No products in the cart.
CompTIA Network+ (N10-008) Exam Questions
Page 8 of 55
141.
The Administrative Distance (AD) indicates a routing protocol's trustworthiness. What is the default AD of the Open Shortest Path First (OSPF) protocol?
-
110
-
115
-
120
-
170
Correct answer: 110
The Open Shortest Path First (OSPF) protocol has a default AD of 110.
The Intermediate System to Intermediate System (IS-IS) protocol has a default AD of 115.
Routing Information Protocol (RIP) has a default AD of 120.
External Enhanced Interior Gateway Routing Protocol (EIGRP) has a default AD of 170.
142.
Email, SMS, and OTP are common methods for which of the following?
-
MFA
-
CIA
-
ZTA
-
SSO
Correct answer: MFA
Email, Short Message Service (SMS), and One-Time Passwords (OTPs) are common methods for Multi-Factor Authentication (MFA). MFA may take advantage of:
- Something you know
- Something you have
- Something you are
- Somewhere you are
- Something you do
CIA Is an acronym that deals with the general concepts of cybersecurity. The CIA triad stands for:
- Confidentiality
- Integrity
- Availability
Zero Trust Architecture (ZTA) is a cybersecurity model based on the principle of least privilege. The idea is that no authentication or authorization should be provided more than what is necessary.
Single sign-on (SSO) is the use of one set of credentials to access many different applications.
143.
You have been tasked with scanning your organization's network for vulnerabilities. Which of the following is the BEST option to use for vulnerability scanning?
-
Nessus
-
Nmap
-
Splunk
-
NetLimited Scanner
Correct answer: Nessus
Nessus is a vulnerability scanner developed by Tenable Network Security. This vulnerability scanner can identify vulnerabilities, security misconfigurations, sensitive information, and other issues on audited systems.
Nmap is a port scanner, and while port scanners can be used to find vulnerabilities, it doesn't provide the comprehensive vulnerability scanning abilities that Nessus does.
Splunk is a Security Information and Event Management (SIEM) solution that uses machine-generated data to provide insights into security technologies, threats, vulnerabilities, and identity information; however, it is not a vulnerability scanner.
NetLimited Scanner is a fabricated term.
144.
What is the maximum bandwidth of the wireless standard 802.11a?
-
54 Mbps
-
11 Mbps
-
2 Mbps
-
> 300 Mbps
Correct answer: 54 Mbps
The 802.11a WLAN standard has a maximum bandwidth of 54 Mbps. The 802.11g WLAN standard also has a maximum bandwidth of 54 Mbps.
The 802.11b WLAN standard has a maximum bandwidth of 11 Mbps. The 802.11 standard, the original WLAN standard, had a maximum bandwidth of 2 Mbps. The 802.11n WLAN standard has a maximum bandwidth greater than 300 Mbps.
145.
Which of the following could be used to determine if an Ethernet cable meets a company's data rate requirements?
-
Cable certifier
-
Cable tester
-
BERT
-
Crimper
Correct answer: Cable certifier
A cable certifier tests the category of UTP cable. CAT4, CAT5, CAT7, etc. cables have different data rates and different maximum distances, and a certifier can determine the category of an unknown cable.
A cable tester will detect a faulty cable, but it cannot determine the type of cable in use.
A Bit Error Rate Tester (BERT) checks for signaling errors in a network connection.
A crimper tool creates a deformation that will bond together a cable and a cable connector.
146.
Electromagnetic interference may be caused by which of the following?
-
Cable placement
-
The MDIX feature
-
A short in a cable
-
An open in a cable
Correct answer: Cable placement
Electromagnetic Interference (EMI) occurs when one wire radiates an electromagnetic field that interferes with current flowing through another wire. Cable placement may impact exposure to EMI if an Ethernet cable is close to another device that radiates EMI, such as high-voltage power cables.
Medium Dependent Interface Crossover (MDIX) is the port configuration for a standard cable, as opposed to MDI, which is the port configuration for a crossover cable.
A short circuit occurs when a faulty connection or damaged wire causes the connection to travel along the wrong path.
An open circuit occurs when the connection is severed due to a broken cable.
147.
Of the following wireless security methods, which uses Advanced Encryption Standard (AES) for encryption?
-
WPA2
-
WPA
-
WEP
-
WPA Enterprise
Correct answer: WPA2
IEEE 802.11i is a standard designed to improve wireless security, which includes the use of the Advanced Encryption Standard (AES) for data encryption. IEEE 802.11i is implemented in Wi-Fi Protected Access 2 (WPA2).
Wi-Fi Protected Access (WPA) does not include encryption.
Wired Equivalent Privacy (WEP) does not include encryption and is no longer recommended.
WPA Enterprise is used in business environments and uses RADIUS authentication.
148.
Of the following, which wireless security method is the weakest?
-
WEP
-
WAP
-
WPA
-
WPP
Correct answer: WEP
Of the given options, Wired Equivalent Privacy (WEP) is the weakest wireless security method. This is because WEP is subject to many WEP attacks as a result of the size of the encryption key and the way the key is updated. WEP is not recommended for use currently.
A Wireless Access Point (WAP) is a wireless device, not a wireless security method.
WPA is more secure than WEP, but it is now superseded by WPA2 and WPA3.
WPP is a fabricated term.
149.
A Shielded Twisted Pair (STP) cable has all of the following attributes, EXCEPT:
-
Issues with EMI
-
Metallic shield
-
Protection from external EMI
-
Individually insulated wires
Correct answer: Issues with EMI
The S in STP refers to the fact that the wires are twisted with a piece of foil. This helps to block Electromagnetic Interference (EMI), making it ideal for EMI-prone environments.
An STP cable has a metallic shield placed around it.
An STP cable is also protected from EMI.
Both STP and Unshielded Twisted Pair (UTP) cables have individually insulated wires.
150.
Which of the following is a private IP address?
-
192.168.1.1
-
192.169.1.1
-
169.03.02.14
-
171.16.0.1
Correct answer: 192.168.1.1
Of those listed, only 192.168.1.1 falls within the following private IPv4 address ranges:
- 10.0.0.0 through 10.255.255.255
- 172.16.0.0 through 172.31.255.255
- 192.168.0.0 through 192.168.255.255
151.
Of the following, which is typically the final phase of an incident response plan?
-
Review
-
Recover
-
Eradicate
-
Identify
Correct answer: Review
Review is the final step of an incident response plan.
Neither recover, eradicate, nor identify are the final steps of an incident response plan, as shown below.
The incident response framework below is based on the Computer Security Incident Handling Guide from the National Institute of Standards and Technology (NIST). Typical incident response plans include the following phases:
- Prepare: This stage is designed to position an organization to manage a potential incident properly. Incident responders should know how to identify an incident, have a plan to recover and restore normal operations, and have security policies in place.
- Identify: This phase kicks off the response to a particular incident by identifying the incident.
- Contain: Containment is intended to limit the spread of an infection or other security incident. This involves ensuring that mission-critical systems remain online and diagnosing the current state of any affected systems, computers, or networks.
- Eradicate: Once the scope of the incident has been determined and the incident is contained, the incident response team can focus on removing the intrusion from affected systems.
- Recover: Once affected systems have been cleaned, they can be restored to normal operation. This step commonly involves ongoing testing and recertification of affected devices.
- Review: During this stage, the incident response team performs a retrospective to identify potential room for improvement in all previous stages of the process. For example, new security policies may be needed to address a new threat or the incident response plan may require tweaks to improve efficiency or communication.
152.
Which command used an ICMP echo request?
-
ping
-
nslookup
-
route
-
iptables
Correct answer: ping
The ping command in Windows sends an Internet Control Message Protocol (ICMP) echo request to a computer and watches for an echo reply. This makes it possible to determine if the remote host is reachable.
The nslookup command in Windows displays DNS information but does not use ICMP.
The route command is used in Windows to manipulate routing tables but does not use ICMP.
The iptables command is used to manage firewall rules in Linux.
153.
Dynamic Frequency Selection (DFS) was introduced to prevent interference with radar signals operating in which band?
-
5 GHz
-
5 MHz
-
2.4 GHz
-
2.4 MHz
Correct answer: 5 GHz
The 5GHz Wi-Fi band can also be used by some radar signals. Dynamic Frequency Selection (DFS) monitors for radar signals and will not use frequency bands that could interfere with them.
Wireless Local Area Network (WLAN) standards are described in 802.11. None of these standards correspond to 5 MHz or 2.4 MHz. IEEE 802.11b and 802.11g are both 2.4 GHz standards.
154.
Which of the following types of antenna radiates relatively equal power in all directions?
-
Omnidirectional
-
Parabolic
-
Yagi
-
Omniradiant
Correct answer: Omnidirectional
There are two broad classes of antennae: omnidirectional and directional (Yagi, parabolic). Omnidirectional antennae broadcast a signal in a relatively uniform direction all around. This makes them ideal for internal office or home use.
Parabolic and Yagi antennae direct the signal primarily in one direction, making them ideal for external point-to-point connections. Omniradiant is not a commonly used term for antennas.
155.
Which of the following attacks involves a botnet?
-
DDoS attack
-
DoS attack
-
Brute-force attack
-
Smurf attack
Correct answer: DDoS attack
A Distributed Denial-of-Service (DDoS) involves multiple devices which form a botnet. A DDoS attack is designed to overwhelm a target system by having many infected computers (called "bots" or "zombies") send traffic to that system.
A Denial-of-Service (DoS) attack floods a target system with spam requests or exploits an application vulnerability to render the system unable to respond to legitimate requests. A DoS attack comes from a single device.
A brute-force attack is a type of password attack.
A Smurf attack attempts to flood a subnet with ping replies by sending Internet Control Message Protocol (ICMP) traffic to a subnet.
156.
Which of the following involves the use of JSON to automatically create and configure network environments?
-
IaC
-
NFV
-
IFC
-
LDAP
Correct answer: IaC
Infrastructure as Code (IaC) is a method to automatically create and configure network infrastructure. It involves writing reusable code with either JavaScript Object Notation (JSON) or Yet Another Markup Language (YAML).
Network Function Virtualization (NFV) adds a layer of abstraction from hardware resources using virtualization and cloud computing.
IFC is a fabricated term.
Lightweight Directory Access Protocol (LDAP) is used to query directory services such as Active Directory.
157.
Which algorithm is used to calculate the shortest path in OSPF?
-
Dijkstra's algorithm
-
AES algorithm
-
Diffusing Update Algorithm
-
Link state
Correct answer: Dijkstra's algorithm
The Open Shortest Path First (OSPF) routing protocol uses Dijkstra's algorithm to calculate the shortest path. (Dijkstra's algorithm is also used by global positioning system devices to calculate driving routes.)
The Advanced Encryption Standard (AES) algorithm is used for encryption.
Diffusing Update Algorithm (DUAL) is used by the Enhanced Interior Gateway Routing Protocol (EIGRP) to calculate routing paths.
Link state identifies a class of routing protocol rather than an algorithm. The other common routing protocol classes are Distance Vector and Hybrid. OSPF is a link-state protocol, while EIGRP is a hybrid protocol.
158.
According to the IEEE 802.3 standard, what is the MINIMUM length of an Ethernet frame?
-
64 octets
-
64 bits
-
1500 bits
-
1500 octets
Correct answer: 64 octets
The minimum length of an Ethernet frame is 64 octets. An octet is a series of eight bits, also known as a byte. Frames smaller than this are referred to as runts and are often caused by collisions or issues with network cards.
The 802.3 Ethernet frame includes the following allocation of 64 bytes as a minimum:
- Destination MAC address - 6 bytes
- Source MAC address - 6 bytes
- Ethertype or length - 2 bytes
- Payload - 46 bytes (up to 1500)
- Frame check sequence - 4 bytes
The answers 64 bits, 1500 bits, and 1500 octets are incorrect.
159.
You are setting up a wireless network in which multiple Wireless Access Points (WAPs) connect to a central switch to become part of a single broadcast domain. What is the name of this type of wireless network?
-
ESS
-
BSS
-
SSE
-
DSS
Correct answer: ESS
When you add additional Wireless Access Points (WAPs) that connect to a central switch to become part of a single broadcast domain, this is known as an Extended Service Set (ESS).
A Basic Service Set (BSS) is the most basic type of wireless infrastructure, with just one WAP and one or more wireless clients.
Security Service Edge (SSE) is a convergence of network security services and is not related to wireless service sets.
DSS is a fabricated term.
160.
Which of the following provides temporary local area network configurations and allows connectivity in non-routed networks?
-
Link-local
-
Multicast
-
Anycast
-
Unicast
Correct answer: Link-local
Link-local addresses are non-routable Internet Protocol version 6 (IPv6) addresses in the FE80::/10 range. They are similar to Automatic Private IP Addressing (APIPA) addresses in IPv4 and can be used to create temporary Local Area Network (LAN) configurations.
IPv4 and IPV6 multicast are "one to many" addresses designed to send a packet to multiple different interfaces with a single address.
Anycast addressing is designed to deliver a packet to the IPv6 address with the shortest routing distance.
Unicast addresses are used to send packets to a particular interface. Unicast addressing exists for both IPv4 and IPv6.