Scroll down to see your responses and detailed results
Prepare for the CompTIA Network+ N10-008 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
Which authentication protocol uses tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner?
LDAP
Kerberos
TACACS+
RADIUS
Kerberos is an authentication protocol that uses tickets to allow nodes to prove their identity securely. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Which type of files pose the greatest risk related to the distribution of malware?
.png
.exe
.txt
A .exe file means that file is an executable file. The others are text/photo files which are less likely to be dangerous.
.exe is a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows, OS/2, and DOS.
.exe - Wikipedia, the free encyclopediaWhat is the primary purpose of maintaining baseline configurations in network operations?
To ensure all network devices are operating at their maximum speed and capacity.
To provide a reference point for optimal network performance and configurations for comparison over time.
To facilitate failover in the event of a device failure by providing real-time backups of data.
To serve as a legal document for compliance and auditing purposes.
Baseline configurations establish a standard of normal operational metrics for network performance and configurations that can be referred to for troubleshooting, optimization, or verifying changes made to the network. Understanding the baseline allows IT professionals to quickly identify deviations that may indicate issues or unauthorized changes.
A technician is troubleshooting a reported issue where a device is unable to establish a network connection. After inspecting the physical port on the switch where the device is connected, the technician observes the LED indicator is not lit when the device is powered on and connected with a known good cable. Which of the following is the MOST likely cause of this issue?
Duplex mismatch
Bad port
Incorrect pinout
Crossover cable requirement
The absence of the LED indicator light on the network switch port suggests that the port may be non-functional or 'bad.' This can occur due to hardware failure, improper configuration, or physical damage to the port. It is important for the technician to verify that the port is enabled and configured correctly in the switch's settings. If the settings are correct and the issue persists, this would strongly indicate a hardware-related problem with the port itself.
What Cisco-developed authentication protocol supersedes prior versions by utilizing TCP to manage AAA services?
Kerberos
XTACACS
TACACS+
RADIUS
AAA stands for Authentication, Authorization, and Accounting. Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco to replace TACACS and XTACACS. It adds the benefit of full packet encryption and implements transmission control through TCP.
Terminal Access Controller Access-Control System (TACACS, ) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks including but not limited to the ARPANET, MILNET and BBNNET. It spawned related protocols: Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol. TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network. TACACS Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ has largely replaced its predecessors.
TACACS#TACACS+ - Wikipedia, the free encyclopediaA network administrator is investigating a high number of input errors on an interface of a router. The issue is causing slow network performance. Upon closer inspection, the administrator notices that the CRC counter is incrementing. What is the most likely cause of the CRC errors?
Duplex mismatch between the router interface and the switch port.
Excessive broadcast traffic overloading the interface buffer.
Faulty cables, ports, or network interface cards (NICs).
Incorrect clock rate configured on the router interface.
CRC errors are usually indicative of collision or physical layer issues such as noise, crosstalk, and interference that are introduced into the network cables or equipment. Since CRC errors are related to the integrity of the frame, a faulty cable, port, or NIC could corrupt frames as they are sent across the network. Electrical issues, such as poor signal strength, can also cause these types of errors. Incorrect clock rates or a duplex mismatch would not typically result in CRC errors but might cause other issues, such as frame collisions or runts.
Your company has recently experienced an incident where sensitive data was leaked. The management team wants to assess the effectiveness of the current security measures and the potential for further incidents. They have decided to conduct an assessment that simulates an attacker targeting the network to identify vulnerabilities. Which type of assessment is most appropriate for this scenario?
Risk analysis
Vulnerability scanning
Penetration testing
Posture assessment
A penetration test is designed to simulate an actual attack scenario where the tester actively exploits vulnerabilities in the network to determine what information is actually at risk. This type of testing will provide realistic insight into the current state of the company's network security. A vulnerability scan is not as comprehensive; it only identifies potential vulnerabilities without actively exploiting them. A posture assessment evaluates the overall security strategy, which does not actively exploit vulnerabilities, while risk analysis is broad and focuses on the potential impact and likelihood of threats, not on actively exploiting the vulnerabilities.
NTP requires bidirectional communication on both TCP and UDP port 123 to synchronize time across devices.
This statement is incorrect.
This statement is correct.
This statement is incorrect because NTP uses only the UDP protocol, not TCP, for time synchronization and operates solely on UDP port 123. TCP is a connection-oriented protocol and is not utilized by NTP, which is designed to use the connectionless nature of UDP for quick time checks without the overhead of establishing and maintaining a connection.
What feature of managed switches allows network traffic to be separated into distinct broadcast domains, enhancing security and reducing traffic congestion?
NAT
VRF
PAT
VLAN
Virtual LANs (VLANs) are used to segment network traffic into separate, isolated broadcast domains. This feature is beneficial because it can enhance network security by isolating sensitive data or devices within a specific VLAN and also helps in reducing broadcast traffic, which can improve the overall performance of the network. VLANs are a layer 2 concept, and they operate by tagging Ethernet frames with a VLAN ID. Other options such as 'Virtual Routing and Forwarding' and 'Network Address Translation' operate at higher layers of the OSI model and serve different purposes.
Which communication medium is least susceptible to EMI?
UTP
Coax
STP
Fiber-Optic
Fiber-optic cabling is not affected by EMI (Electromagnetic Interference) because it uses light rather than electricity. Shielded Twisted Pair (STP) is a more convenient and cheaper option to reduce the effects of EMI, but it is still susceptible to EMI.
Fiber-optic communication is a method of transmitting information from one place to another by sending pulses of infrared or visible light through an optical fiber. The light is a form of carrier wave that is modulated to carry information. Fiber is preferred over electrical cabling when high bandwidth, long distance, or immunity to electromagnetic interference is required. This type of communication can transmit voice, video, and telemetry through local area networks or across long distances.Optical fiber is used by many telecommunications companies to transmit telephone signals, internet communication, and cable television signals. Researchers at Bell Labs have reached a record bandwidth–distance product of over 100 petabit × kilometers per second using fiber-optic communication.
Fiber-optic_communication - Wikipedia, the free encyclopediaWhich of the following solutions enables combining several physical ports into a single logical channel?
VRRP
LACP
RSTP
HSRP
Link Aggregation Control Protocol (LACP) will combine multiple physical ports into one logical one. This is used to provide redundancy and minimize downtime.
In computer networking, link aggregation is the combining (aggregating) of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports. Other umbrella terms used to describe the concept include trunking, bundling, bonding, channeling or teaming. Implementation may follow vendor-independent standards such as Link Aggregation Control Protocol (LACP) for Ethernet, defined in IEEE 802.1AX or the previous IEEE 802.3ad, but also proprietary protocols.
Link_aggregation - Wikipedia, the free encyclopediaThis device sends every packet received out of every port on the device except the one it was received on. It is an early multi-port networking device that is basically obsolete. This is what device?
Router
Hub
Bridge
Switch
A network hub is a layer 1 device that was the precursor to the switch. A hub doesn’t have the ability to do any type of traffic management. It just sends traffic out of every port except the port it was received on.
An Ethernet hub, active hub, network hub, repeater hub, multiport repeater, or simply hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. It has multiple input/output (I/O) ports, in which a signal introduced at the input of any port appears at the output of every port except the original incoming. A hub works at the physical layer (layer 1) of the OSI model. A repeater hub also participates in collision detection, forwarding a jam signal to all ports if it detects a collision. In addition to standard 8P8C ("RJ45") ports, some hubs may also come with a BNC or an Attachment Unit Interface (AUI) connector to allow connection to legacy 10BASE2 or 10BASE5 network segments. Hubs are now largely obsolete, having been replaced by network switches except in very old installations or specialized applications. As of 2011, connecting network segments by repeaters or hubs is deprecated by IEEE 802.3.
Ethernet_hub - Wikipedia, the free encyclopediaYour company network includes several VLANs to segregate different departmental data and to maintain secure communication channels. An attacker within the network managed to send packets from one VLAN to another despite the absence of a router facilitating inter-VLAN communication. Which technique is MOST likely being used by the attacker?
Switch spoofing
ARP spoofing
DNS poisoning
Double tagging
VLAN hopping is a network attack where an attacker configures a system in one VLAN to appear as if it belongs to another VLAN, typically by taking advantage of switch misconfigurations, such as an enabled native VLAN that coincides with an access VLAN. To perform VLAN hopping, an attacker might use double tagging or switch spoofing. Double tagging involves manipulating the VLAN tags on Ethernet frames to fool switches into forwarding packets not normally accessible to an attacker. Switch spoofing is when an attacker configures a device to mimic a switch, thus allowing the attacker to negotiate trunking. However, without direct control over switch configuration or tag manipulation, ARP spoofing and DNS poisoning would not facilitate VLAN hopping, as they are different types of attacks affecting the layer 2 and layer 3 protocols respectively and do not inherently allow packets to traverse between VLANs with the VLAN hopping technique.
You have been asked to install a new switch onto the network. This switch does not have routing capabilities, which OSI Model layer does this switch belong to?
Layer 3
Layer 4
Layer 2
Layer 5
Switches communicate using MAC Addressing, which belongs to Layer 2 (Data Link Layer) of the OSI Model. Some switches come with routing capabilities and can use Layer 3 (Network Layer) to communicate, these are conveniently known as Layer 3 Switches.
A network switch (also called switching hub, bridging hub, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device. A network switch is a multiport network bridge that uses MAC addresses to forward data at the data link layer (layer 2) of the OSI model. Some switches can also forward data at the network layer (layer 3) by additionally incorporating routing functionality. Such switches are commonly known as layer-3 switches or multilayer switches.Switches for Ethernet are the most common form of network switch. The first MAC Bridge was invented in 1983 by Mark Kempf, an engineer in the Networking Advanced Development group of Digital Equipment Corporation. The first 2 port Bridge product (LANBridge 100) was introduced by that company shortly after. The company subsequently produced multi-port switches for both Ethernet and FDDI such as GigaSwitch. Digital decided to license its MAC Bridge patent in a royalty-free, non-discriminatory basis that allowed IEEE standardization. This permitted a number of other companies to produce multi-port switches, including Kalpana. Ethernet was initially a shared-access medium, but the introduction of the MAC bridge began its transformation into its most-common point-to-point form without a collision domain. Switches also exist for other types of networks including Fibre Channel, Asynchronous Transfer Mode, and InfiniBand. Unlike repeater hubs, which broadcast the same data out of each port and let the devices pick out the data addressed to them,
Network_switch - Wikipedia, the free encyclopediaYou are the network administrator for a large company with numerous connected LANs but one ASN. Which of the following would you use to route between the different LANs?
EBGP
EIGRP
EGP
BGP
Enhanced interior gateway routing protocol (EIGRP) is a routing protocol used within the same autonomous system to share routing information and make routing decisions.
Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers. In 2013, Cisco permitted other vendors to freely implement a limited version of EIGRP with some of its associated features such as High Availability (HA), while withholding other EIGRP features such as EIGRP stub, needed for DMVPN and large-scale campus deployment. Information needed for implementation was published with informational status as RFC 7868 in 2016, which did not advance to Internet Standards Track level, and allowed Cisco to retain control of the EIGRP protocol.EIGRP is used on a router to share routes with other routers within the same autonomous system. Unlike other well known routing protocols, such as RIP, EIGRP only sends incremental updates, reducing the workload on the router and the amount of data that needs to be transmitted. EIGRP replaced the Interior Gateway Routing Protocol (IGRP) in 1993. One of the major reasons for this was the change to classless IPv4 addresses in the Internet Protocol, which IGRP could not support.
Enhanced_Interior_Gateway_Routing_Protocol - Wikipedia, the free encyclopediaLooks like thats it! You can go back and review your answers or click the button below to grade your test.