Explanation:
The FIRST step the technician should perform to troubleshoot the issue is C. Clean the fiber
patch cord connectors in both buildings.
Dirty or contaminated fiber patch cord connectors can cause signal loss and poor network
performance, and may even prevent a link from being established. Before trying any other
troubleshooting steps, it is important to ensure that the fiber patch cord connectors are clean and
free of debris.
QUESTION 646
Which of the following OSI model layers would allow a user to access and download files from a
remote computer?
A. Session
B. Presentation
C. Network
D. Application
Answer: D
Explanation:
Application layer allows users to access and download files from a remote computer. It provides
the interface between the user's computer and the network and includes protocols for email, file
transfer, and other network applications.
QUESTION 647
A new office space is being designed. The network switches are up, but no services are running
yet. A network engineer plugs in a laptop configured as a DHCP client to a switch. Which of the
following IP addresses should be assigned to the laptop?
A. 10.1.1.1
B. 169.254.1.128
C. 172.16.128.128
D. 192.168.0.1
Answer: B
Explanation:
If no DHCP server is running yet, the laptop will be assigned a self-assigned IP address in the
Automatic Private IP Addressing (APIPA) range. The APIPA range is 169.254.0.1 through
169.254.255.254. Therefore, the correct answer is B. 169.254.1.128.
QUESTION 648
An organization requires the ability to send encrypted email messages to a partner from an email
server that is hosted on premises. The organization prefers to use the standard default ports
when creating firewall rules. Which of the following ports should be open to satisfy the
requirements?
A. 110
B. 143
C. 587
D. 636
Answer: C
Explanation:
Port 587 is used for email message submission, typically by clients to an email server. It supports
the encrypted transmission of email messages using Transport Layer Security (TLS) or Secure
Sockets Layer (SSL). Ports 110 and 143 are used for email retrieval by clients from an email
server. Port 636 is used for LDAP over SSL.
QUESTION 649
Which of the following BEST describes a split-tunnel client-to-server VPN connection?
A. The client sends all network traffic down the VPN tunnel.
B. The client has two different IP addresses that can be connected to a remote site from two
different ISPs to ensure availability.
C. The client sends some network traffic down the VPN tunnel and other traffic to the local gateway.
D. The client connects to multiple remote sites at the same time.
Answer: C
Explanation:
In a split-tunnel VPN, only certain network traffic (usually traffic destined for the remote network)
is sent over the VPN tunnel, while other traffic is sent directly to the local gateway and out to the
internet. This can improve overall network performance for the user, but can also introduce some
security risks if the local network is not properly secured.
QUESTION 650
Which of the following is the MOST secure connection used to inspect and provide controlled
internet access when remote employees are connected to the corporate network?
A. Site-to-site VPN
B. Full-tunnel VPN
C. Split-tunnel VPN
D. SSH
Answer: B
Explanation:
The MOST secure connection would be a full-tunnel VPN. This is because all traffic from the
remote device is sent through the VPN and encrypted, rather than just specific traffic as with a
split-tunnel VPN.
QUESTION 651
An engineer is troubleshooting poor performance on the network that occurs during work hours.
Which of the following should the engineer do to improve performance?
A. Replace the patch cables.

B. Create link aggregation.
C. Create separation rules on the firewall.
D. Create subinterfaces on the existing port.
Answer: B
QUESTION 652
A customer reports there is no access to resources following the replacement of switches. A
technician goes to the site to examine the configuration and discovers redundant links between
two switches. Which of the following is the reason the network is not functional?
A. The ARP cache has become corrupt.
B. CSMA/CD protocols have failed.
C. STP is not configured.
D. The switches are incompatible models.
Answer: C
Explanation:
The reason the network is not functional due to redundant links between the two switches is likely
that Spanning Tree Protocol (STP) is not configured. STP prevents loops in a network topology
and disables redundant paths that could cause data loops or broadcast storms. The presence of
redundant links without STP can cause network instability and congestion.
QUESTION 653
Users are reporting poor wireless performance in some areas of an industrial plant. The wireless
controller is measuring a low EIRP value compared to the recommendations noted on the most
recent site survey. Which of the following should be verified or replaced for the EIRP value to
meet the site survey's specifications? (Choose two.)
A. AP transmit power
B. Channel utilization
C. Signal loss
D. Update ARP tables
E. Antenna gain
F. AP association time
Answer: AE
Explanation:
To improve EIRP values, the transmit power of the AP or the antenna gain can be increased.
Channel utilization and signal loss do not directly affect the EIRP value, and ARP tables and AP
association time are not relevant to wireless performance.
QUESTION 654
A coffee shop owner hired a network consultant to provide recommendations for installing a new
wireless network. The coffee shop customers expect high speeds even when the network is
congested. Which of the following standards should the consultant recommend?
A. 802.11ac
B. 802.11ax
C. 802.11g
D. 802.11n
Answer: B
Explanation:
The consultant should recommend 802.11ax, also known as Wi-Fi 6, which is the latest wireless
standard that provides high speeds even in congested areas.
QUESTION 655
A network technician is hired to review all the devices within a network and make
recommendations to improve network efficiency. Which of the following should the technician do
FIRST before reviewing and making any recommendations?
A. Capture a network baseline.
B. Perform an environmental review.
C. Read the network logs.
D. Run a bandwidth test.
Answer: A
Explanation:
Capturing a network baseline is the first step a network technician should take before reviewing
and making any recommendations. A baseline helps to establish a starting point to measure
network performance, identify performance issues, and track the effectiveness of any changes
that are made to the network.
QUESTION 656
A company has multiple offices around the world. The computer rooms in some office locations
are too warm. Dedicated sensors are in each room, but the process of checking each sensor
takes a long time. Which of the following options can the company put in place to automate
temperature readings with internal resources?
A. Implement NetFlow.
B. Hire a programmer to write a script to perform the checks.
C. Utilize ping to measure the response.
D. Use SNMP with an existing collector server.
Answer: D
Explanation:
SNMP (Simple Network Management Protocol) is a protocol used for managing and monitoring
network devices. It can be used to monitor and collect data from sensors in a network, including
temperature sensors. By using an existing SNMP collector server, the company can automate the
process of checking temperature readings from multiple sensors in different locations. This can
help the company to identify the rooms that are too warm quickly and efficiently, without the need
for manual checks.
QUESTION 657
A technician is investigating an issue with connectivity at customer's location. The technician
confirms that users can access resources locally but not over the internet. The technician
theorizes that the local router has failed and investigates further. The technician's testing results
show that the router is functional; however, users still are unable to reach resources on the
internet. Which of the following describes what the technician should do NEXT?
A. Document the lessons learned.

B. Escalate the issue.
C. Identify the symptoms.
D. Question users for additional information.
Answer: B
QUESTION 658
On a network with redundant switches, a network administrator replaced one of the switches but
was unable to get a connection with another switch. Which of the following should the
administrator check after successfully testing the cable that was wired for TIA/EIA-568A on both
ends?
A. If MDIX is enabled on the new switch

B. If PoE is enabled
C. If a plenum cable is being used
D. If STP is disabled on the switches
Answer: A
Explanation:
As no cross-over cable is being used, auto-MDIX needs to be enabled. No information on
redundant routes has been provided to suggest that STP should be active.
QUESTION 659
The lack of a formal process to grant network permissions to different profiles of employees and
contractors is leading to an increasing number of security incidents. Non-uniform and overly
permissive network accesses are being granted. Which of the following would be the MOST
appropriate method to improve the security of the environment?
A. Change the default permissions to implicit deny.

B. Configure uniform ACLs to employees and NAC for contractors.
C. Deploy an RDP server to centralize the access to the network.
D. Implement role-based access control.
Answer: D
Explanation:
The MOST appropriate method to improve the security of the environment, given the described
situation, would be to implement role-based access control. Role-based access control (RBAC) is
a method that assigns permissions to users based on their role in the organization. This method
helps ensure that users only have the permissions they need to perform their job duties, and no
more. By implementing RBAC, the organization can enforce a more uniform and controlled
access to the network, reducing the risk of security incidents caused by overly permissive
network accesses. The other options may help to some extent, but they do not address the
underlying problem of non-uniform and overly permissive network accesses being granted.
QUESTION 660
Which of the following types of planes propagates routing information in an SDWAN solution?
A. Orchestration plane
B. Management plane
C. Control plane
D. Data plane
Answer: C
QUESTION 661
A technician is running new Cat 5e cables to a server room. Which of the following tools should
the technician use to terminate the cables at the patch panel?
A. Multimeter
B. Cable crimper
C. Toner probe
D. Punchdown tool
Answer: D
QUESTION 662
A disaster recovery team needs a solution that would best meet the following requirements:
- The server infrastructure has been pre-installed

- The fail-over location offers basic life support.
- The fail-over location provides basic network connectivity.
- Minimizing cost is preferred over quicker business recovery times
- The expected time for services to be fully operational is days.
Which of the following sites would meet the requirements?
A. Cold site
B. Cloud site
C. Warm site
D. Hot site
Answer: C
Explanation:
A warm site is a scaled-down version of a hot site. The recovery site is often only configured with
power, phone, and network jacks. It may have computers and other resources, but they are not
configured and ready to go.
- You bring the hardware, software, data
- A second site in the event of a disaster
- Doesn't mirror all live data
QUESTION 663
A technician troubleshoots a computer that has intermittent network connectivity and notices the
termination point is loose. The technician also observes that the patch cable has already been
replaced.
Which of the following should the technician do NEXT?
A. Use a tone generator to trace the cable

B. Use a multimeter to determine if PoE is available on the switchport
C. Use a cable crimper to replace the RJ45 connector on the patch cable
D. Use a punchdown tool to reseat the copper in the wall jack
Answer: D
QUESTION 664
A company wants to invest in new hardware for the core network infrastructure. The management
team requires that the infrastructure be capable of being repaired in less than 60 minutes if any
major part fails. Which of the following metrics is MOST likely associated with this requirement?
A. RPO
B. MTTR
C. FHRP
D. MTBF
Answer: B
QUESTION 665
Which of the following devices and encapsulations are found at the data link layer? (Choose two.)
A. Session
B. Frame
C. Firewall
D. Switch
E. Packet
F. Router
Answer: BD
QUESTION 666
After rebooting an AP, a user is no longer able to connect to the enterprise LAN. A technician
plugs a laptop in to the same network jack and receives the IP 169.254.0.200. Which of the
following is MOST likely causing the issue?
A. DHCP scope exhaustion

B. Signal attenuation
C. Channel overlap
D. Improper DNS configuration
Answer: A
QUESTION 667
A network administrator is concerned about a rainbow table being used to help access network
resources. Which of the following must be addressed to reduce the likelihood of a rainbow table
being effective?
A. Password policy
B. Remote access policy
D. Data loss prevention policy
Answer: A
QUESTION 668
Hotspot Question
A network technician needs to resolve some issues with a customer's SOHO network. The
customer reports that some of the PCs are not connecting to the network, while others appear to
be working as intended.
INSTRUCTIONS
Troubleshoot all the network components.
Review the cable test results first, then diagnose by clicking on the appropriate PC, server, and
Layer 2 switch.
Identify any components with a problem and recommend a solution to correct each problem.
If at any time you would like to bring back the initial state of the simulation, please dick the Reset
All button.
Answer:
QUESTION 669
Hotspot Question
You have been tasked with implementing an ACL on the router that will:
1. Permit the most commonly used secure remote access technologies from the management
network to all other local network segments.
2. Ensure the user subnet cannot use the most commonly used remote access technologies in
the Linux and Windows Server segments.
3. Prohibit any traffic that has not been specifically allowed.
INSRUCTIONS
Use the drop-downs to complete the ACL.
All button.
Answer:
QUESTION 670
A customer calls the help desk to report that a Windows PC is unable to open any websites or
access any server shares. The help desk technician suspects there is an issue with the
configuration. Which of the following commands should the technician issue FIRST to
troubleshoot the issue?
A. tracert
B. netstat
C. arp
D. ipconfig
E. nmap
Answer: D
QUESTION 671
A network technician needs to select an AP that will support at least 1.3Gbps and 5GHz only.
Which of the following wireless standards must the AP support to meet the requirements?
A. B
B. AC
C. AX
D. N
E. G
Answer: B
QUESTION 672
Which of the following devices would be used to extend the range of a wireless network?
A. A repeater
B. A media converter
C. A router
D. A switch
Answer: A
QUESTION 673
Which of the following redundant devices creates broadcast storms when connected together on
a high-availability network?
A. Switches
B. Routers
C. Access points
D. Servers
Answer: A
QUESTION 674
A technician is investigating a misconfiguration on a Layer 3 switch. When the technician logs in
and runs a command, the following data is shown:
Which of the following commands generated this output?
A. show route
B. show config
C. show interface
D. tcpdump
E. netstat -s
Answer: A
QUESTION 675
An IT technician is working on a support ticket regarding an unreachable website. The technician
has utilized the ping command to the website, but the site is still unreachable. Which of the
following tools should the technician use NEXT?
A. ipconfig
B. tracert
C. arp
D. netstat
Answer: B
QUESTION 676
An ISP configured an internet connection to provide 20Mbps, but actual data rates are occurring
at 10Mbps and causing a significant delay in data transmission. Which of the following
specifications should the ISP check?
A. Throughput
B. Latency
C. Bandwidth
D. Jitter
Answer: C
QUESTION 677
An application team is deploying a new application. The application team would like the network
team to monitor network performance and create alerts if fluctuations in the round-trip time occur
for that traffic. Which of the following should the network team monitor to meet this requirement?
A. Bandwidth
B. Latency
C. Loss
D. Cyclic redundancy check
Answer: B
QUESTION 678
A network administrator is configuring Neighbor Discovery Protocol in an IPv6 network to ensure
an attacker cannot spoof link-layer addresses of network devices. Which of the following should
the administrator implement?
A. MAC filtering
B. Router Advertisement Guard
C. Port security
D. DNSSEC
Answer: B
QUESTION 679
A network architect is developing documentation for an upcoming IPv4/IPv6 dual-stack
implementation. The architect wants to shorten the following IPv6 address:
ef82:0000:0000:0000:0000:1ab1:1234:1bc2. Which of the following is the MOST appropriate
shortened version?
A. ef82:0:1ab1:1234:1bc2
B. ef82:0::1ab1:1234:1bc2
C. ef82:0:0:0:0:1ab1:1234:1bc2
D. ef82::1ab1:1234:1bc2
Answer: D
QUESTION 680
Which of the following default ports is MOST likely used to send availability and environmental
messages about specific devices across the network?
A. 23
B. 53
C. 389
D. 514
E. 3306
Answer: D
QUESTION 681
A newly installed multifunction copier needs to be set up so scanned documents can be emailed
to recipients. Which of the following ports from the copier's IP address should be allowed?
A. 22
B. 25
C. 53
D. 80
Answer: B
QUESTION 682
Which of the following has the capability to centrally manage configuration, logging, and firmware
versioning for distributed devices?
A. WLAN controller
B. Load balancer
C. SIEM solution
D. Syslog server
Answer: A
QUESTION 683
A PC and a network connectivity, and a help desk technician is attempting to resolve the issue.
The technician plans to run a constant ping command from a Windows workstation while testing
various possible reasons for the connectivity issue.
Which of the following should the technician use?
A. ping -w
B. ping -i
C. ping -s
D. ping -t
Answer: D
Explanation:
The ping command is used to test the connectivity between a computer and another computer or
network device. The -t option tells ping to send packets continuously until the user stops it. This is
useful for troubleshooting network problems, as it allows the technician to see how long it takes
for packets to be sent and received.
QUESTION 684
Which of the following is the MOST effective security control to keep a company's physical
perimeter protected against intrusions leveraged by social-engineering techniques?
A. Employee training
B. Biometric lockers
D. Motion detection
Answer: C
QUESTION 685
A customer called the help desk to report a network issue. The customer recently added a hub
between the switch and the router in order to duplicate the traffic flow to a logging device. After
adding the hub, all the other network components that were connected to the switch slowed more
than expected. Which of the following is the MOST likely cause of the issue?
A. Duplex mismatch
B. Flow control failure
C. STP malfunction
D. 802.1Q disabled
Answer: A
QUESTION 686
A fiber patch cable, which was being stored in an unsecure telecommunications closet with
janitorial supplies, was damaged and caused an outage. A network technician replaced the
broken cable with a new cable from a sealed bag. However, this solution did not resolve the
outage. Which of the following is the MOST likely explanation?
A. Incorrect pinout
B. Incorrect transceivers
C. Reversed transmit and receive
D. Dirty optical cables
Answer: C
QUESTION 687
An engineer is gathering data to determine the effectiveness of UPSs in use at remote retail
locations. Which of the following statistics can the engineer use to determine the availability of the
remote network equipment?
A. Uptime
B. NetFlow baseline
C. Review TTL stats
D. Interface statistics
Answer: A
QUESTION 688
A technician uses a badge to enter a security checkpoint on a corporate campus. An unknown
individual quickly walks in behind the technician without speaking. Which of the following types of
attacks did the technician experience?
A. Tailgating
B. Evil twin
C. On-path
D. Piggybacking
Answer: A
QUESTION 689
A company is opening a new building on the other side of its campus. The distance from the
closest building to the new building is 1,804ft (550m). The company needs to connect the
networking equipment in the new building to the other buildings on the campus without using a
repeater. Which of the following transceivers should the company use?
A. 10GBASE-SW
B. 10GBASE-LR
C. 10GBASE-LX4 over multimode fiber
D. 10GBASE-SR
Answer: B
QUESTION 690
An AP uses a 98ft (30m) Cat 6 cable to connect to an access switch. The cable is wired through a
duct close to a three-phase motor installation. Anytime the three-phase is turned on, all users
connected to the switch experience high latency on the network. Which of the following is MOST
likely the cause of the issue?
A. Interference
B. Attenuation
C. Open circuit
D. Short circuit
Answer: A
QUESTION 691
An IT technician installs five old switches in a network. In addition to the low port rates on these
switches, they also have improper network configurations. After three hours, the network
becomes overwhelmed by continuous traffic and eventually shuts down. Which of the following is
causing the issue?
A. Broadcast storm
B. Collisions
C. IP settings
D. Routing loops
Answer: A
QUESTION 692
An engineer is designing a network topology for a company that maintains a large on-premises
private cloud. A design requirement mandates internet-facing hosts to be partitioned off from the
internal LAN and internal server IP ranges. Which of the following defense strategies helps meet
this requirement?
A. Implementing a screened subnet

B. Deploying a honeypot
C. Utilizing network access control
D. Enforcing a Zero Trust model
Answer: A
QUESTION 693
Many IP security cameras use RTSP to control media playback. Which of the following default
transport layer port numbers does RTSP use?
A. 445
B. 554
C. 587
D. 5060
Answer: B
QUESTION 694
Which of the following describes the ability of a corporate IT department to expand its cloud-
hosted VM environment with minimal effort?
A. Scalability
B. Load balancing
C. Multitenancy
D. Geo-redundancy
Answer: A
QUESTION 695
A network technician is working at a new office location and needs to connect one laptop to
another to transfer files. The laptops are newer models and do not have Ethernet ports. Access
points are not available either. Which of the following types of wireless network SSIDs does the
network technician need to configure to be able to connect the laptops together?
A. Independent Basic Service Set

B. Extended Service Set
C. Distribution System Service
D. Basic Service Set
Answer: D
QUESTION 696
An organization would like to implement a disaster recovery strategy that does not require a
facility agreement or idle hardware. Which of the following strategies MOST likely meets the
organization's requirements?
A. Cloud site
B. Cold site
C. Warm site
D. Hot site
Answer: A
QUESTION 697
A network administrator is investigating reports about network performance and finds high
utilization on a switch uplink. The administrator is unsure whether this is an anomaly or normal
behavior that will require an upgrade to resolve. Which of the following should the administrator
reference to gain historical perspective?
A. Device configuration review

B. ARP table export
C. Service-level agreement
D. Network performance baseline
Answer: D
QUESTION 698
A network administrator is troubleshooting a client's device that cannot connect to the network. A
physical inspection of the switch shows the RJ45 is connected. The NIC shows no activity lights.
The network administrator moves the device to another location and connects to the network
without issues. Which of the following tools would be the BEST option for the network
administrator to use to further troubleshoot?
A. Tone generator
B. Multimeter
C. Optical time-domain reflectometer
D. Cable tester
Answer: D
QUESTION 699
A non-employee was able to enter a server room. Which of the following could have prevented
this from happening?
A. A security camera
B. A biometric reader
C. OTP key fob
D. Employee training
Answer: B
QUESTION 700
A large number of PCs are obtaining an APIPA IP address, and a number of new computers were
added to the network. Which of the following is MOST likely causing the PCs to obtain an APIPA
address?
A. Rogue DHCP server

B. Network collision
C. Incorrect DNS settings
D. DHCP scope exhaustion
Answer: D
QUESTION 701
An engineer is using a tool to run an ICMP sweep of a network to find devices that are online.
When reviewing the results, the engineer notices a number of workstations that are currently
verified as being online are not listed in the report.
The tool was configured to scan using the following information:
- Network address: 172.28.16.0

- CIDR: /22
The engineer collected the following information from the client workstation:
- IP address: 172.28.17.206
- Subnet mask: 255.255.252.0
Which of the following MOST likely explains why the tool is failing to detect some workstations?
A. The scanned network range is incorrect.

B. The subnet mask on the client is misconfigured.
C. The workstation has a firewall enabled.
D. The tool is unable to scan remote networks.
Answer: A
QUESTION 702
Which of the following can be used to limit the ability of devices to perform only HTTPS
connections to an internet update server without exposing the devices to the public internet?
A. Allow connections only to an internal proxy server.

B. Deploy an IDS system and place it in line with the traffic.
C. Create a screened network and move the devices to it.
D. Use a host-based network firewall on each device.
Answer: C
QUESTION 703
A network administrator notices excessive wireless traffic occurring on an access point after
normal business hours. The access point is located on an exterior wall. Which of the following
should the administrator do to limit wireless access outside the building?
A. Set up a private VLAN.

B. Disable roaming on the WAP.
C. Change to a directional antenna.
D. Stop broadcasting of the SSID.
Answer: D
QUESTION 704
A technician thinks one of the router ports is flapping. Which of the following available resources
should the technician use in order to determine if the router is flapping?
A. Audit logs
B. NetFlow
C. Syslog
D. Traffic logs
Answer: B
QUESTION 705
Which of the following layers is where TCP/IP port numbers identify which network application is
receiving the packet and where it is applied?
A. 3
B. 4
C. 5
D. 6
E. 7
Answer: B
QUESTION 706
A user reports that a crucial fileshare is unreachable following a network upgrade that was
completed the night before. A network technician confirms the problem exists. Which of the
following troubleshooting steps should the network technician perform NEXT?
A. Establish a theory of probable cause.

B. Implement a solution to fix the problem.
C. Create a plan of action to resolve the problem.
D. Document the problem and the solution.
Answer: A
QUESTION 707
A network engineer is designing a wireless network that has the following requirements:
- Network speed must be higher than 100Mbps

- Must use the 2.4GHz and 5GHz bands
Which of the following 802.11 standards should the engineer select?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n
Answer: D
QUESTION 708
A network engineer is investigating reports of poor performance on a videoconferencing
application. Upon reviewing the report, the engineer finds that available bandwidth at the WAN
connection is low. Which of the following is the MOST appropriate mechanism to handle this
issue?
A. Traffic shaping
B. Flow control
C. NetFlow
D. Link aggregation
Answer: A
QUESTION 709
Which of the following protocols can be routed?
A. FCoE
B. Fibre Channel
C. iSCSI
D. NetBEUI
Answer: C
Explanation:
iSCSI is a routable protocol that uses TCP/IP to transport SCSI commands over IP networks.
FCoE and Fibre Channel are non-routable protocols that use Ethernet or optical fiber to transport
SCSI commands over LANs or SANs. NetBEUI is a non-routable protocol that uses broadcasts to
transport NetBIOS commands over LANs.
QUESTION 710
A Fortune 500 company would like to move its on-premises corporate email systems to a
multitenant product hosted in the cloud where no maintenance of the underlying server OS or
platform is required. Which of the following BEST represents the model the company should
choose?
A. Public
B. Private
C. Hybrid
D. Community
Answer: A
QUESTION 711
Which of the following situations would require an engineer to configure subinterfaces?
A. In a router-on-a-stick deployment with multiple VLANs

B. In order to enable inter-VLAN routing on a multilayer switch
C. When configuring VLAN trunk links between switches
D. After connecting a router that does not support 802.1Q VLAN tags
Answer: A
QUESTION 712
At which of the following OSI model layers does a MAC filter list for a wireless infrastructure
operate?
A. Physical
B. Network
C. Session
D. Data link
Answer: D
QUESTION 713
The Chief Executive Officer of a company wants to ensure business operations are not disrupted
in the event of a disaster. The solution must have fully redundant equipment, real-time
synchronization, and zero data loss. Which of the following should be prepared?
A. Cloud site
B. Warm site
C. Hot site
D. Cold site
Answer: C
QUESTION 714
An IT technician needs to increase bandwidth to a server. The server has multiple gigabit ports.
Which of the following can be used to accomplish this without replacing hardware?
A. STP
B. 802.1Q
C. Duplex
D. LACP
Answer: D
Explanation:
LACP (Link Aggregation Control Protocol) can be used to increase bandwidth to a server without
replacing hardware. LACP allows multiple network connections to be bundled together to
increase throughput and provide redundancy. This is also known as link aggregation or NIC
teaming. By using LACP, the IT technician can combine multiple gigabit ports on the server to
create a single high-bandwidth connection without replacing any hardware. STP (Spanning Tree
Protocol), 802.1Q (VLAN tagging), and duplex settings do not increase bandwidth but rather
control network topology, network segmentation, and communication speed, respectively.
QUESTION 715
A company wants to mitigate unauthorized physical connectivity after implementing a hybrid work
schedule. Which of the following will the company MOST likely configure?
A. Intrusion prevention system

B. DHCP snooping
C. ARP inspection
D. Port security
Answer: D
Explanation:
Port security is a feature that allows network administrators to control which devices can connect
to specific switch ports. By configuring port security, the company can limit the number of
authorized devices that can be connected to each switch port, preventing unauthorized physical
connectivity.
QUESTION 716
A customer cannot reach a web application on a local server. The network consultant suspects
that the server is not accepting the HTTPS connection. Which of the following commands should
the consultant run on the server to determine what is occurring?
A. route
B. arp
C. nmap
D. netstat
Answer: D
QUESTION 717
A help desk technician is troubleshooting a Windows server named SQL.local and wants to check
which port a specific application is running on. Which of the following commands should the
technician run?
A. dig
B. traceroute
C. arp
D. netstat
Answer: D
Explanation:
Netstat is a command-line tool that displays active network connections and listening ports on a
host. By running the netstat command with appropriate parameters on the Windows server
(SQL.local), the technician can view the list of active connections and the associated ports. This
will help identify the port on which the specific application is running.
QUESTION 718
A network administrator is configuring a static DSL connection on the perimeter router to use a
backup route to the fiber connection using OSPF routing. The administrator notices all traffic is
going over the DSL connection and both links are working. Which of the following should the
administrator do to adjust the routing settings for the fiber connection to be used by the router?
A. Add the DSL connection to the neighbor table for OSPF protocol
B. Change the routing protocol to EIGRP for the fiber connection
C. Increase the administrative distance of the DSL connection
D. Create a separate VLAN for the DSL connection
Answer: C
Explanation:
Since the DSL connection was configured as Static it would be given an AD of 1. The OSPF fiber
connection would have automatically been assigned an AD of 110 being OSPF. So yes you
would have to increase the AD distance of the static DSL route in order for the best path to be the
fiber OSPF.
QUESTION 719
A Chief Information Officer wants to monitor network breaching in a passive, controlled manner.
Which of the following would be BEST to implement?
A. Honeypot
B. Perimeter network
C. Intrusion prevention system
D. Port security
Answer: A
QUESTION 720
A technician monitors a switch interface and notices it is not forwarding frames on a trunked port.
However, the cable and interfaces are in working order. Which of the following is MOST likely the
cause of the issue?
A. STP policy
B. Flow control
C. 802.1Q configuration
D. Frame size
Answer: C
QUESTION 721
A wireless network technician is receiving reports from some users who are unable to see both of
the corporate SSIDs on their mobile devices. A site survey was recently commissioned, and the
results verified acceptable RSSI from both APs in all user areas. The APs support modern
wireless standards and are all broadcasting their SSIDs. The following table shows some of the
current AP settings:
Which of the following changes would result in all of the user devices being capable of seeing
both corporate SSIDs?
A. Implementing the WPA2 Enterprise authentication standard

B. Implementing omnidirectional antennas for both APs
C. Configuring the highest power settings for both APs
D. Configuring both APs to use the 802.11ac wireless standard
Answer: B
QUESTION 722
An infrastructure company is implementing a cabling solution to connect sites on multiple
continents. Which of the following cable types should the company use for this project?
A. Cat 7
B. Single-mode
C. Multimode
D. Cat 6
Answer: B
QUESTION 723
A user is required to log in to a main web application, which then grants the user access to all
other programs needed to complete job-related tasks. Which of the following authentication
methods does this setup describe?
A. SSO
B. RADIUS
C. TACACS+
D. Multifactor authentication
E. 802.1X
Answer: A
QUESTION 724
A company has a geographically remote office. In order to connect to the internet, the company
has decided to use a satellite WAN link. Which of the following is the GREATEST concern for this
type of connection?
A. Duplex
B. Collisions
C. Jitter
D. Encapsulation
Answer: C
QUESTION 725
A network technician is deploying multiple switches for a new office. The switches are separately
managed and need to be cabled in to support dual firewalls in a HA setup. Which of the following
should the technician enable to support proper stability of the network switches?
A. NTP
B. CDMA
C. STP
D. LACP
E. 802.1Q
Answer: C
QUESTION 726
Which of the following would be used to filter web traffic based on content?
A. Proxy server
B. Load balancer
C. Media converter
D. Access point
Answer: A
QUESTION 727
A bank installed a new smart TV to stream online video services, but the smart TV was not able
to connect to the branch Wi-Fi. The next day, a technician was able to connect the TV to the Wi-
Fi, but a bank laptop lost network access at the same time. Which of the following is the MOST
likely cause?
A. DHCP scope exhaustion

B. AP configuration reset
C. Hidden SSID
D. Channel overlap
Answer: D
Explanation:
When two or more wireless networks use the same channel, they can interfere with each other,
causing problems with connectivity. This is especially likely to happen if the networks are close
together, such as in a bank branch.
In this case, the smart TV was able to connect to the Wi-Fi because it was using a different
channel than the laptop. However, when the technician changed the channel of the smart TV, it
caused the laptop to lose network access because they were now using the same channel.
QUESTION 728
Newly crimped 26ft (8m) STP Cat 6 patch cables were recently installed in one room to replace
cables that were damaged by a vacuum cleaner. Now, users in that room are unable to connect
to the network. A network technician tests the existing cables first. The 177ft (54m) cable that
runs from the core switch to the access switch on the floor is working, as is the 115ft (35m) cable
run from the access switch to the wall jack in the office. Which of the following is the MOST likely
reason the users cannot connect to the network?
A. Mixed UTP and STP cables are being used.

B. The patch cables are not plenum rated.
C. The cable distance is exceeded.
D. An incorrect pinout on the patch cable is being used.
Answer: D
Explanation:
STP (Shielded Twisted Pair) cables are used to protect against electromagnetic interference
(EMI). The cable distance is not exceeded, as the 26ft (8m) patch cable is within the maximum
distance of 100 meters for Cat 6 cables. The patch cables are also plenum rated, which means
they can be used in air plenums without emitting harmful fumes.
The most likely reason the users cannot connect to the network is that the pinout on the patch
cable is incorrect. The pinout is the order in which the wires in the cable are connected to the RJ-
45 connector. If the pinout is incorrect, the data signals will not be transmitted correctly and the
user will not be able to connect to the network.
QUESTION 729
While troubleshooting a network outage, a technician discovers symptoms that indicate a patch
cable is connecting the core switch to the router. A network engineer confirms the theory is
plausible, and the technician tests the cable. The cable passes the test, and the technician
properly plugs the cable back into the correct network ports. However, the network outage
continues. Which of the following is the NEXT step the technician should take to troubleshoot the
network outage?
A. Establish a new theory.

B. Verify full system functionality.
C. Establish a plan of action.
D. Continue to work the original theory.
Answer: A
QUESTION 730
A help desk supervisor discovers the following ticket excerpt while reviewing notes in a
customer's account:
- Received report that customer was unable to use the scanner to read barcodes, the internet no
longer worked, and the monitor was fuzzy. Arrived on site and began troubleshooting.
- Confirmed monitor issue. Replaced VGA cable.
- Confirmed scanner failure. Scanner USB cable was unattached. Reattached cable.
- Confirmed internet issue. Duplicated on test laptop. Escalated to ISP.
Which of the following BEST describes what the technician was doing?
A. The technician was questioning the obvious.

B. The technician was implementing preventative measures.
C. The technician was approaching multiple problems individually.
D. The technician was determining if anything had changed.
Answer: C
QUESTION 731
Which of the following routing protocols should be implemented to create a route between a local
area network and an ISP?
A. BGP
B. EIGRP
C. RIP
D. OSPF
Answer: A
Explanation:
BGP (Border Gateway Protocol): BGP is designed for routing between different autonomous
systems (ASes) on the internet. It is used to exchange routing and reachability information
between ISPs, enterprises, and other networks. BGP is well-suited for handling large-scale
networks and providing policy-based routing control.
QUESTION 732
A technician would like to implement a low-latency Wi-Fi network. Which of the following
standards should the technician deploy for the network if the expected user bandwidth is
450Mbps?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n
Answer: D
QUESTION 733
Which of the following attacks, if successful, would provide a malicious user who is connected to
an isolated guest network access to the corporate network?
A. VLAN hopping
B. On-path attack
C. IP spoofing
D. Evil twin
Answer: A
Explanation:
VLAN hopping is an attack where an attacker exploits a misconfigured switch to gain
unauthorized access to VLANs other than the one they should be in. In this case, if an attacker is
on an isolated guest network and successfully performs VLAN hopping, they could potentially
gain access to the corporate network, which is a security breach.
QUESTION 734
A network administrator implements a group of access points, only changing the SSID,
credentials, and IP address. Shortly after, users begin reporting poor quality and video loss while
on video calls in the conference room. Which of the following should the administrator do to
MOST effectively troubleshoot during business hours?
A. Remove the current antennas and replace them with directional antennas on each AP.
B. Disconnect the AP and move it closer to the conference room.
C. Configure separate channels on APs that are not supporting the conference room.
D. Reboot the switch and each AP at the same time.
Answer: C
QUESTION 735
A desktop support department has observed slow wireless speeds for a new line of laptops using
the organization's standard image. No other devices have experienced the same issue. Which of
the following should the network administrator recommend troubleshooting FIRST to resolve this
issue?
A. Increasing wireless signal power
B. Installing a new WAP
C. Changing the protocol associated to the SSID
D. Updating the device wireless drivers
Answer: D
QUESTION 736
A technician needs to change an incoming fiber line into an RJ45 copper connection for uplinking
a new switch. Which of the following would BEST satisfy this requirement?
A. Media converter
B. F-type connector
C. Small form-factor pluggable
D. Punchdown block
Answer: A
QUESTION 737
A new engineer at a company is working to understand the network. Which of the following
diagrams should the engineer review to understand the paths traffic takes?
A. Physical
B. Logical
C. Wiring
D. Rack
Answer: B
Explanation:
To understand the paths that network traffic takes, the new engineer should review the Logical
network diagram. The logical diagram provides an overview of how devices are interconnected
and how data flows within the network, showing the logical relationships between devices,
subnets, and network segments.
QUESTION 738
A network technician is attempting to increase throughput by configuring link port aggregation
between a Gigabit Ethernet distribution switch and a Fast Ethernet access switch. Which of the
following is the BEST choice concerning speed and duplex for all interfaces that are participating
in the link aggregation?
A. Half duplex and 1GB speed

B. Full duplex and 1GB speed
C. Half duplex and 100MB speed
D. Full duplex and 100MB speed
Answer: B
Explanation:
The access switches are fast ethernet so only 100mb/full duplex. All interfaces would need to be
set to the highest possible link speed of all devices, which is 100mb. The gigabit interfaces would
need to be set to 100/full.
QUESTION 739
A junior network engineer is trying to change the native network ID to a non-default value that can
then be applied consistently throughout the network environment. Which of the following issues is
the engineer attempting to prevent?
A. DDoS
B. ARP spoofing
C. VLAN hopping
D. Rogue DHCP
Answer: C
Explanation:
VLAN hopping is a security vulnerability that allows an attacker to move from one VLAN to
another without authorization. This can be done by sending a frame with a double VLAN tag. The
first tag is the native VLAN of the attacker's port, and the second tag is the VLAN that the attacker
wants to access.
The native VLAN is the VLAN that is used for untagged frames. By changing the native VLAN to
a non-default value, the engineer can make it more difficult for an attacker to send frames with
double VLAN tags.
QUESTION 740
Which of the following BEST prevents unauthorized access to spare workstation inventory?
A. Asset tags
B. Tamper detection
C. Security camera
D. Locking cabinet
E. Smart lockers
Answer: D
QUESTION 741
A technician is troubleshooting network connectivity from a wall jack. Readings from a multimeter
indicate extremely low ohmic values instead of the rated impedance from the switchport. Which of
the following is the MOST likely cause of this issue?
A. Incorrect transceivers
B. Faulty LED
C. Short circuit
D. Upgraded OS version on switch
Answer: C
QUESTION 742
A user is experimenting with audio transmissions and would like the transmissions to reach
several specific devices simultaneously over the IP network. The user requests assistance from a
network technician to configure the appropriate features within the SOHO. Which of the following
should the technician configure to meet the requirements?
A. Unicast
B. Multicast
C. Anycast
D. Broadcast
Answer: B
QUESTION 743
A retail store recently acquired the store next door. The owners would like this store to support
Gigabit Ethernet for up to 328ft (100m). Which of the following is the MOST cost-effective
solution?
A. Cat5
B. Cat 5e
C. Cat 6
D. Cat 7
Answer: B
QUESTION 744
Which of the following attacks becomes more effective because of global leakages of users'
passwords?
A. Dictionary
B. Brute-force
C. Phishing
D. Deauthentication
Answer: A
QUESTION 745
A network administration team for a medium-sized business has decided to segment the network,
logically separating the finance and marketing teams in order to improve performance for both
teams. The finance and marketing teams still need to access resources across the subnets, and
the router has a single interface. Which of the following should the administrator configure in
order to allow the traffic?
A. Port address translation

B. Classless masking
C. IPv6 tunneling
D. Subinterfaces
Answer: D
Explanation:
Subinterfaces: Subinterfaces are virtual interfaces created on a physical router interface, each
associated with a specific VLAN or subnet. By configuring subinterfaces, the router can effectively
handle traffic from multiple subnets, allowing traffic separation while still enabling communication
between the finance and marketing teams.
Each subinterface is associated with a different VLAN or subnet and can have its own IP address,
allowing traffic to be routed between subnets while keeping them logically separated.
QUESTION 746
A network requirement calls for the network traffic of a specific department within a campus
network to be monitored. The network has users from each department located in multiple
buildings. Which of the following should be configured to meet this requirement? (Choose two.)
A. MDIX
B. 802.1Q
C. Jumbo frames
D. Port mirroring
E. Flow control
F. LACP
Answer: BD
Explanation:
802.1Q is a standard for VLAN tagging, which allows the network administrator to segment the
network traffic of different departments into separate VLANs. This makes it easier to monitor and
manage the traffic of each department.
Port mirroring is a feature that allows the network administrator to copy the traffic from one or
more ports to another port for analysis. By configuring port mirroring on the ports connected to
the specific department, the network administrator can monitor the traffic of that department in
real-time.
QUESTION 747
A wireless technician is working to upgrade the wireless infrastructure for a company. The
company currently uses the 802.11g wireless standard on all access points. The company
requires backward compatibility and is requesting the least expensive solution. Which of the
following should the technician recommend to the company?
A. 802.11a
B. 802.11ac
C. 802.11ax
D. 802.11n
Answer: D
QUESTION 748
An employee walked into a secure facility and allowed a newly hired employee to walk in as well.
Which of the following is the BEST solution to prevent this from happening again?
A. "No tailgating" sign

B. Awareness training
C. Entry log
D. Camera
Answer: B
QUESTION 749
A network administrator is assisting a user who is unable to access network services by using
hostname on Host 1. Another user in the same office is able to access the network services with
no issue on Host 2. The network administrator runs a command on the affected machine and the
working machine and compares the following output:
Which of the follow should the network administrator change to restore connectivity?
A. Change the default gateway on Host 1 to 192.168.1.1.

B. Change the IPv4 address on Host 2 to 192.168.0.112.
C. Reconfigure the subnet masks on both hosts.
D. Update the DNS server on Host 1 to 192.168.0.53.
Answer: D
QUESTION 750
Which of the following VPN types provides the highest security for a user who travels often but
also has the highest bandwidth requirements to provide a satisfactory user experience?
A. Full-tunnel
B. Site-to-site
C. Clientless
D. Split-tunnel
Answer: A
QUESTION 751
A technician needs to map the path of a PC to the router. Which of the following tools should the
technician use to accomplish this task?
A. traceroute
B. ping
C. ifconfig
D. netstat
Answer: A
QUESTION 752
A company is using a DHCP server with 12-hour leases for its device configurations. A user
records the information that the DHCP server provides and uses the information to connect a
device with a manual IP set. Over time, the user experiences intermittent connectivity and
recurring connection timeouts. Which of the following is the MOST likely cause of the issue?
A. A duplicate IP address is on the network.

B. The user's device is pointing to an incorrect DNS server.
C. The device is set to use an incorrect subnet.
D. The device is set to use an incorrect gateway.
Answer: A
QUESTION 753
A technician is concerned about unauthorized personnel moving assets that are installed in a
data center server rack. The technician installs a networked sensor that sends an alert when the
server rack door is opened. Which of the following did the technician install?
A. Cipher lock
B. Asset tags
D. Tamper detection
Answer: D
QUESTION 754
An administrator is preparing an organization for a potential disaster. The administrator
configures the network switches and turns off the equipment in a data center. Which of the
following is this scenario an example of?
A. Warm site
B. Cold site
C. Cloud site
D. Hot site
Answer: B
QUESTION 755
Which of the following is used to require network devices to authenticate before gaining access to
a LAN?
A. 802.1Q
B. 802.1X
C. 802.11ax
D. 802.3af
Answer: B
QUESTION 756
Which of the following routing protocols is BEST suited for use on a perimeter router?
A. OSPF
B. RIPv2
C. EIGRP
D. BGP
Answer: D
QUESTION 757
A technician is investigating why a PC cannot reach a file server with the IP address
192.168.8.129. Given the following TCP/IP network configuration:
Which of the following configurations on the PC is incorrect?
A. Subnet mask
B. IPv4 address
C. Default gateway
D. IPv6 address
Answer: A
QUESTION 758
Which of the following layers of the OSI model lies between the transport layer and the network
layer?
A. Application
B. Data link
C. Session
D. Presentation
Answer: D
QUESTION 759
Which of the following describes a network in which users and devices need to mutually
authenticate before any network resource can be accessed?
A. Least privilege
B. Local authentication
C. Zero trust
D. Need to know
Answer: C
QUESTION 760
A technician is setting up DNS records on local servers for the company's cloud DNS to enable
access by hostname. Which of the following records should be used?
A. A
B. MX
C. CNAME
D. NS
Answer: C
Explanation:
A CNAME record is a type of DNS record that maps a hostname to another hostname. This is
useful when you want to use a different hostname for a server than its actual IP address.
In this case, the technician is setting up DNS records on local servers for the company's cloud
DNS to enable access by hostname. This means that the users will be able to access the servers
by their hostnames, instead of their IP addresses.
To do this, the technician needs to create a CNAME record for each server. The CNAME record
will point the hostname to the server's IP address.
QUESTION 761
A network administrator responds to a support ticket that was submitted by a customer who is
having issues connecting to a website inside of the company network. The administrator verifies
that the customer could not connect to a website using a URL. Which of the following
troubleshooting steps would be BEST for the administrator to take?
A. Check for certificate issues.

B. Contact the ISP.
C. Attempt to connect to the site via IP address.
D. Check the NTP configuration.
Answer: C
QUESTION 762
A network administrator is creating a subnet for a remote office that has 53 network devices. An
additional requirement is to use the most efficient subnet. Which of the following CIDR notations
indicates the appropriate number of IP addresses with the LEAST amount of unused addresses?
A. /24
B. /26
C. /28
D. /32
Answer: B
QUESTION 763
A Chief Executive Officer (CEO) of a company purchases a new phone that will be used while
traveling to different countries. The CEO needs to be able to place outgoing calls and receive
incoming calls on the phone using a SIM card. Which of the following cellular technologies does
the CEO's phone need?
A. WDMA
B. CDMA
C. GSM
D. SLA
Answer: C
QUESTION 764
A network technician is troubleshooting a connection to a local server and has verified that the
RDP service is running on the server. After running a command, the technician receives the
following output:
Which of the following MOST likely describes the issue?
A. A host-based firewall on the server is blocking the connection.

B. Too many collisions are occurring on the network segment.
C. A DoS attack is occurring locally.
D. A routing loop is in the network.
Answer: A
QUESTION 765
Which of the following would be used to indicate when unauthorized access to physical internal
hardware has occurred?
A. Motion detectors
B. Radio frequency identification tags
C. Tamper evident seal
D. Locking racks
Answer: C
Explanation:
A tamper-evident seal is used to indicate when unauthorized access to physical internal hardware
has occurred. These seals are designed to break or show visible signs of tampering if someone
tries to open or access a piece of equipment or hardware. This provides a visual indication that
unauthorized access or tampering has taken place, alerting security personnel to investigate
further.
QUESTION 766
A network technician is investigating a trouble ticket for a user who does not have network
connectivity. All patch cables between the wall jacks and computers in the building were
upgraded over the weekend from Cat 5 to Cat 6. The newly installed cable is crimped with a
TIA/EIA 568A on one end and a TIA/EIA 568B on the other end. Which of the following should the
technician do to MOST likely fix the issue?
A. Ensure the switchport has PoE enabled.
B. Crimp the cable as a straight-through cable.
C. Ensure the switchport has STP enabled,
D. Crimp the cable as a rollover cable.
Answer: B
QUESTION 767
Which of the following is a valid alternative to maintain a deployed proxy technology while saving
physical space in the data center by moving the network service to the virtualization
infrastructure?
A. NFV
B. SDWAN
C. Networking as code
D. VIP
Answer: A
QUESTION 768
A network technician wants to identify which DNS servers a computer is configured to use. Which
of the following commands should the technician use?
A. nbtstat
B. arp
C. nslookup
D. netstat
Answer: C
QUESTION 769
Which of the following routing protocols has routes that are classified with an administrative
distance of 110?
A. BGP
B. OSPF
C. EIGRP
D. RIP
Answer: B
Explanation:
OSPF (Open Shortest Path First) is a link-state routing protocol that uses an administrative
distance of 110. This means that OSPF routes are preferred over routes from other routing
protocols, such as RIP (Routing Information Protocol), which has an administrative distance of
120.
BGP (Border Gateway Protocol) is a path vector routing protocol that uses an administrative
distance of 200. EIGRP (Enhanced Interior Gateway Routing Protocol) is a hybrid routing protocol
that uses an administrative distance of 90.
Static routes have an administrative distance of 1.
QUESTION 770
Which of the following focuses on application delivery?
A. DaaS
B. IaaS
C. SaaS
D. PaaS
Answer: C
Explanation:
Platform as a Service (PaaS) focuses on application delivery. It provides a platform for
developers to build, deploy, and manage their applications without having to worry about the
underlying infrastructure. PaaS providers typically offer a variety of services, such as:
Operating system
Programming languages
Databases
Web servers
Application servers
Storage
Networking
Load balancing
Monitoring
PaaS can be a good option for businesses that want to develop and deploy applications quickly
and easily, without having to worry about the underlying infrastructure.
QUESTION 771
A network engineer is concerned about VLAN hopping happening on the network. Which of the
following should the engineer do to address this concern?
A. Configure private VLANs.

B. Change the default VLAN.
C. Implement ACLs on the VLAN.
D. Enable dynamic ARP inspection.
Answer: D
Explanation:
Dynamic ARP inspection (DAI) is a security feature that can help to prevent VLAN hopping. DAI
works by verifying that ARP responses are coming from the devices that they claim to be from. If
an attacker sends an ARP response that is not from a legitimate device, DAI will drop the
response.
QUESTION 772
A network technician receives a support ticket concerning multiple users who are unable to
access the company's shared drive. The switch interface that the shared drive is connected to is
displaying the following:
Which of the following is MOST likely the issue?
A. The switchport is shut down.

B. The cable is not plugged in.
C. The loopback is not set.
D. The bandwidth configuration is incorrect.
Answer: B
QUESTION 773
A customer calls the help desk to report that users are unable to access any network resources.
The issue started earlier in the day when an employee rearranged the wiring closet. A technician
goes to the site but does not observe any obvious damage. The statistics output on the switch
indicates high CPU usage, and all the lights on the switch are blinking rapidly in unison. Which of
the following is the MOST likely explanation for these symptoms?
A. The switch was rebooted and set to run in safe mode.

B. The line between the switch and the upstream router was removed.
C. A cable was looped and created a broadcast storm.
D. A Cat 6 cable from the modem to the router was replaced with Cat 5e.
Answer: C
Explanation:
The symptoms, including high CPU usage and rapidly blinking switch lights, are most likely due to
a cable loop in the network causing a broadcast storm, which is overwhelming network resources
and disrupting connectivity.
QUESTION 774
A network administrator is troubleshooting a PC that cannot connect to the LAN. The
administrator runs the ipconfig command at the command prompt and gets the following output:
Which of the following is misconfigured?
A. Subnet mask
B. Physical address
C. DNS server
D. DHCP server
Answer: C
QUESTION 775
A user stores large graphic files. The time required to transfer the files to the server is excessive
due to network congestion. The user's budget does not allow for the current switches to be
replaced. Which of the following can be used to provide FASTER transfer times?
A. Half duplex
B. Jumbo frames
C. LACP
D. 802.1Q
Answer: B
QUESTION 776
A sales team at a company uses a SaaS solution primarily for videoconferencing and a CRM
application that connects to a database server in the corporate data center. Which of the following
VPN solutions would allow secure, remote access for sales staff to the CRM application without
impacting videoconferencing traffic?
A. Clientless
B. Site-to-site
C. Split tunnel
D. Full tunnel
Answer: C
QUESTION 777
Which of the following would a network administrator configure to set NTP settings for a specific
subnet within DHCP?
A. Reservation
B. Lease time
C. Scope options
D. Exclusion range
Answer: C
QUESTION 778
A network administrator creates a new network, 10.10.0.0/24, on a DHCP server. The
administrator wants to ensure that 10.10.0.10-10.10.0.15 are not allocated to other devices.
Which of the following features should the administrator configure?
A. Exclusion
B. Reservation
C. Scope
D. Relay
Answer: A
QUESTION 779
Which of the following protocols uses Dijkstra's algorithm to calculate the LOWEST cost between
routers?
A. RIP
B. OSPF
C. BGP
D. EIGRP
Answer: B
QUESTION 780
An on-call network technician receives an automated email alert stating that a power supply on a
firewall has just powered down. Which of the following protocols would BEST allow for this level
of detailed device monitoring?
A. TFTP
B. TLS
C. SSL
D. SNMP
Answer: D
QUESTION 781
A technician is investigating a SAN switch that has a high number of CRC errors. Which of the
following is the MOST likely cause of the errors?
A. Break in the fiber

B. Bad switch port
C. Mismatched duplex
D. Memory errors
Answer: A
QUESTION 782
A customer runs a DNS lookup service and needs a network technician to reconfigure the
network to improve performance. The customer wants to ensure that servers are accessed based
on whichever one is topographically closest to the destination. If the server does not respond,
then the next topographically closest server should respond. Which of the following does the
technician need to configure to meet the requirements?
A. Multicast addressing
B. Anycast addressing
C. Broadcast addressing
D. Unicast addressing
Answer: B
QUESTION 783
Which of the following would MOST likely be used to review disaster recovery information for a
system?

C. System life cycle
D. Standard operating procedures
Answer: A
QUESTION 784
A network technician is troubleshooting a connection to a web server. The technician is unable to
ping the server but is able to verify connectivity to the web service using Telnet. Which of the
following protocols is being blocked by the firewall?
A. UDP
B. ARP
C. ICMP
D. TCP
Answer: C
QUESTION 785
A network administrator is configuring a firewall to allow for a new cloud-based email server. The
company standard is to use SMTP to route email traffic. Which of the following ports, by default,
should be reserved for this purpose?
A. 23
B. 25
C. 53
D. 110
Answer: B
QUESTION 786
Which of the following demarcation connections would be MOST appropriate to use with a cable
modem being installed in a SOHO situation?
A. RG6
B. Cat 6
C. RJ11
D. Multimode fiber
Answer: A
QUESTION 787
A technician needs to allow a device to maintain the same IP address lease based on the
physical address of a network card. Which of the following should the technician use?
A. MAC address reservation

B. Static IP address
C. Custom DNS server entry
D. IP address exclusion
Answer: A
QUESTION 788
A network technician is investigating why a core switch is logging excessive amounts of data to
the syslog server. The running configuration of the switch showed the following logging
information:
Which of the following changes should the technician make to BEST fix the issue?
A. Update the logging host IP.

B. Change to asynchronous logging.
C. Stop logging SSH events.
D. Adjust the logging level.
Answer: D
QUESTION 789
A network technician wants to find the shortest path from one node to every other node in the
network. Which of the following algorithms will provide the FASTEST convergence time?
A. A static algorithm
B. A link-state algorithm
C. A distance-vector algorithm
D. A path-vector algorithm
Answer: B
QUESTION 790
After upgrading to a SOHO router that supports Wi-Fi 6, the user determines throughput has not
increased. Which of the following is the MOST likely cause of the issue?
A. The wireless router is using an incorrect antenna type.

B. The user's workstation does not support 802.11ax.
C. The encryption protocol is mismatched.
D. The network is experiencing interference.
Answer: B
QUESTION 791
A network administrator is troubleshooting a connection to a remote site. The administrator runs a
command and sees the following output:
Which of the following is the cause of the connection issue?
A. Routing loop
B. Asymmetrical routing
C. Broadcast storm
D. Switching loop
Answer: A
QUESTION 792
While using a secure conference call connection over a corporate VPN, a user moves from a
cellular connection to a hotel wireless network. Although the wireless connection and the VPN
show a connected status, no network connectivity is present. Which of the following is the MOST
likely cause of this issue?
A. MAC filtering is configured on the wireless connection.

B. The VPN and the WLAN connection have an encryption protocol mismatch.
C. The WLAN is using a captive portal that requires further authentication.
D. Wireless client isolation is enforced on the WLAN settings.
Answer: C
QUESTION 793
An engineer was asked to update an MX record for an upcoming project. Which of the following
server types is MOST likely to be in scope for the project?
A. Email
B. Web
C. File
D. Database
Answer: A
QUESTION 794
A customer has an attached USB printer that needs to be shared with other users. The desktop
team set up printer sharing. Now, the network technician needs to obtain the necessary
information about the PC and share it with other users so they can connect to the printer. Which
of the following commands should the technician use to get the required information? (Choose
two.)
A. arp
B. route
C. netstat
D. tcpdump
E. hostname
F. ipconfig
Answer: EF
QUESTION 795
A help desk supervisor reviews the following excerpt of a call transcript:
Which of the following was the agent trying to accomplish with this exchange?
A. The agent was questioning the obvious.

B. The agent was verifying full system functionality.
C. The agent was identifying potential effects.
D. The agent was trying to duplicate the problem.
Answer: D
QUESTION 796
A technician received a report that some users in a large, 30-floor building are having intermittent
connectivity issues. Users on each floor have stable connectivity, but do not have connectivity to
other floors. Which of the following devices is MOST likely causing the issue?
A. User devices
B. Edge devices
C. Access switch
D. Core switch
Answer: D
QUESTION 797
A help desk technician discovers the following note while reviewing tickets in a customer's
account:
Was able to confirm customer's problem with the system. Will upgrade system to latest version
and monitor for further connectivity problems per developer's instructions.
Which of the following describes what the technician was documenting with this note?
A. The technician was approaching multiple problems individually.

B. The technician was establishing a plan of action and identifying potential effects.
C. The technician was testing a theory to determine the cause.
D. The technician was identifying the problem by gathering information.
Answer: C
QUESTION 798
The results of a recently completed site survey indicate a significant, undesired RSSI in the
parking lot and other exterior areas near the main building. The wireless technician would like to
mitigate access to the wireless network in exterior access areas. The current access point
settings are listed in the following table:
Which of the following is the BEST step for the technician to take to resolve the issue?
A. Reconfigure AP2 and AP3 for non-overlapping channels.

B. Implement directional antennas on AP1 and AP2.
C. Raise the power settings on AP2 and AP3.
D. Change the SSID on AP1 and AP2.
Answer: B
QUESTION 799
A network technician is selecting new network hardware, and availability is the main concern.
Which of the following availability concepts should the technician consider?
A. RTO
B. MTTR
C. MTBF
D. RPO
Answer: C
QUESTION 800
A new company moved into a corporate center. Users in the shared lobby are experiencing
disconnects on their mobile devices. Which of the following is the BEST tool a network technician
could use to troubleshoot the issue?
A. Port scanner
C. NetFlow analyzer
D. Wi-Fi analyzer
Answer: D
QUESTION 801
Two companies want to build an encrypted tunnel between them and use a PSK for initial
authentication. Which of the following is the BEST protocol for the companies to use?
A. VPN
B. SSL
C. TLS
D. IPSec
Answer: D
QUESTION 802
While troubleshooting a network, a VoIP systems engineer discovers a significant inconsistency
in the amount of time required for data to reach its destination and return. Which of the following
terms BEST describes this issue?
A. Bandwidth
B. Latency
C. Jitter
D. Throughput
Answer: C
QUESTION 803
A network technician is configuring a wireless access point and wants to only allow company-
owned devices to associate with the network. The access point uses PSKs, and a network
authentication system does not exist on the network. Which of the following should the technician
implement?
A. Captive portal
B. Guest network isolation
C. MAC filtering
D. Geofencing
Answer: C
QUESTION 804
Which of the following network topologies BEST describes a central device connected to multiple
independent devices?
A. Mesh
B. Ring
C. Hub-and-spoke
D. Bus
Answer: C
QUESTION 805
A network administrator is reviewing north-south traffic to determine whether a security threat
exists. Which of the following explains the type of traffic the administrator is reviewing?
A. Data flowing between application servers

B. Data flowing between the perimeter network and application servers
C. Data flowing in and out of the data center
D. Data flowing between local on-site support and backup servers
Answer: C
QUESTION 806
A network technician is installing a wireless network in an office building. After performing a site
survey, the technician determines the area is very saturated on the 2.4GHz and the 5GHz bands.
Which of the following wireless standards should the network technician implement?
A. 802.11ac
B. 802.11ax
C. 802.11g
D. 802.11n
Answer: B
QUESTION 807
A network technician discovered multiple failed logins on a production server. Upon investigation,
the technician determined that a client plugged a personal laptop in to the corporate LAN, which
allowed malware on the laptop to probe the network. Which of the following would have
prevented this unauthorized device?
A. Port security
B. Bring your own device policy
C. Patch management
D. Changing default passwords
Answer: A
QUESTION 808
Following a fire in a data center, an executive is concerned about the amount of data that must be
reentered. Which of the following describes the executive's concern?
A. RTO
B. MTBF
C. MMTR
D. RPO
Answer: D
Explanation:
A recovery point objective (RPO) is the maximum length of time permitted that data can be
restored from, which may or may not mean data loss. It is the age of the files or data in backup
storage required to resume normal operations if a computer system or network failure occurs.
QUESTION 809
A customer needs to distribute Ethernet to multiple computers in an office. The customer would
like to use non-proprietary standards. Which of the following blocks does the technician need to
install?
A. 110
B. 66
C. Bix
D. Krone
Answer: A
Explanation:
For distributing Ethernet to multiple computers in an office using non-proprietary standards, the
technician would typically use a block that adheres to industry-standard termination methods. The
110 block is a type of punch-down block commonly used for terminating and connecting twisted-
pair cables, including those used for Ethernet.
QUESTION 810
A network engineer turned on logging to assist with troubleshooting a suspected configuration
issue. Which of the following would provide the network engineer with the most informative log
information?
A. FATAL
B. ERROR
C. DEBUG
D. WARN
Answer: C
QUESTION 811
Which of the following cloud deployment models involves servers that are hosted at a company's
property and are only used by that company?
A. Public
B. Private
C. Hybrid
D. Community
Answer: B
QUESTION 812
A technician needs to find the MAC address of a connecting router. Which of the following
commands should the technician use?
A. arp
B. traceroute
C. nslookup
D. ping
Answer: A
QUESTION 813
A network engineer is installing hardware in a newly renovated data center. Major concerns that
were addressed during the renovation included air circulation, building power redundancy, and
the need for continuous monitoring. The network engineer is creating alerts based on the
following operation specifications:
A. Environmental monitoring alerts for humidity greater than 95%

B. SIEM to parse syslog events for a failed power supply
C. SNMP traps to report when the chassis temperature exceeds 95°F (35°C)
D. UPS monitoring to report when input voltage drops below 220VAC
Answer: B
QUESTION 814
A technician needs to set up a wireless connection that utilizes MIMO on non-overlapping
channels. Which of the following would be the best choice?
A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n
Answer: D
QUESTION 815
Users have reported an issue connecting to a server over the network. A workstation was
recently added to the network and configured with a shared USB printer. Which of the following is
most likely causing the issue?
A. The switch is oversubscribed and cannot handle the additional throughput.

B. The printer is tying up the server with DHCP discover messages.
C. The web server's back end was designed for only single-threaded applications.
D. The workstation was configured with a static IP that is the same as the server.
Answer: D
QUESTION 816
Which of the following routing protocols uses an autonomous system number?
A. IS-IS
B. EIGRP
C. OSPF
D. BGP
Answer: D
QUESTION 817
A network administrator is designing a new network for a company that has frequent power
spikes. The company wants to ensure that employees can keep working and the server will
remain operational. Which of the following is the best solution for the administrator to
recommend?
A. Generator
B. Cold site
C. Redundant power supplies
D. Uninterruptible power supply
Answer: D
QUESTION 818
Which of the following OSI model layers are responsible for handling packets from the sources to
the destination and checking for errors? (Choose two.)
A. Physical
B. Session
C. Data link
D. Network
E. Presentation
F. Application
Answer: CD
QUESTION 819
Which of the following fiber connector types is the most likely to be used on a network interface
card?
A. LC
B. SC
C. ST
D. MPO
Answer: A
QUESTION 820
Which of the following is the most cost-effective way for a network administrator to establish a
persistent, secure connection between two facilities?
A. Site-to-site VPN
B. SSH tunnel
C. API gateway
D. Dedicated line
Answer: A
QUESTION 821
Which of the following would most likely be considered for an IDF installation in a secure facility?
A. Full-size body scanners

B. Iris scanner
C. RFID badge readers
D. Smart deadbolt
Answer: C
QUESTION 822
Which of the following is the most secure way to provide site-to-site connectivity?
A. VXLAN
B. IKE
C. GRE
D. IPSec
Answer: D
QUESTION 823
Which of the following security methods uses physical characteristics of a person to authorize
access to a location?
A. Access control vestibule

B. Palm scanner
C. PIN pad
D. Digital card reader
E. Photo ID
Answer: B
QUESTION 824
Which of the following are environmental factors that should be considered when installing
equipment in a building? (Choose two.)
A. Fire suppression system
B. UPS location
C. Humidity control
D. Power load
E. Floor construction type
F. Proximity to nearest MDF
Answer: AC
QUESTION 825
A network administrator requires redundant routers on the network, but only one default gateway
is configurable on a workstation. Which of the following will allow for redundant routers with a
single IP address?
A. EIGRP
B. VRRP
C. MPLS
D. STP
Answer: B
QUESTION 826
Which of the following antenna types would most likely be used in a network repeater that is
housed in a central point in a home office?
A. Omnidirectional
B. Parabolic
C. High-gain
D. Patch
Answer: A
QUESTION 827
A network administrator received reports that a 40Gb connection is saturated. The only server the
administrator can use for data collection in that location has a 10GB connection to the network.
Which of the following is the best method to use on the server to determine the source of the
saturation?
A. Port mirroring
B. Log aggregation
C. Flow data
D. Packet capture
Answer: C
QUESTION 828
A network administrator needs to implement routing capabilities in a hypervisor. Which of the
following should the administrator most likely implement?
A. VPC
B. Firewall
C. NFV
D. laaS
Answer: C
QUESTION 829
A network technician crimped a length of UTP with TIA\EIA-568A on one end and TIA\EIA-568B
on the other. Which of the following cable types did the technician create?
A. Crossover cable
B. Patch cable
C. Twinaxial cable
D. Rollover cable
Answer: A
QUESTION 830
A network engineer designed and implemented a new office space with the following
characteristics:
One month after the office space was implemented, users began reporting dropped signals when
entering another room and overall poor connections to the 5GHz network. Which of the following
should the engineer do to best resolve the issue?
A. Use non-overlapping channels.

B. Reconfigure the network to support 2.4GHz
C. Upgrade to WPA3.
D. Change to directional antennas.
Answer: A
QUESTION 831
Which of the following security concepts is related to ensuring that encrypted data is not edited
while in transit?
A. Zero trust
B. Integrity
C. Availability
D. Confidentiality
Answer: B
QUESTION 832
A network technician is troubleshooting internet connectivity issues with users in a subnet. From
a host, the technician runs tcpdump and then attempts to navigate to a website using a web
browser. The technician receives the following output:
Afterward, the browser displays an error. Which of the following explains this issue?
A. A routing loop is within the network.

B. The host is configured with incorrect DNS settings.
C. A broadcast storm is occurring on the subnet.
D. The host is missing a route to the website.
Answer: B
QUESTION 833
After running a Cat 8 cable using passthrough plugs, an electrician notices that connected cables
are experiencing a lot of cross talk. Which of the following troubleshooting steps should the
electrician take first?
A. Inspect the connectors for any wires that are touching or exposed.
B. Restore default settings on the connected devices.
C. Terminate the connections again.
D. Check for radio frequency interference in the area.
Answer: A
QUESTION 834
A user took a laptop on a trip and made changes to the network parameters while at the airport.
The user can access all internet websites but not corporate intranet websites. Which of the
following is the most likely cause of the issue?
A. Duplicate IP address
B. Duplicate SSID
C. Incorrect DNS
D. Incorrect subnet mask
Answer: C
QUESTION 835
Which of the following best describe the functions of Layer 2 of the OSI model? (Choose two.)
A. Local addressing
B. Error preventing
C. Logical addressing
D. Error detecting
E. Port addressing
F. Error correcting
Answer: AE
Explanation:
Layer 2 of the OSI model is the Data Link Layer, and it is responsible for providing node-to-node
communication and addressing within the local network segment.
QUESTION 836
A network administrator wants to implement an authentication process for temporary access to an
organization's network. Which of the following technologies would facilitate this process?
A. Captive portal
B. Enterprise authentication
C. Ad hoc network
D. WPA3
Answer: A
Explanation:
A captive portal is a technology that facilitates the authentication process for temporary access to
a network. It is commonly used in public Wi-Fi hotspots, hotels, airports, and other environments
where temporary network access is provided. When users connect to the network, they are
redirected to a captive portal page where they must authenticate or agree to terms and conditions
before gaining access to the internet or other network resources.
QUESTION 837
Which of the following would be best suited for use at the access layer in a three-tier architecture
system?
A. Router
B. Multilayer switch
C. Layer 2 switch
D. Access point
Answer: B
QUESTION 838
Following the implementation of a BYOD policy, some users in a high-density environment report
slowness over the wireless connection. Some wireless controller reports indicate high latency and
airttime contention. Which of the following is the most probable root cause?
A. The AP is configured with 2.4GHz frequency, which the new personal devices do not support.
B. The AP is configured with 2.4GHz frequency without band-steering capabilities.
C. The AP is configured with 5Ghz frequency with band-steering capabilities.
D. The AP is configured with 5Ghz frequency, which the new personal devices do not support
Answer: B
QUESTION 839
A company's VoIP phone connection is cutting in and out. Which of the following should be
configured to resolve this issue?
A. 802.1Q tagging
B. Jumbo frames
C. Native VLAN
D. Link aggregation
Answer: B
QUESTION 840
A network technician is configuring a wireless network that consists of multiple APs for better
coverage and allows roaming between the APs. Which of the following types of SSIDs should the
technician configure?
A. Basic Service Set

B. Independent Basic Service Set
C. Extended Service Set
D. Distribution System Service
Answer: C
QUESTION 841
A network engineer performed a migration to a new mail server. The engineer changed the MX
record, verified the change was accurate, and confirmed the new mail server was reachable via
the IP address in the A record. However, users are not receiving email. Which of the following
should the engineer have done to prevent the issue from occurring?
A. Change the email client configuration to match the MX record.

B. Reduce the TTL record prior to the MX record change.
C. Perform a DNS zone transfer prior to the MX record change.
D. Update the NS record to reflect the IP address change.
Answer: B
Explanation:
TTL (Time To Live): TTL is a value in a DNS record that determines the amount of time it can be
cached by DNS resolvers and other devices on the internet. When making changes to DNS
records, reducing the TTL beforehand helps minimize the time it takes for the changes to
propagate throughout the internet.
MX Record Change: Changing the MX (Mail Exchange) record directs email traffic to the
specified mail server. However, DNS changes take time to propagate across the internet due to
caching. If the TTL is set too high, old records may be cached for an extended period, leading to
email delivery issues.
QUESTION 842
Which of the following network topologies contains a direct connection between every node in the
network?
A. Mesh
B. Hub-and-spoke
C. Star
D. Point-to-point
Answer: A
Explanation:
Mesh Topology: In a mesh topology, every node is directly connected to every other node in the
network. This provides high redundancy and fault tolerance, as communication can take multiple
paths. Mesh topologies can be fully meshed (every node connected to every other node) or
partially meshed (some nodes have direct connections to all other nodes).
QUESTION 843
Which of the following layers of the OSI model is responsible for end-to-end encryption?
A. Presentation
B. Application
C. Session
D. Transport
Answer: A
QUESTION 844
A company, which is located in a coastal town, retrofitted an office building for a new data center.
The underground fiber optics were brought in and connected to the switches in the basement
network MDF. A server data center was built on the fifth floor with the two rooms vertically
connected by fiber optics. Which of the following types of environmental sensors is most needed?
A. Temperature sensor in the network MOF

B. Water sensor in the network MDF
C. Temperature sensor in the data center
D. Water sensor in the data center
Answer: B
QUESTION 845
A network administrator needs to monitor traffic on a specific port on a switch. Which of the
following should the administrator configure to accomplish the task?
A. Port security
B. Port tagging
C. Port mirroring
D. Media access control
Answer: C
QUESTION 846
A company is designing a new complex. The primary and alternate data centers will be in
separate buildings 6.2mi (10km) apart and will be connected via fiber. Which of the following
types of SFP is the best choice?
A. 10GBASE-SR
B. 10000BASE-LX
C. 10GBASE-LR
D. 1000BASE-SX
Answer: C
Explanation:
10GBASE-LR SFP transceivers are designed for long-range transmissions over single-mode fiber
optics and can support connections over distances of up to 10 kilometers, making them the
appropriate choice for this scenario where the data centers are 6.2 miles apart. These
transceivers are specifically engineered for longer distances and are suitable for interconnecting
data centers across greater distances.
QUESTION 847
Which of the following should a junior security administrator recommend implementing to mitigate
malicious network activity?
A. Intrusion prevention system

B. Load balancer
C. Access logging
D. Endpoint encryption
Answer: A
QUESTION 848
A client wants to increase overall security after a recent breach. Which of the following would be
best to implement? (Choose two.)
A. Least privilege network access

B. Dynamic inventories
C. Central policy management
D. Zero-touch provisioning
E. Configuration drift prevention
F. Subnet range limits
Answer: AC
QUESTION 849
Which of the following passwords would provide the best defense against a brute-force attack?
A. ThisIsMyPasswordForWork
B. Qwerty!@#$
C. Password!1
D. T5!8j5
Answer: D
Explanation:
Complexity: The password "T5!8j5" appears to be more complex, with a mix of uppercase letters,
numbers, and special characters. This complexity increases the strength of the password and
makes it more resistant to brute-force attacks.
Length: While longer passwords are generally more secure, in this case, the shorter password
"T5!8j5" is still strong due to its complexity.
QUESTION 850
Which of the following is most likely to be implemented to actively mitigate intrusions on a host
device?
A. HIDS
B. NIDS
C. HIPS
D. NIPS
Answer: C
QUESTION 851
A network administrator wants to know which systems on the network are at risk of a known
vulnerability. Which of the following should the administrator reference?
A. SLA
B. Patch management policy
C. NDA
D. Site survey report
E. CVE
Answer: E
QUESTION 852
A network engineer is upgrading an existing edge gateway. The company currently uses a router
and needs to be able to filter on all OSI layers. Which of the following should the engineer use to
upgrade the gateway?
A. NGFW
B. Proxy
C. Layer 3 switch
D. Load balancer
Answer: A
Explanation:
NGFW (Next-Generation Firewall): NGFWs are advanced security devices that go beyond
traditional firewalls. They provide filtering and inspection capabilities at multiple OSI layers,
including application-layer filtering, intrusion prevention, and advanced threat protection. NGFWs
are designed to offer more sophisticated and comprehensive security features compared to
traditional routers.
QUESTION 853
Which of the following architectures would allow the network-forwarding elements to adapt to new
business requirements with the least amount of operating effort?
A. Software-defined network
B. Spine and leaf
C. Three-tier
D. Backbone
Answer: A
QUESTION 854
A customer lost the connection to the telephone system. The administration console is configured
with multiple network interfaces and is connected to multiple switches. The network administrator
troubleshoots and verifies the following:
- The support team is able to connect remotely to the administration

console.
- Rebooting the switch shows solid link and activity lights even on
unused ports.
- Rebooting the telephone system does not bring the system back online.
- The console is able to connect directly to individual modules
successfully.
Which of the following is the most likely reason the customer lost the connection?
A. A switch failed.
B. The console software needs to be reinstalled.
C. The cables to the modules need to be replaced.
D. A module failed.
Answer: D
QUESTION 855
A network security technician is designing a solution for a secure remote access scheme with the
following requirements:
- The solution must allow for users at multiple locations to access

corporate resources.
- The on-premises equipment will not handle non-corporate, resource-
bound traffic.
Which of the following should the network security technician consider when designing the
solution? (Choose two.)
A. Clientless VPN
B. Personal VPN
C. Full-tunnel VPN
D. Client-to-site VPN
E. Site-to-site VPN
F. Split-tunnel VPN
Answer: CF
QUESTION 856
Which of the following uses an automated script to make configuration changes when interacting
with a web application?
A. SSH
B. FTP
C. API
D. GUI
Answer: C
QUESTION 857
Which of the following ports is used for secure email?
A. 25
B. 110
C. 143
D. 587
Answer: D
Explanation:
Port 587 is typically used for secure email submission, specifically for sending emails securely
using the SMTP (Simple Mail Transfer Protocol) with TLS (Transport Layer Security) or SSL
(Secure Sockets Layer) encryption. It's commonly used as an alternative to port 25 for secure
mail submission by mail clients or applications.
QUESTION 858
A network administrator wants to install new VoIP switches in small network closet but is
concerned about the current heat level of the room. Which of the following should the
administrator take into consideration before installing the new equipment?
A. The power load of the switches

B. The humidity in the room
C. The fire suppression system
D. The direction of airflow within the switches
Answer: A
QUESTION 859
Which of the following is the next step to take after successfully testing a root cause theory?
A. Determine resolution steps.

B. Duplicate the problem in a lab.
C. Present the theory for approval.
D. Implement the solution to the problem.
Answer: A
QUESTION 860
A network administrator is configuring a new switch and wants to ensure that only assigned
devices can connect to the switch. Which of the following should the administrator do?
A. Configure ACLs.
B. Implement a captive portal.
C. Enable port security.
D. Disable unnecessary services.
Answer: C
QUESTION 861
Which of the following does OSPF use to communicate routing updates?
A. Unicast
B. Anycast
C. Multicast
D. Broadcast
Answer: C
QUESTION 862
A user notifies a network administrator about losing access to a remote file server. The network
administrator is able to ping the server and verifies the current firewall rules do not block access
to the network fileshare. Which of the following tools would help identify which ports are open on
the remote file server?
A. dig
B. nmap
C. tracert
D. nslookup
Answer: B
Explanation:
Nmap (Network Mapper) is a powerful network scanning and reconnaissance tool used to
discover hosts and services on a network. It can be used to determine what ports are open and
what services are running on those ports on the remote file server. This would help in identifying
any accessible services or potential issues with specific ports that might be causing the loss of
access.
QUESTION 863
A security team would like to use a system in an isolated network to record the actions of
potential attackers. Which of the following solutions is the security team implementing?
A. Perimeter network
B. Honeypot
C. Zero trust infrastructure
D. Network segmentation
Answer: B
QUESTION 864
An organization has a factory automation solution that requires accurate timing between devices.
Which of the following should the network administrator implement?
A. PTP
B. NTP
C. NTS
D. DoT
Answer: A
QUESTION 865
A network administrator needs to set up a file server to allow user access. The organization uses
DHCP to assign IP addresses. Which of the following is the best solution for the administrator to
set up?
A. A separate scope for the file server using a /32 subnet

B. A reservation for the server based on the MAC address
C. A static IP address within the DHCP IP range
D. A SLAAC for the server
Answer: B
Explanation:
Assigning a DHCP reservation for the server based on its MAC address ensures that the file
server will consistently receive the same IP address every time it connects to the network. This
approach provides the advantages of DHCP (automatic assignment of IP addresses) while also
guaranteeing a specific and consistent IP address for the file server, making it easy for users to
access it reliably.
QUESTION 866
Which of the following ports is a secure protocol?
A. 20
B. 23
C. 443
D. 445
Answer: C

Vendor: Comptia Exam Code: N10-008 Exam Name: Comptia Network+ N10-008 Certification

Uploaded by

Copyright:

Available Formats

Vendor: Comptia Exam Code: N10-008 Exam Name: Comptia Network+ N10-008 Certification

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Vendor: Comptia Exam Code: N10-008 Exam Name: Comptia Network+ N10-008 Certification

Uploaded by

Copyright:

Available Formats

Vendor: CompTIA

Exam Code: N10-008

Exam Name: CompTIA Network+ N10-008 Certification

Order ID: ****************

PayPal Name: ****************

PayPal ID: ****************

A. An incident response plan

A. A backup of a large video presentation to cloud storage for archival purposes

A. Reduce the wireless power levels

A. The link is improperly terminated

A. The AP association time is set too low

A. Ensure an implicit permit rule is enabled

A. Reconfigure the channels to reduce overlap

A. Link Aggregation Control Protocol

A. using a bottom-to-top approach.

A. Validate the roaming settings on the APs and WLAN clients

A. A VoIP sales call with a customer

A. Implement file integrity monitoring.

A. The wireless signal is being refracted by the warehouse's windows

''Who is 192.168.1.200? Tell 192.168.1.55''

A. Enable a management access list

1. Must not use plaintext passwords

Which of the following methods should the engineer select?

Which of the following attacks is this MOST likely an example of?

A. Rogue DHCP server

1. Reduce manual configuration on each system

A. Set up a reservation for each device

A. Privileged user accounts

A. Duplicate the problem, if possible

A. Shut down unused ports on switches

A. Disable remote management

A. A switch with VLANs created for each segment

- The SSIDs need to be configured as CorpNet with a key of S3cr3t!

Access Point Name AP1

Access Point Name AP2

Access Point Name AP3

A. an incorrect DHCP gateway setting

A. Standard operating procedures

A. Spanning Tree Protocol

A. Correct the DNS server entries in the DHCP scope

A. Check the system's IP address

A. Virtual network computing

A. Decrease the lease duration

Linux computer details:

A. ifconfig ecth0 promisc

A. Increased CRC errors

A. A port scan printout

A. The device firmware should have been kept current.

A. Install load balancers

A. An RG-59 cable with BNC connectors

A. Label the switch with IP address and firmware version

A. Extended service set

A. Network address translation

A. The incorrect subnet mask was configured

A. prevents attackers from moving laterally through a system.

A. Replication traffic between an on-premises server and a remote backup facility

Which of the following is MOST likely causing the issue?

A. Confirm the patch's MD5 hash prior to the upgrade

- Connects two network cables from the server to a switch stack