Data Centers
1. Which of the following data center implementations connects access layer to distribution layer to core layer?
A. North-south traffic flow
B. Spine-and-leaf architecture
C. Three-tiered architecture
D. Top-of-rack switching
C. The three-tiered architecture connects three layers—access, distribution, and core—in the classic data center.
1. Devices using which of the following protocols form a mesh network using the 908- and 916-MHz band?
A. 802.11 Wi-Fi
B. Bluetooth
C. Zigbee
D. Z-Wave
D. Devices using the Z-Wave protocol form a mesh network using the 908- and 916-MHz band.
1. Which item should be found in a security policy?
A. Acceptable use policy
B. Emergency exit plan
C. Service-level agreement
D. Instruction on how to fill out a change request form
A. An acceptable use policy (AUP) is a typical item found in a security policy
1. Which term most closely describes collecting all of the network clients or servers that need the same security policies?
A. Hardening
B. Segmentation
C. Spoofing
D. Posturing
B. While this is also an example of hardening, it is more specifically an example of segmentation.
1. Which PDU does an SNMP manager use to query agents?
A. Get
B. Response
C. Set
D. Trap
A. SNMP managers use Get protocol data units (PDUs) to query agents.
1. When should you use a cable tester to troubleshoot a network cable?
A. When you have a host experiencing a very slow connection
B. When you have an intermittent connection problem
C. When you have a dead connection and you suspect a broken cable
D. When you are trying to find the correct cable up in the plenum
C. Cable testers can only show that you have a broken or poorly wired cable, not if the cable is up to proper specification.
2. Which SAN feature provides high availability through more than one connection between the server and the SAN?
A. Fibre Channel
B. iSCSI
C. Multipathing
D. Multiplaning
C. Most storage area network (SAN) solutions use multipathing—more than one connection or path between the server and SAN—for high availability
2. Connected Bluetooth devices create what kind of network?
A. CAN
B. LAN
C. MAN
D. PAN
D. Connected Bluetooth devices create a personal area network (PAN).
2. Through what mechanism is a change to the IT structure initiated?
A. Users make a change to their environment, then report the result to the change management team.
B. A user submits a request for funding a change to upper management, receives approval, and then submits a requisition to the change management team to source and purchase new equipment.
C. Users submit a change request to the change management team.
D. The change management team issues a proposed change to users in the organization, then evaluates the responses.
C. Users submit a change request to the change management team to effect a change to an IT structure.
2. Which of the following is a tool to prevent ARP cache poisoning?
A. DHCP
B. DAI
C. Edge firewall
D. DNS snooping
B. Cisco Dynamic ARP Inspection (DAI) is designed to help prevent ARP cache poisoning.
2. In an SNMP managed network, which software does a managed device run?
A. Agent
B. NMS
C. SNMP manager
D. MIB
A. Managed devices run agent software
2. Why would a network technician use a tone probe and tone generator?
A. To locate a particular cable
B. To test the dial tone on a PBX system
C. To run a long-duration ping test
D. To provide safety when working in crawl spaces
A. Techs use tone probes and tone generators to locate individual cables
3. Blackwell Held, LLC, leases space in the Wapi Lava Corporation’s data center. Which term describes this type of scenario?
A. Branch office
B. Co-location
C. Leased-line
D. On-premises
B. Leasing space for your equipment in someone else’s space is an example of co-location.
3. RTP runs on which ports?
A. ICMP ports 5004, 5005
B. UDP ports 5004, 5005
C. TCP ports 5004, 5005
D. Undefined UDP ports
D. The Real-time Transport Protocol (RTP) uses undefined UDP ports, though many companies use the IETF-recommended ports of 6970–6999.
3. Users need training from the IT department to understand which of the following?
A. How to troubleshoot lost network connections
B. How to secure workstations with screen-locking and password-security techniques
C. How to send e-mail to the change management team
D. How to check their network connection
B. Typical user training includes how to secure workstations with screen-locking and password-security techniques.
3. A computer compromised with malware to support a botnet is called a _______________.
A. Zombie
B. Reflection
C. DDoS
D. Locked node
A. All of the compromised systems on a botnet are called zombies
3. How does an SNMP managed system categorize data that can be queried?
A. QoS
B. MIBs
C. PDUs
D. UDP
B. SNMP managed systems use management information bases to categorize data to be queried.
3. What does nslookup do?
A. Retrieves the name space for the network
B. Queries DNS for the IP address of the supplied host name
C. Performs a reverse IP lookup
D. Lists the current running network services on localhost
B. The nslookup command queries DNS and returns the IP address of the supplied host name (and a whole lot of other details).
4. Which of the following protocols provides load balancing in a spine-and-leaf data center?
A. ECPM
B. HSRP
C. STP
D. VRRP
A. Equal-Cost Multipath (ECPM) is one protocol used in spine-and-leaf architecture that provides load balancing.
4. Of the following, which would most likely have an industrial control system implementation?
A. An apartment complex
B. A coffee shop
C. A city park
D. A bottling company
D. Of the choices offered, a bottling company is the one most likely to have an industrial control system (ICS) implemented.
4. When is a memorandum of understanding used?
A. As part of a legal contract
B. As part of a statement of work (SOW)
C. When a service-level agreement (SLA) expires
D. When a legal contract is not appropriate
D. A memorandum of understanding (MOU) is used when a legal contract is not appropriate.
4. A DoS attacker using __________ would focus on sending the smallest amount of traffic possible.
A. Reflection
B. Inflection
C. Emanation
D. Amplification
D. The goal of amplification is to keep the targeted server as busy as possible.
4. An SNMP manager uses which port when used with TLS?
A. 161
B. 162
C. 10161
D. 10162
D. An SNMP manager uses port 10162 with Transport Layer Security (TLS).
4. What is Wireshark?
A. Protocol analyzer
B. Packet sniffer
C. Packet analyzer
D. All of the above
D. Wireshark can sniff and analyze all the network traffic that enters the computer’s NIC.
5. Joan’s data center has two ISPs, one fiber and one cable. What aspect of security does this represent?
A. Active-active
B. Clustering
C. Multipathing
D. Redundancy
D. Having multiple Internet service providers (ISPs) for a data center provides redundancy.
5. H.323 uses which TCP port number?
A. 5004
B. 5060
C. 2427
D. 1720
D. H.323 uses TCP port 1720
5. The best way to know the vulnerabilities of an IT infrastructure is to run what?
A. A system-wide antivirus scanner
B. Cable certifier
C. Critical asset scanner
D. Vulnerability scanner
D. Run a vulnerability scanner to find weaknesses in an IT infrastructure.
5. A user’s machine is locked to a screen telling her she must call a number to unlock her system. What kind of attack is this?
A. DDoS
B. Logic bomb
C. Ransomware
D. Session hijacking
C. Ransomware attacks can be brutal, demanding money to unlock your content
5. Jason is concerned about the communication between two workstations and wants to capture and analyze that traffic to see if anything illicit is going on. Which tool would best serve his needs?
A. Interface monitor
B. Packet flow monitor
C. Packet sniffer
D. Performance monitor
B. Jason would use packet flow monitoring software to monitor the flow between two devices.
5. What will the command route print return on a Windows system?
A. The results of the last tracert
B. The gateway’s router tables
C. The routes taken by a concurrent connection
D. The current system’s route tables
D. The route print command returns the local system’s routing tables (for IPv4 and IPv6).
6. Which open standard protocol enables redundant routers to appear as a single router for high availability?
A. HSRP
B. RRPX
C. VRRP
D. XRRP
C. Virtual Router Redundancy Protocol (VRRP) groups multiple routers into a single router for high availability. The Cisco-proprietary Hot Standby Router Protocol (HSRP) accomplishes the same thing, but it’s not an open standard.
6. RTP runs on top of which protocol?
A. UC server
B. SIP
C. MGCP
D. H.323
B. RTP runs on top of the Session Initiation Protocol (SIP)
6. What is succession planning?
A. Identifying personnel who can take over certain positions in response to an incident
B. The career path by which employees of an organization can grow through the ranks
C. The selection of failover servers in the event of a catastrophic server failure
D. The selection of failover routers in the event of a catastrophic router failure
A. Identifying personnel who can take over certain positions in response to an incident is essential in succession planning.
6. An attack where someone tries to hack a password using every possible password permutation is called what?
A. Man-in-the-middle
B. Spoofing
C. Rainbow table
D. Brute force
D. Brute force uses every possible permutation and is often used in password cracking
6. Where does a packet sniffer put information it collects?
A. Answer file
B. Capture file
C. Pocket file
D. Sniffer file
B. Packet sniffers put information in capture files.
6. When trying to establish symptoms over the phone, what kind of questions should you ask of a novice or confused user?
A. You should ask open-ended questions and let the user explain the problem in his or her own words.
B. You should ask detailed, close-ended questions to try and narrow down the possible causes.
C. Leading questions are your best choice for pointing the user in the right direction.
D. None; ask the user to bring the machine in because it is useless to troubleshoot over the phone.
A. With a novice or confused user, ask open-ended questions so the user can explain the problem in his or her own words.
7. Brenda wants to add a second ISP to her small data center for high availability. What should she consider?
A. Fiber
B. Multipath
C. Multitenancy
D. Path diversity
D. Path diversity in selecting a second ISP—making sure both ISPs don’t share the same lines—enhances high availability
7. Which of the following devices would most likely be a UC gateway?
A. VoIP telephone
B. Desktop running Windows server
C. Managed switch
D. Router
D. A unified communication (UC) gateway is most likely a router.
7. During and after a change to the IT infrastructure, what must be done?
A. Downtime must be scheduled.
B. New equipment must be installed.
C. Operating systems must be patched.
D. The changes must be documented.
D. When changing an IT infrastructure, always document the changes
7. Which Windows utility displays open ports on a host?
A. netstat
B. ping
C. ipconfig
D. nbtstat
A. Only netstat shows all open ports on a Windows system.
7. An analysis of a network shows a lot of traffic on one machine on port 161. What kind of machine is it?
A. Managed device
B. SNMP manager
C. PDU
D. MIB
A. Managed devices use port 161.
7. While you are asking the user problem-isolating questions, what else should you be doing?
A. Asking yourself if there is anything on your side of the network that could be causing the problem
B. Nothing; just keep asking the user questions
C. Using an accusatory tone with the user
D. Playing solitaire
A. Ask yourself if anything could have happened on your side of the network
8. Which of the following documentation includes dimensions and locations of rooms plus the physical objects—racks, raised floors, AC units, and so on—in the space?
A. Floor plan
B. Logical network diagram
C. Rack diagram
D. System diagram
A. A floor plan includes room dimensions and the details of objects in those rooms
8. What is a medianet’s primary tool to ensure bandwidth for VTC?
A. MPLS
B. RTU
C. QoS
D. ISDN
C. Quality of service (QoS) enables medianets to ensure bandwidth for video teleconferencing.
8. What is the job of a first responder?
A. Investigate data on a computer suspected to contain crime evidence.
B. React to the notification of a computer crime.
C. Power off computers suspected of being used in criminal activity.
D. Shut down computers and remove mass storage drives.
B. A first responder reacts to the notification of a computer crime.
8. Which of the following protocols are notorious for cleartext passwords? (Select two.)
A. SSH
B. Telnet
C. HTTPS
D. POP3
B, D. Both Telnet and POP3 use cleartext passwords.
8. What should you create when a network is running normally?
A. Answer file
B. Capture file
C. MIB
D. Baseline
D. Create a baseline so you can compare network performance later on.
8. Which command shows you detailed IP information, including DNS server
addresses and MAC addresses?
A. ipconfig
B. ipconfig -a
C. ipconfig /all
D. ipconfig /dns
C. ipconfig /all displays detailed IP configuration information.
9. Which document contains details about all the hardware and software installed in a data center and provides the foundation for future upgrades?
A. Baseline configuration
B. Logical network diagram
C. Performance baseline
D. System diagram
A. A baseline configuration document contains details about all the installed hardware and software in a data center, and provides the foundation for future upgrades
9. The central component of any ICS is what?
A. Sensors
B. PLCs
C. ICS server
D. HMI
C. The centerpiece of any industrial control system (ICS) is the ICS server.
9. Which of these describes the maximum time the organization can be without a critical system?
A. Recovery point objective (RPO)
B. Mean time between failure (MTBF)
C. Recovery time objective (RTO)
D. Mean time to repair (MTTR)
C. The recovery time objective (RTO) defines the maximum time it should take to restore a critical system after failure.
9. The NSA’s TEMPEST security standards are used to combat which risk?
A. RF emanation
B. Spoofing
C. DDoS
D. Malware
A. TEMPEST is designed to reduce RF emanation using enclosures, shielding, and even paint.
9. Bart has a choice of tools to view his managed network, but he primarily wants
to see graphs of various types of data, such as the overall traffic and the current
capacities of the file servers. Which tool offers him the best option?
A. Cacti
B. snmpwalk
C. NetFlow
D. Wireshark
A. Cacti is a great graphing tool.
9. What is the last step in the troubleshooting process?
A. Implementing the solution
B. Testing the solution
C. Documenting the solution
D. Closing the help ticket
C. Documenting the solution is the last and, in many ways, the most important step in the troubleshooting process.
10. Which of the following is a review of an organization’s compliance with applicable laws, rules, and regulations?
A. Audit
B. Baseline configuration
C. Performance baseline
D. Site survey
A. An audit, performed at least annually by a qualified third-party organization, will show an organization’s compliance with applicable laws, rules, and regulations.
10. Which of the following differentiates a PLC from a DCS controller?
A. Sequential control
B. Sensors
C. Operator
D. Actuator
A. A programmable logic controller (PLC) traditionally uses ordered steps to control a machine.
10. Which deployment model uses employee-owned mobile devices for corporate use?
A. BYOD
B. COBO
C. COPE
D. CYOD
A. In a bring your own device (BYOD) model, employers allow employees to bring mobile devices into the workplace for corporate use.
10. Bob is told by his administrator to update his anti-malware program before he runs it. What kind of anti-malware is he most likely using?
A. Host-based
B. Network-based
C. Cloud-based
D. FTP-based
A. The fact that he has to update the software first suggests it is host-based.
10. What tool enables you to compare current network performance with correctly functioning network performance?
A. Baseline monitor
B. Packet flow monitor
C. Packet sniffer
D. Performance monitor
D. A performance monitor enables you to compare current network performance with a baseline.
10. One of your users calls you with a complaint that he can’t reach the site www.google.com. You try and access the site and discover you can’t connect either but you can ping the site with its IP address. What is the most probable culprit?
A. The workgroup switch is down.
B. Google is down.
C. The gateway is down.
D. The DNS server is down.
D. In this case, the DNS system is probably at fault. By pinging the site with its IP address, you have established that the site is up and your LAN and gateway are functioning properly.