Concepts
What is an SSH host key used for?
Storing user passwords securely
Speeding up the SSH connection process
Identifying the SSH server
Encrypting all data sent over the network
Identifying the SSH server
he owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network.
The owner wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, he or she should not be allowed to access the Internet.
What should you do?
answer
Implement MAC address filtering.
Implement pre-shared key authentication.
Implement 802.1x authentication using a RADIUS server.
Implement a captive portal.
Implement a captive portal.
What is the primary purpose of using internal DNS zones?
To perform recursive queries for nonauthoritative domains
To allow internal clients access to private network resources
To manage authoritative zone records for domains managed by a company
To provide name resolution services to the public internet
To allow internal clients access to private network resources
A system administrator is setting up a new Linux server for their company. The administrator needs to ensure that all user passwords are stored securely and that the authentication process is robust.
The system administrator decides to configure the system so that when users log in, their passwords are checked against a hash stored in a specific file.
Which file should the system administrator configure to store the hashed passwords for user authentication?
/etc/passwd
/home/user
/etc/shadow
/usr/local/bin
/etc/shadow
A system administrator is reviewing an alert for the firewall. There was an alert that a piece of malware was downloaded to a computer on the network. The system administrator followed through by checking to make sure that the malware was downloaded.
Which of the following steps should the sysadmin do next to help mitigate this in the future?
Determine if anything has changed.
Confirm the theory.
Establish a plan of action.
Implement preventative measures.
Establish a plan of action.
What is the primary use of microwave dishes in satellite systems?
To align with orbital satellites for signal relay
To generate electricity from solar power
To measure the temperature of the Earth's atmosphere
To broadcast radio signals to submarines
To align with orbital satellites for signal relay
Why should user data traffic be avoided over the default VLAN?
It increases the risk of VLAN hopping attacks.
It automatically encrypts the data, making it unreadable.
It limits the bandwidth available for management traffic.
It is a best practice to reserve the default VLAN for voice traffic only.
It increases the risk of VLAN hopping attacks.
A network administrator notices unusual activity on their company's network. The administrator suspects there might be an unauthorized application running on one of the servers, potentially causing security vulnerabilities.
To investigate, the network administrator decides to review the logs.
Given the administrator's suspicion, which type of log should they primarily focus on to identify the unauthorized application?
System log
Audit log
Performance/Traffic log
Application log
Application log
You are concerned about the security of your IoT devices. You have read about vulnerabilities that could allow hackers to gain unauthorized access to your smart home devices, such as your smart locks and security cameras.
Which of the following measures should you prioritize to enhance the security of your IoT devices?
Using proprietary operating systems for your devices
Increasing the battery life of the devices
Regularly updating the firmware of the devices
Connecting all devices to a high-capacity external storage
Regularly updating the firmware of the devices
What should you suspect if you cannot ping a local host and the error is "destination unreachable"?
Incorrect IP address or netmask in the IP configuration
ICMP is blocked by a firewall or other security software
The network protocol stack needs to be reinstalled
The default gateway parameter on the local host is incorrect
Incorrect IP address or netmask in the IP configuration
You are a network engineer tasked with upgrading the network infrastructure of a medium-sized enterprise. The current setup involves a mix of copper and fiber optic connections, with an increasing demand for higher data throughput due to the company's expansion into data-intensive services.
You've decided to implement modular transceivers to provide the flexibility needed for future expansions and to support various connection types. One critical requirement is to ensure that the network can support connections to a newly installed storage area network (SAN) that operates over Fibre Channel for high-speed data access.
Which type of modular transceiver should you ensure is included in your upgrade plan to meet the specific requirement for connecting to the Fibre Channel SAN?
Transceivers supporting the Fibre Channel Storage Area Network (SAN) protocol
QSFP28 transceivers
WDM transceivers
SFP+ transceivers
Transceivers supporting the Fibre Channel Storage Area Network (SAN) protocol
Why is convergence important in a dynamic routing environment?
It decreases the overall security of the network by sharing routing information.
It prevents the manual configuration of network devices.
It ensures that routing tables are manually updated in a timely manner.
It allows routers to adapt to network changes, such as failures or additions.
It allows routers to adapt to network changes, such as failures or additions.
What does running the command ipconfig /registerdns in Windows accomplish?
It clears the DNS cache.
It attempts to use Dynamic DNS (DDNS).
It displays the current DNS configuration.
It renews the DHCP lease.
It attempts to use Dynamic DNS (DDNS).
In the context of port security, what is a "sticky MAC"?
A MAC address that is permanently hard-coded into the switch's firmware
A MAC address that is blocked from connecting to any port on the switch
A MAC address that is dynamically learned and stored until the switch is rebooted
A MAC address that can only be used for wireless connections
A MAC address that is dynamically learned and stored until the switch is rebooted
During an audit of external DNS records, you need to verify the mail servers configured for your public domain example.com.
Which nslookup command would you use to find this information?
nslookup -type=ns example.com
nslookup -type=a example.com
nslookup -type=mx example.com
nslookup example.com
nslookup -type=mx example.com
Why is tagging important in managing cloud instances?
It helps identify ownership and roles of instances.
It reduces the cost of cloud services.
It enhances the physical security of cloud data centers.
It increases the processing power of instances.
It helps identify ownership and roles of instances.
What is the purpose of maintaining correct polarity in duplex fiber optic patch cords?
To enhance the aesthetic appeal of the fiber optic installation
To ensure that the power supply is evenly distributed across all fibers
To guarantee that the Tx port on the transmitter is linked to the Rx port on the receiver and vice versa
To increase the speed of data transmission over the fiber optic cable
To guarantee that the Tx port on the transmitter is linked to the Rx port on the receiver and vice versa
What type of information might not be captured by a backup of the configuration file only?
Device model
Version history
User accounts
State information
State information
You are configuring a network access control system for your company's wired network. You want to ensure that devices are authenticated before they are allowed to communicate on the network.
You also want to implement a system where the authentication credentials do not need to be stored on the network switches but can be validated by a server positioned in a secure zone within the private network.
Which of the following setups should you implement?
IEEE 802.1X using RADIUS server for authentication
VPN with pre-shared keys
Direct authentication using LDAP
SSH key pairs for device authentication
IEEE 802.1X using RADIUS server for authentication
You are a network administrator and receive reports of intermittent network connectivity issues from several users. Upon investigation, you suspect a duplicate IP address issue.
What should be your first step in troubleshooting this problem?
Reboot all network devices to clear any temporary issues.
Increase the DHCP lease time to avoid future IP conflicts.
Immediately reassign new IP addresses to all reporting users.
Use the ping command to test connectivity to the suspected duplicate IP and then use arp -a to check the ARP cache.
Use the ping command to test connectivity to the suspected duplicate IP and then use arp -a to check the ARP cache.
university is planning to upgrade its campus-wide Wi-Fi network to support a surge in online video lectures and virtual reality (VR) applications for educational purposes. The network needs to support high data rates and low latency for a seamless experience.
Considering the requirements, which Wi-Fi standard should the university implement?
Wi-Fi 5, because it supports channel bonding up to 160 MHz.
Wi-Fi 5, because it is designed to work in the 5 GHz band.
Wi-Fi 6, because it aims to approximate 10G connection speeds.
Wi-Fi 6, because it prioritizes voice over IP (VoIP) traffic.
Wi-Fi 6, because it aims to approximate 10G connection speeds.
What is the primary purpose of trunking in a network?
To increase the security of the network
To interconnect multiple switches and build the network fabric
To connect a computer to the Internet
To replace wireless connections with wired connections
To interconnect multiple switches and build the network fabric
A remote employee needs to access their company's internal resources securely from their home office. However, they also need to ensure that their personal internet browsing does not go through the company's network to maintain privacy and avoid unnecessary load on the corporate VPN.
Which VPN configuration should the employee use to meet these requirements?
Full tunnel
Split tunnel
Secure tunnel
Direct access
Split tunnel
Which of the following is an example of passive social engineering?
Dumpster diving for useful documents
Phishing attacks via email
Tailgating to enter a secure area
Impersonating an IT support staff member over the phone
Dumpster diving for useful documents
You are a network technician for a small consulting firm. One of your responsibilities is to manage the intranet site and configuration. You recently had to update the site's IP mapping due to a server upgrade.
A user is having an issue with connecting to the intranet site now. When the user attempts to connect through their web browser, they receive a message that the page cannot be displayed. If you type in the IP address, the page loads fine.
Which of the following commands should you use to fix this issue?
ipconfig /displaydns
ipconfig /registerdns
ipconfig /flushdns
ipconfig /release
ipconfig /flushdns