- Views: 6
- Report Article
- Articles
- Computers
- Information Technology
N10-006 Exams Study Guides
Posted: Nov 08, 2016
Question: 1
A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. Which of the following options would satisfy these requirements?
A. Add a router and enable OSPF.
B. Add a layer 3 switch and create a VLAN.
C. Add a bridge between two switches.
D. Add a firewall and implement proper ACL.
Answer: B
Explanation:
We can limit the amount of broadcast traffic on a switched network by dividing the computers into logical network segments called VLANs.
A virtual local area network (VLAN) is a logical group of computers that appear to be on the same LAN even if they are on separate IP subnets. These logical subnets are configured in the network switches. Each VLAN is a broadcast domain meaning that only computers within the same VLAN will receive broadcast traffic.
To allow different segments (VLAN) to communicate with each other, a router is required to establish a connection between the systems. We can use a network router to route between the VLANs or we can use a ‘Layer 3’ switch. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.
Incorrect Answers:
A: OSPF (Open Shortest Path First) is a link-state IP routing protocol used for very large enterprise networks. It is not used to limit broadcast traffic within networks. You could use a router and divide the network into smaller subnets to limit broadcast traffic; however, you would not use OSPF as the routing protocol.
C: A bridge is a layer 2 (data-link layer) device that splits a LAN into two separate collision domains and filters the packets passing between them by using their hardware addresses. However, a bridge will forward broadcast traffic between the collision domains so broadcast traffic will not be reduced.
D: A firewall is used to restrict traffic between networks or subnets (typically between the Internet and the LAN) based on rules that specify source/destination IPs and port numbers. You would not use a firewall within a network to limit broadcast traffic on the network.
References:
Zacker, Craig, CompTIA Network+ Exam N10-005 Training Kit, O’Reilly Media, Inc., Sebastopol, 2012, p 134
Question: 2
The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following would BEST handle the rerouting caused by the disruption of service?
A. Layer 3 switch
B. Proxy server
C. Layer 2 switch
D. Smart hub
Answer: A
Explanation:
The question states that the traffic being transported is a mixture of multicast and unicast signals. There are three basic types of network transmissions: broadcasts, which are packets transmitted to every node on the network; unicasts, which are packets transmitted to just one node; and multicasts, which are packets transmitted to a group of nodes. Multicast is a layer 3 feature of IPv4 & IPv6. Therefore, we would need a layer 3 switch (or a router) to reroute the traffic. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.
Incorrect Answers:
B: There are different types of proxy server, the most common being a web proxy server. When a client application such as a web browser requests a web page, the request is sent to the proxy server. The proxy server will then fulfill the request either by serving a cached page or by requesting the web page from the web server. This can improve performance (less web pages being downloaded over an Internet connection) and improve security (web page requests can be blocked). A proxy server is not used to reroute unicast and multicast traffic in the event of a network connectivity interruption.
C: A layer 2 switch that can only read the contents of the data-link layer (layer 2) protocol header in the packets they process. A layer 2 switch cannot route multicast (layer 3) traffic.
D: Years ago, switches were very expensive compared to hubs. Nowadays, switches are much cheaper so most people use switches rather than hubs. Computers connect to hubs in the same way they connect to switches. However, traffic sent to one hub port will be forwarded out of all the other ports because hubs do not maintain a MAC address table so they do not know which port a destination computer is connected to. A smart hub has some added intelligence that enables it to detect and isolate network problems. However, a smart hub does not reroute traffic.
References:
Zacker, Craig, CompTIA Network+ Exam N10-005 Training Kit, O’Reilly Media, Inc., Sebastopol, 2012, p 134
http://whatis.techtarget.com/definition/proxy-server
http://searchnetworking.techtarget.com/answer/What-is-a-smart-hub-as-opposed-to-one-that-is-not-dumb-hub
Question: 3
Which of the following network devices use ACLs to prevent unauthorized access into company systems?
A. IDS
B. Firewall
C. Content filter
D. Load balancer
Answer: B
Explanation:
A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Firewalls use ACLs (access control lists) to determine which traffic is allowed through the firewall. All traffic entering or leaving the intranet passes through the firewall, which examines each message and blocks or allows the message depending on rules specified in the ACL. The rules in the ACL specify which combinations of source IP address, destination address in IP port numbers are allowed.
Incorrect Answers:
A: An intrusion detection system (IDS) is a hardware device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. An IDS does not use an ACL to prevent unauthorized access into company systems.
C: The most common type of content filter is a web content filter. A web content filter is a hardware device or software application that examines web pages as they are downloaded. The page can then be blocked if it does not comply with company web policy. A content filter does not use an ACL to prevent unauthorized access into company systems.
D: A load balancer is a hardware device or software application that directs traffic between multiple servers to balance the load between the servers. For example, if you have multiple web servers serving the same content, a load balancer will evenly distribute requests for the web pages between the servers. A load balancer does not use an ACL to prevent unauthorized access into company systems.
References:
http://www.webopedia.com/TERM/F/firewall.html
http://en.wikipedia.org/wiki/Intrusion_detection_system
Question: 4
Which of the following is used to define how much bandwidth can be used by various protocols on the network?
A. Traffic shaping
B. High availability
C. Load balancing
D. Fault tolerance
Answer: A
Explanation:
If a network connection becomes saturated to the point where there is a significant level of contention, network latency can rise substantially.
Traffic shaping is used to control the bandwidth used by network traffic. In a corporate environment, business-related traffic may be given priority over other traffic. Traffic can be prioritized based on the ports used by the application sending the traffic. Delayed traffic is stored in a buffer until the higher priority traffic has been sent.
Incorrect Answers:
B: High availability is a term used to describe a network or system that can remain operational in the event of a component failure. For example, two servers in a cluster are a common high availability solution. If one server fails, the other takes over. In networking terms, high availability would include redundant network links and network devices such as switches and routers such that computers would still be able to communicate in the event of a failure of any network device. High availability is not used to define how much bandwidth can be used by various protocols on the network.
C: A load balancer is a hardware device or software application that directs traffic between multiple servers to balance the load between the servers. For example, if you have multiple web servers serving the same content, a load balancer can evenly distribute requests for the web pages between the servers. Load balancing is the process of distributing a load between resources. Load balancing is not used to define how much bandwidth can be used by various protocols on the network.
D: Fault tolerance is similar to high availability. It describes a systems ability to remain available in the event of a component failure. Fault tolerance is not used to define how much bandwidth can be used by various protocols on the network.
References:
http://searchnetworking.techtarget.com/definition/traffic-shaping
Question: 5
Which of the following is used to authenticate remote workers who connect from offsite? (Select TWO).
A. OSPF
B. VTP trunking
C. Virtual PBX
D. RADIUS
E. 802.1x
Answer: D, E
Explanation:
D: A RADIUS (Remote Authentication Dial-in User Service) server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. RADIUS servers are commonly used by ISP’s to authenticate their customer’s Internet connections.
Remote users connect to one or more Remote Access Servers. The remote access servers then forward the authentication requests to the central RADIUS server.
E: 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It provides an authentication mechanism to devices wishing to attach to a network.
802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client that wishes to attach to the network. The authenticator is a network device, such as an Ethernet switch, wireless access point or in this case, a remote access server and the authentication server is the RADIUS server.
Incorrect Answers:
A: OSPF (Open Shortest Path First) is a link-state IP routing protocol used for very large enterprise networks. OSPF is not used for the authentication of remote users.
B: VTP trunking is used for the propagation of VLAN information between network switches. A VLAN is a logical segmentation of the network performed by a layer 2 Ethernet switch. When a switch is configured with one or more VLANs, VTP trunking can be used to propagate the VLAN configuration to the other switches. VTP trunking is not used for the authentication of remote users.
C: A PBX (Private Branch eXchange) is a hardware system used in a telephone network. A PBX performs the routing and switching of calls between a business location and the telephone network. A virtual PBX is a software based PBX. A virtual PBX is not used for the authentication of remote users.
References:
http://en.wikipedia.org/wiki/IEEE_802.1X
http://www.techopedia.com/definition/26152/vlan-trunking-protocol-vtp
Question: 6
Which of the following provides accounting, authorization, and authentication via a centralized privileged database, as well as, challenge/response and password encryption?
A. Multifactor authentication
B. ISAKMP
C. TACACS+
D. Network access control
Answer: C
Explanation:
TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol that handles authentication, authorization, and accounting (AAA) services. Similar to RADIUS, TACACS+ is a centralized authentication solution used to provide access to network resources. TACACS+ separates the authentication, authorization, and accounting services enabling you to host each service on a separate server if required.
Incorrect Answers:
A: Multifactor authentication describes authenticating using two or more authentication mechanisms; for example by using a smart card and entering a PIN number. Multifactor authentication combines two or more independent credentials: what the user knows (password or PIN), what the user has (security token) and what the user is (biometric verification). Multifactor authentication is not a service that provides accounting, authorization, and authentication via a centralized privileged database.
B: ISAKMP (Internet Security Association and Key Management Protocol) is a protocol used for establishing Security Associations (SA) and cryptographic keys in an Internet environment. ISAKMP only provides a framework for authentication and key exchange. It is often used by IKE (Internet Key Exchange) for establishing secure connections such as VPN. The IPsec Services Service in Microsoft Windows provides ISAKMP functionality. ISAKMP is not a service that provides accounting, authorization, and authentication via a centralized privileged database.
D: Network access control is used to improve the security of computer networks. A network access control policy defines a set of compliance rules (latest security patches, antivirus updates etc) that must be met by a client computer before network resources can be accessed. Network access control is not a service that provides accounting, authorization, and authentication via a centralized privileged database.
References:
http://en.wikipedia.org/wiki/TACACS
http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA
http://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol
Question: 7
A technician needs to set aside addresses in a DHCP pool so that certain servers always receive the same address. Which of the following should be configured?
A. Leases
B. Helper addresses
C. Scopes
D. Reservations
Answer: D
Explanation:
A reservation is used in DHCP to ensure that a computer always receives the same IP address. To create a reservation, you need to know the hardware MAC address of the network interface card that should receive the IP address.
For example, if Server1 has MAC address of 00:A1:FB:12:45:4C and that computer should always get 192.168.0.7 as its IP address, you can map the MAC address of Server1 with the IP address to configure reservation.
Incorrect Answers:
A: A lease determines how long a DHCP assigned IP address is valid for. For example, a 12 hour lease would enable the computer to use the IP address for 12 hours before the lease must be renewed or the IP address released. Windows computers first attempt to renew an IP address lease after 50% of the lease time so for a 12 hour lease, the computer will attempt to renew the lease after 6 hours. A lease is not used to ensure that a computer always receives the same IP address.
B: A DHCP helper address is used when a network has more than one IP subnet and the client computer’s subnet does not have a DHCP server. To enable communications between a client on one subnet and a DHCP server on another subnet, the router connecting the two subnets must be configured to either forward DHCP broadcast messages or a DHCP helper is required in the client subnet to forward the DHCP broadcast message to the DHCP server in another subnet. A DHCP helper not used to ensure that a computer always receives the same IP address.
C: A DHCP scope is the consecutive range of IP addresses that the DHCP server can lease to clients on a subnet. For example: 192.168.0.2 to 192.168.0.100. The DHCP scope also includes ‘scope options’ such as the default gateway address and DNS server addresses that should be assigned to the DHCP clients.
A DHCP scope not used to ensure that a computer always receives the same IP address.
References:
http://www.tomshardware.co.uk/faq/id-1932491/difference-dhcp-reservation-dhcp-exclusion.html
Question: 8
Joe, a network technician, is setting up a DHCP server on a LAN segment. Which of the following options should Joe configure in the DHCP scope, in order to allow hosts on that LAN segment using dynamic IP addresses, to be able to access the Internet and internal company servers? (Select THREE).
A. Default gateway
B. Subnet mask
C. Reservations
D. TFTP server
E. Lease expiration time of 1 day
F. DNS servers
G. Bootp
Answer: A, B, F
Explanation:
The question states that the client computers need to access the Internet as well as internal company servers. To access the Internet, the client computers need to be configured with an IP address with a subnet mask (answer B) and the address of the router that connects the company network to the Internet. This is known as the ‘default gateway’ (answer A).
To be able to resolve web page URLs to web server IP addresses, the client computers need to be configured with the address of a DNS server (answer F).
Incorrect Answers:
C: A reservation is configured in DHCP to ensure that a DHCP client always receives the same IP address. This is not a requirement to enable a client computer to access local servers and the Internet.
D: A TFTP (Trivial File Transfer Protocol) server is used to download files. In DHCP, a TFTP server address is often used for dumb terminals (computers without an installed operating system) to download a boot image from a central server. This is not a requirement to enable a client computer to access local servers and the Internet.
E: A DHCP lease determines how long a DHCP assigned IP address is valid for. For example, a 12 hour lease would enable the computer to use the IP address for 12 hours before the lease must be renewed or the IP address released. A lease of 1 day is not a requirement to enable a client computer to access local servers and the Internet. The lease can be as long as you like.
G: Bootp (Bootstrap Protocol) is a predecessor to DHCP. Bootp is not a requirement to enable a client computer to access local servers and the Internet.
References:
https://technet.microsoft.com/en-gb/library/dd759218.aspx
Question: 9
A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. Which of the following could the technician do to fix this issue while causing internal users to route to the website using an internal address?
A. Configure NAT on the firewall
B. Implement a split horizon DNS
C. Place the server in the DMZ
D. Adjust the proper internal ACL
Answer: B
Explanation:
Split horizon DNS (also known as Split Brain DNS) is a mechanism for DNS servers to supply different DNS query results depending on the source of the request. This can be done by hardware-based separation but is most commonly done in software.
In this question, we want external users to be able to access the website by using a public IP address. To do this, we would have an external facing DNS server hosting a DNS zone for the website domain. For the internal users, we would have an internal facing DNS server hosting a DNS zone for the website domain. The external DNS zone will resolve the website URL to an external public IP address. The internal DNS server will resolve the website URL to an internal private IP address.
Incorrect Answers:
A: The question states that a technician just completed a new external website and setup access rules in the firewall. The firewall configuration will already include NAT rules to redirect the external IP address of the website to the internal IP address of the web server. Therefore, as NAT is already configured on the firewall, this answer is incorrect.
C: We know from the question that the web server has an internal IP address. It is therefore likely that the web server is on an internal network with the firewall NAT’ing a public IP address to the private IP address of the server. Placing the server in a DMZ is a good idea from a security perspective. However, for all we know, the server is already in a DMZ. Placing the server in a DMZ will not enable the internal users to access the web server using an internal IP address. We need to configure DNS to achieve that.
D: The question states that the website resolves the proper public address. Therefore, we know that DNS is returning the public IP address of the website. We need to configure internal DNS to return the internal private IP address for internal users. The firewall is not preventing internal users accessing the internal IP address of the web server.
References:
http://en.wikipedia.org/wiki/Split-horizon_DNS
Question: 10
When configuring a new server, a technician requests that an MX record be created in DNS for the new server, but the record was not entered properly. Which of the following was MOST likely installed that required an MX record to function properly?
A. Load balancer
B. FTP server
C. Firewall DMZ
D. Mail server
Answer: D
Explanation:
A mail exchanger record (MX record) is a DNS record used by email servers to determine the name of the email server responsible for accepting email for the recipient’s domain.
For example a user sends an email to recipient@somedomain.com. The sending user’s email server will query the somedomain.com DNS zone for an MX record for the domain. The MX record will specify the hostname of the email server responsible for accepting email for the somedomain.com domain, for example, mailserver.somedomain.com. The sending email server will then perform a second DNS query to resolve mailserver.somedomain.com to an IP address. The sending mail server will then forward the email to the destination mail server.
Incorrect Answers:
A: A load balancer is a hardware device of software application that distributes requests for server resources between multiple servers thus sharing (balancing) the load between the servers. An MX record is not used by a load balancer.
B: An FTP (File Transfer Protocol) server is a server that hosts files that can be downloaded by FTP clients. An MX record is not used by an FTP server.
C: A DMZ (De-militarized Zone) is a network that is isolated from other networks by a firewall. The firewall is used to restrict access to the servers in the DMZ. Public facing servers are often hosted in a DMZ. The firewall can then allow only the required traffic through. For example, the firewall can be configured to allow only port 80 (HTTP) traffic to a web server. An MX record is not used by a DMZ.
References:
http://en.wikipedia.org/wiki/MX_record
Question: 11
Which of the following protocols uses label-switching routers and label-edge routers to forward traffic?
A. BGP
B. OSPF
C. IS-IS
D. MPLS
Answer: D
Explanation:
In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself.
MPLS works by prefixing packets with an MPLS header, containing one or more labels.
An MPLS router that performs routing based only on the label is called a label switch router (LSR) or transit router. This is a type of router located in the middle of a MPLS network. It is responsible for switching the labels used to route packets. When an LSR receives a packet, it uses the label included in the packet header as an index to determine the next hop on the label-switched path (LSP) and a corresponding label for the packet from a lookup table. The old label is then removed from the header and replaced with the new label before the packet is routed forward.
A label edge router (LER) is a router that operates at the edge of an MPLS network and acts as the entry and exit points for the network. LERs respectively, add an MPLS label onto an incoming packet and remove it off the outgoing packet.
When forwarding IP datagrams into the MPLS domain, an LER uses routing information to determine appropriate labels to be affixed, labels the packet accordingly, and then forwards the labelled packets into the MPLS domain. Likewise, upon receiving a labelled packet which is destined to exit the MPLS domain, the LER strips off the label and forwards the resulting IP packet using normal IP forwarding rules.
Incorrect Answers:
A: BGP (Border Gateway Protocol) does not use label-switching routers or label-edge routers to forward traffic.
B: OSPF (Open Shortest Path First) does not use label-switching routers or label-edge routers to forward traffic.
C: IS-IS (Intermediate System-to-Intermediate System) is an Interior Gateway Protocol (IGP) for routing. However, it does not use label-switching routers or label-edge routers to forward traffic.
References:
http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
Question: 12
Which of the following is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line?
A. Multilayer switch
B. Access point
C. Analog modem
D. DOCSIS modem
Answer: C
Explanation:
Before ADSL broadband connections became the standard for Internet connections, computers used analog modems to connect to the Internet. By today’s standards, analog modems are very slow typically offering a maximum bandwidth of 56Kbps.
An analog modem (modulator/demodulator) converts (modulates) a digital signal from a computer to an analog signal to be transmitted over a standard (POTS) phone line. The modem then converts (demodulates) the incoming analog signal to digital data to be used by the computer.
An analog modem uses an RJ-11 connector to connect to a phone line (POTS) in the same way a phone does.
Incorrect Answers:
A: A multilayer switch is a network device that has RJ-45 sockets for Ethernet cables with RJ-45 connectors to connect to. It does not use RJ-11 connectors.
B: An Access Point is a network device used for wireless networks. An access point has RJ-45 sockets to enable an Ethernet cable to be used to connect the access point to an Ethernet network. It does not use RJ-11 connectors.
D: A Data Over Cable Service Interface Specification (DOCSIS) modem otherwise known as a cable modem is used to connect a cable TV to the Internet. A DOCSIS modem uses RJ-45 connectors and coaxial cable connectors.. It does not use RJ-11 connectors.
References:
http://en.wikipedia.org/wiki/Modem
Question: 13
An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector. Which of the following protocols was MOST likely used on this cable?
A. RS-232
B. 802.3
C. ATM
D. Token ring
Answer: A
Explanation:
A DB-9 connector is used on serial cables. Serial cables use the RS-232 protocol which defines the functions of the 9 pins in a DB-9 connector. The RS-232 standard was around long before computers. It’s rare to see a new computer nowadays with a serial port but they were commonly used for connecting external analog modems, keyboards and mice to computers.
Incorrect Answers:
B: 802.3 is the standard specification for Ethernet. Ethernet networks used BNC coaxial cable and connectors in the past but today by far the most common connector is the RJ-45 connector. 802.3 does not use DB-9 connectors.
C: ATM (Asynchronous Transfer Mode) is a WAN technology developed in the 80s. ATM network adapters typically use RJ-45 connectors. They do not use DB-9 connectors.
D: Token Ring is a network technology where the computers on the network formed a logical ring with data being transmitted sequentially from one computer to the next with a control token circulating around the ring controlling access. Token ring networks used IBM Data Connectors in early implementations. In later implementations, Token Ring networks used RJ-45 connectors. Token Ring does not use DB-9 connectors.
References:
http://www.l-com.com/what-is-a-db9-connector
http://searchnetworking.techtarget.com/definition/8023
http://en.wikipedia.org/wiki/Token_ring
Question: 14
Which of the following connection types is used to terminate DS3 connections in a telecommunications facility?
A. 66 block
B. BNC
C. F-connector
D. RJ-11
Answer: B
Explanation:
A DS3 (Digital Signal 3) is also known as a T3 line with a maximum bandwidth of 44.736 Mbit/s. DS3 uses 75 ohm coaxial cable and BNC connectors.
Incorrect Answers:
A: A 66 block is a type of punch-down block used to connect sets of wires in a telephone system. It is not used to terminate DS3 connections in a telecommunications facility.
C: An F connector is a coaxial RF connector commonly used for terrestrial television, cable television and universally for satellite television and cable modems, usually with RG-6/U cable or, in older installations, with RG-59/U cable. It is not used to terminate DS3 connections in a telecommunications facility.
D: An RJ-11 connector (Registered Jack – 11) is commonly used today for connecting devices such as telephones, broadband modems and satellite TV boxes to a POTS phone line. It is not used to terminate DS3 connections in a telecommunications facility.
References:
http://en.wikipedia.org/wiki/Digital_Signal_3
http://en.wikipedia.org/wiki/66_block
http://en.wikipedia.org/wiki/F_connector
http://en.wikipedia.org/wiki/Registered_jack
Question: 15
An F-connector is used on which of the following types of cabling?
A. CAT3
B. Single mode fiber
C. CAT5
D. RG6
Answer: D
Explanation:
An F connector is a coaxial RF connector commonly used for terrestrial television, cable television and universally for satellite television and cable modems, usually with RG-6/U cable or, in older installations, with RG-59/U cable.
Incorrect Answers:
A: CAT3 cables use RJ-45 connectors. Category 3 or CAT3 cables were used heavily in the early 90?s for wiring offices and homes. They are still used in two-line phone configurations, but are rarely used in wired networking thanks to the CAT 5e or CAT 6 cable’s superior performance. CAT3 can handle data speeds of up to 10 Mbps whereas CAT5e and CAT6 support speeds up to 1,000Mbps. CAT3 cables do not use F connectors.
B: Single mode fiber can use a variety of connectors. In the past, FC connectors were used but SC and LC connectors are more commonly used nowadays. Single mode fiber cables do not use F connectors.
C: CAT5 cables use RJ-45 connectors. CAT5 or CAT5e cables are commonly used in Ethernet networks today. CAT5 cables were designed to support a maximum bandwidth of 100Mbps while CAT5e cables can support up to 1000Mbps. CAT5 cables do not use F connectors.
References:
http://en.wikipedia.org/wiki/F_connector
http://www.thefoa.org/tech/connID.htm
Ou can buy and download our downloadable 712-50 material for 712-50 EC-Council Certified CISO (CCISO) exam quite easily. Just add this study material to your cart, enter your billing information and once you have completed the purchase process