×

Quiz Session - Attempts With Random Questions

CompTIA Network+ (N10-008) Exam Questions

Page 2 of 55

21.

With which Wi-Fi version was MU-MIMO introduced?

  • Wi-Fi 5

  • Wi-Fi 6

  • Wi-Fi 4

  • Wi-Fi 7

Correct answer: Wi-Fi 5

Wi-Fi 5 (802.11ac) introduced the use of Multi-User Multiple-Input Multiple-Output (MU-MIMO), which allows more devices to use Wi-Fi at the same time by coordinating multiple streams across antennas on multiple independent wireless Access Points (APs).

Wi-Fi 6 (802.11ax) also uses MU-MIMO, but it came after Wi-Fi 5.

Wi-Fi 4 (802.11n) uses MIMO, not MU-MIMO.

Wi-Fi 7 is not in the scope of Network+ at this time.

22.

You find yourself making an online financial transaction in a crowded cafe. Which social engineering attack should you guard against?

  • Shoulder surfing

  • On-path

  • Tailgating

  • Brute-force

Correct answer: Shoulder surfing

If you must make a financial transaction on your phone or laptop in a crowded place, be sure to guard against shoulder surfing. You don't want anyone viewing your screen when confidential information can be seen.

In an on-path attack, a bad actor intercepts data between two parties. But this is a computer-based attack rather than social engineering.

Tailgating occurs when one person follows another into a secure area without authorization or the first person's knowledge.

A brute-force password attack is also computer-based rather than a social engineering attack.

23.

Of the following Unix commands, which is NOT used to check FQDN-to-IP-address resolutions?

  • netstat

  • nslookup

  • dig

  • host

Correct answer: netstat

The netstat command provides information about current connections.

The nslookup, dig, and host commands can all be used to display information about resolving domain names to IP addresses. FQDN stands for Fully Qualified Domain Name.

24.

A new employee in the company is going to be using their own laptop for sales work and out-of-office procedures. Which of the following policies would they typically be asked to sign?

  • BYOD

  • AUP

  • BYOC

  • SOP

Correct answer: BYOD

Closely related to a remote access policy, the Bring-Your-Own-Device (BYOD) policy typically incorporates the following:

  • An explicit and detailed list of what devices are actually permitted
  • An explicit security policy for each device
  • The appropriate corporate support policy for each device or device category
  • A clear delineation of what applications and data are owned by the corporation versus those owned by the user and/or employee
  • An explicit list of applications permitted within the BYOD environment
  • An integration of the BYOD policy with the Acceptable Use Policy (AUP)
  • A detailed presentation of the exit policies for employees as related to BYOD

Acceptable use policy defines allowed uses for company-owned devices, such as laptops or mobile phones.

BYOC is a fabricated term.

The term Standard Operating Procedure (SOP) does not refer to a policy. An SOP defines practical methods for completing an assigned task.

25.

Which of the following fuels is most commonly used in data center generators?

  • Diesel

  • Natural gas

  • Gasoline

  • Propane

Correct answer: Diesel

Most data centers around the world use diesel-fueled generators. Diesel generators are reliable and can start quickly. Data center diesel generators may be large and come in pairs for redundancy.

Natural gas is a cleaner form of fuel, but it is less readily available and less commonly used than diesel.

Gasoline can be used in data center generators, but it is less common than diesel.

Propane is another clean-burning fuel, but less commonly used than diesel.

26.

Given the password in the supplemental passage, what do you notice that should be avoided?

  • Using keyboard keys

  • Using a password that is too short

  • Using numbers instead of letters

  • Using a password that has no capital letters

Correct answer: Using keyboard keys

The password "jkl;ZF7A&?3k" in the supplemental passage uses keyboard keys, which are keys that are next to each other on the keyboard. The password begins with "jkl;", which are letters next to each other on the US keyboard. This practice should be avoided. Here are some examples from the US keyboard:

  • qwer
  • asdf
  • CVBN
  • jkl;
  • uiop

The other three answers are incorrect. While they are all practices that should be avoided, they are not true for the given password.

The password is 12 characters long, so it is not too short.

The password does not use numbers instead of letters. That would be true for a password like "Pa55word", where the number 5 is used in place of the letter S.

The password does contain capital letters.

27.

Which IPS detection method requires frequent updates to be effective?

  • Signature-based

  • Policy-based

  • Statistical anomaly

  • Nonstatistical anomaly

Correct answer: Signature-based

The Intrusion Prevention System (IPS) detection method that requires frequent updates is the signature-based method. Signature-based detection identifies threats based on known patterns or signatures and requires frequent updates to the signature library.

Policy-based detection would only require updates when corporate policies change.

Statistical and nonstatistical anomaly detection detect deviations from normal traffic, which does not require updates.

28.

Which of the following is a best practice for BYOD?

  • It should be segmented from the operational network.

  • It should be included in the operational network.

  • It should be placed on a guest network.

  • It should not be allowed at all.

Correct answer: It should be segmented from the operational network.

A best practice for a Bring-Your-Own-Device (BYOD) strategy is to segment all such devices from the operation network. It has become common for employees to use their own phones and laptops for company business. Segmenting them from the rest of the network is a good security practice.

It is not a good idea to include BYOD devices in the operational network. There are too many risks.

Placing BYOD devices on a guest network defeats the idea of bringing them into the company network infrastructure.

Restricting personally-owned devices from company use may be secure, but it is not the definition of a BYOD strategy.

29.

You are troubleshooting an issue in which a user can reach other systems and websites using IP addresses, but can't access anything using its domain name (such as Google.com). What is MOST LIKELY the cause of this issue?

  • DNS issue

  • Incorrect subnet mask

  • Untrusted SSL certificate

  • DHCP issue

Correct answer: DNS issue

When users are able to connect to Internet Protocol (IP) addresses but not host names, there is likely some type of issue with the Domain Name System (DNS). DNS converts domain names such as Google.com to their respective IP addresses, and vice versa.

An incorrect subnet mask would cause general communication issues, including problems connecting to an IP address.

An untrusted Secure Sockets Layer (SSL) certificate would cause an error with a specific website.

A Dynamic Host Configuration Protocol (DHCP) issue would cause problems in the automatic allocation of IP addresses to new devices.

30.

You are looking into implementing a Storage Area Network (SAN) and Fibre Channel is at the top of your list. Which of the following makes Fibre Channel (FC) more flexible within a local wired network?

  • FCoE

  • Jumbo frames

  • IB

  • FCoL

Correct answer: FCoE

Fibre Channel over Ethernet (FCoE) makes Fibre Channel (FC) more flexible within a local wired network because you can configure FCoE to run a unified network for your Storage Area Network (SAN) and non-storage data traffic.

Jumbo frames are larger-than-normal frames used in an IP-based Small Computer System Interface (iSCSI) network. InfiniBand (IB) is another infrastructure that competes with FC and iSCSI. FCoL is a fabricated term.

31.

Which of the following is a Cisco proprietary technology that performs load balancing between default gateways?

  • GLBP

  • LACP

  • VRRP

  • PAT

Correct answer: GLBP

Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary technology that performs load balancing between default gateways.

The Link Aggregation Control Protocol (LACP) aggregates multiple physical links into a single logical channel, which it makes available to a route processor. The Virtual Router Redundancy Protocol (VRRP) is an open-standard protocol that automatically assigns available IP routers to hosts. Port Address Translation (PAT) provides scalability, not redundancy.

32.

Which of the following BEST defines an Intrusion Detection System (IDS)?

  • It receives a copy of traffic being analyzed and generates alerts about potential attacks.

  • It defines a set of rules dictating which types of traffic are permitted or denied as that traffic enters or exits a firewall interface.

  • It secures communication between two sites over an untrusted network.

  • It sits in line with traffic being analyzed and can drop the traffic.

Correct answer: It receives a copy of traffic being analyzed and generates alerts about potential attacks.

An Intrusion Detection System (IDS) generates alerts about potential attacks, but it takes no action.

A firewall uses a set of predefined rules to determine if traffic should be permitted to enter or leave a protected network or be blocked from doing so.

A Virtual Private Network (VPN) encrypts traffic flowing over a public network, enabling secure communications without the risk of eavesdropping. With a VPN, you can send secure traffic over an untrusted network.

An Intrusion Prevention System (IPS) monitors network traffic and can identify and block connections containing known attacks. It can drop traffic if it appears malicious. To accomplish this, it must be deployed in-line with the monitored network traffic.

33.

What address is reserved for loopback tests?

  • 127.0.0.1

  • 169.254.0.1

  • 192.168.0.1

  • 255.255.255.255

Correct answer: 127.0.0.1

The 127.0.0.1 address is reserved for loopback testing, enabling an administrator to determine if the TCP/IP stack is working on a computer. This mirrors the actions of sending and receiving a packet on the network. Sending a packet to the 127.0.0.1 address, also called "localhost," sends the packet outside the interface only to have it come right back in to be processed. This can determine if there are any errors with the local machine's hardware or TCP/IP configurations.

An IP address beginning with 169.254 is called an Automatic Private IP Addressing (APIPA) IP address. It generally is assigned to a computer when an automatic IP address assignment from a DHCP server fails. The address 192.168.0.1 is often the default IP address for wi-fi or LAN routers. The IP address 255.255.255.255 is a subnet mask address.

34.

Which of the following statements regarding an Uninterruptible Power Supply (UPS) is TRUE?

  • A UPS can support multiple devices.

  • A UPS is designed for long-term use.

  • A UPS uses the same power source as the device that it is protecting.

  • A UPS distributes power to multiple outlets.

Correct answer: A UPS can support multiple devices.

The statement "A UPS can support multiple devices." is true. A single Uninterruptible Power Supply (UPS) unit can provide backup support for multiple data center devices. The number of devices supported depends on the capacity of the UPS and the sum of the power load of each device. Power load information is typically found on a name plate on each device.

The statement "A UPS is designed for long-term use." is false. A UPS springs into action when the primary power source fails, such as an electric company power outage due to weather. A UPS has limited battery life.

The statement "A UPS uses the same power source as the device that it is protecting." is false. UPS devices typically are battery-powered. Operating from the same power source would defeat the purpose of a UPS.

The statement "A UPS distributes power to multiple outlets." is false. That is the role of a Power Distribution Unit (PDU).

35.

Which of the following is the set of shared configurations used in an ISAKMP session?

  • Security association

  • Diffie-Hellman

  • Secure sockets layer

  • Perfect forward secrecy

Correct answer: Security association

A Security Association (SA) is the set of parameters that two devices agree upon for use in an Internet Security Association and Key Management Protocol (ISAKMP) session.

Diffie-Hellman (DH) creates a shared encrypted key over a public channel.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) provide Confidentiality, Integrity, and Authentication (CIA) protections for the Open Systems Interconnection (OSI) model Layers five through seven.

Perfect Forward Secrecy (PFS) makes it impossible to derive a session key from a compromised private key.

36.

An employee continues to receive a "certificate not trusted" error each time they navigate to the company's website. The employee is using a new computer. Other employees can access the website with no errors.

Which of the following would you suspect?

  • Incorrect system date

  • Network misconfiguration

  • Expired SSL/TLS certificate

  • Outdated browser

Correct answer: Incorrect system date

Secure Socket Layer (SSL)/Transport Layer Security (TLS) certificates have both a starting date and an expiration date. If the system time on the user's device is incorrect and falls outside the valid dates for the certificate, then an error will occur.

Network misconfiguration will not cause a "certificate not trusted" error.

SSL/TLS certificates must be maintained since they have expiration dates. If the certificate expires, everyone who browses on that website will receive the error message that the certificate is untrusted. To fix this issue, the certificate needs to be updated. Since others are able to access the website, this would not involve an expired certificate.

Updating the user's browser will not fix the issue.

37.

What technique could an attacker use to identify the operating system of a target computer?

  • Port scan

  • Ping sweep

  • Smurf attack

  • SYN flood

Correct answer: Port scan

A port scan can often help attackers find out which operating systems are running on target systems. Port scanners can do this by analyzing responses to various request types. The nmap utility functions as a port scanner.

Ping sweeps can be used to help attackers find which systems are online, but they will not help them identify the operating systems of those devices.

Smurf attacks and SYN floods are common Denial-of-Service (DoS) attacks and will not help with reconnaissance.

38.

Which of the following outlines what is and is not allowed on corporate networks and systems?

  • AUP

  • BYOD

  • PUA

  • DLP

Correct answer: AUP

An Acceptable Use Policy (AUP), or fair use policy, outlines what is and is not allowed on corporate networks and systems.

A Bring-Your-Own-Device (BYOD) policy defines how personal devices may be used for company business.

A Potentially Unwanted Application (PUA) is a piece of software that may not be desired for inclusion on a company device.

Data Loss Prevention (DLP) is a strategy for preventing the loss of sensitive data.

39.

How many cable pairs can a BIX block terminate?

  • 25

  • 66

  • 30

  • 110

Correct answer: 25

Building Industry cross-connect (BIX) blocks are punch-down blocks that can terminate up to 25 cable pairs.

A 66 block can terminate multiple cable pairs depending on the configuration. It allows for 50 pairs, 25 on each side.

The answer 30 is incorrect.

A 110 block can accommodate more than 500 cable pairs. It is also known as a Krone block.

40.

Which of the following is NOT a type of UPS?

  • Load balancing

  • Line interactive

  • Online

  • Standby

Correct answer: Load balancing

You can do load balancing with Uninterruptible Power Supply (UPS) systems, but that is not a main type of UPS system.

A line-interactive UPS supplies power from the Alternating Current (AC) line to the inverter. It is used for small server rooms and networking racks.

An online UPS is used in data centers, supplying power to batteries which provide constant power to equipment. When AC power is lost, the batteries will continue to supply Direct Current (DC) power.

A standby UPS system is the most common type, transferring the load from AC to a battery-supplied inverter. It may be used for individual desktop computers.

×