Network+ Practice Test

A. × Incorrect: IEEE 802.11b is incorrect because it uses outdated security protocols that are vulnerable to modern attacks.

B. ✓ Correct: WPA2 provides strong encryption and secure authentication mechanisms for WLANs against contemporary threats.

C. × Incorrect: WEP is incorrect because (Wired Equivalent Privacy) has known vulnerabilities and does not offer adequate protection in today's threat landscape.

D. × Incorrect: IEEE 802.11a is incorrect because specifies wireless network physical layer standards but does not address security or encryption.

A. × Incorrect: unique identifier for a network device is incorrect because it refers to a unique identifier for a network device rather than an MIB module identity.

B. ✓ Correct: An identity and metadata for an MIB module is correct because it accurately describes the purpose of MODULE-IDENTITY in defining metadata and identity for an MIB module.

C. × Incorrect: The version number of the SNMP protocol is incorrect because it is the version number of SNMP protocol is unrelated to the definition provided by MODULE-IDENTITY.

D. × Incorrect: Configuration settings for SNMP traps is incorrect because it is not defined using the MODULE-IDENTITY statement.

A. × Incorrect: Damaged cables on the affected segment is incorrect because damaged cables typically cause intermittent connectivity issues rather than consistently reduced signal strength.

B. × Incorrect: Duplex mismatch between connected devices is incorrect because it is a duplex mismatch would likely result in communication errors and dropped packets, not just reduced signal strength.

C. ✓ Correct: Incorrect cable type for the distance involved is correct because using an incorrect cable type for the distance between devices can lead to degraded signal quality over longer distances.

D. × Incorrect: Improper termination at both ends of the cable is incorrect because improper termination affects signal reflection but does not necessarily cause consistently reduced signal strength.

A. × Incorrect: To disrupt network traffic and prevent data exfiltration is incorrect because it focuses on preventing data exfiltration rather than creating a distraction for secondary attacks.

B. × Incorrect: To overload servers with legitimate requests and cause service outages is incorrect because request floods can cause outages, but the stem asks why attackers use the outage as cover for another attack.

C. × Incorrect: To test the resilience of firewalls and intrusion detection systems is incorrect because testing security systems is not the primary goal of launching DoS or DDoS attacks; attackers aim to exploit vulnerabilities rather than assess defenses.

D. ✓ Correct: To create a distraction for secondary attacks on less secure services is correct because it accurately describes how attackers use DoS or DDoS to create a distraction, allowing them to focus on exploiting less secure services within the network.

A. × Incorrect: Due to differences in physical layer standards is incorrect because differences in physical layer standards do not affect symmetric paths equally.

B. ✓ Correct: Because of asymmetric queueing is correct because asymmetric queueing can cause one path to experience higher latency or packet loss than another, even if they are symmetric.

C. × Incorrect: They use the same routing protocols is incorrect because using the same routing protocols does not ensure identical performance characteristics between two network paths.

D. × Incorrect: Symmetric paths always perform identically is incorrect because symmetric paths do not always perform identically due to factors like asymmetric queueing.

A. ✓ Correct: To carry untagged frames between switches is correct because it carries untagged frames between switches to ensure compatibility with devices that do not support VLAN tagging.

B. × Incorrect: To provide redundancy for critical network traffic is incorrect because it provides redundancy for network traffic, which is unrelated to the function of the native VLAN in handling untagged frames.

C. × Incorrect: To isolate management traffic from data traffic is incorrect because it isolates management traffic from data traffic, a feature more relevant to port security or separate VLAN configurations rather than trunking.

D. × Incorrect: To encrypt traffic across VLANs is incorrect because it encrypts traffic across VLANs, which is not within the scope of the native VLAN's purpose and would typically be handled by other network security measures.

A. × Incorrect: Physical layout diagram is incorrect because it is a physical layout diagram focuses on the placement of devices in an environment rather than their IP address configuration.

B. × Incorrect: Rack diagram is incorrect because it is a rack diagram details how equipment is physically arranged within server racks and does not depict network addressing schemes.

C. ✓ Correct: Logical diagram is correct because it is a logical diagram illustrates the functional relationships between network components, including their assigned IP addresses, making it ideal for representing an IP address plan.

D. × Incorrect: Cable map is incorrect because it is a cable map shows physical connections between devices but does not convey information about IP addresses or network logic.

A. ✓ Correct: Testing theory is correct because after identifying the problem, testing theory helps to hypothesize possible causes and solutions.

B. × Incorrect: Establish secure networks is incorrect because establishing secure networks is a separate process unrelated to immediate troubleshooting steps following problem identification.

C. × Incorrect: Planning and implementing a solution is incorrect because comes later in the troubleshooting process, after theories have been tested and verified.

D. × Incorrect: Verifying functionality is incorrect because happens at the end of the troubleshooting process, not immediately after identifying the problem.

A. ✓ Correct: Configuring ACLs for role-based access control is correct because it involves using ACLs to filter traffic based on specific criteria such as IP addresses, protocols, and ports.

B. × Incorrect: Implementing port security measures exclusively is incorrect because it focuses solely on port security measures rather than the broader use of ACLs for filtering traffic according to detailed criteria.

C. × Incorrect: Disabling unused services on all network devices is incorrect because disabling unused services does not address the need for precise traffic control using ACLs based on IP addresses, protocols, and ports.

D. × Incorrect: Securing management plane interfaces with default passwords is incorrect because it does not relate to configuring ACLs for role-based access control.

A. × Incorrect: FTP is incorrect because it uses port 21 for control connections and does not inherently provide secure file transfer.

B. ✓ Correct: SSH runs on port 22 and provides a secure channel for remote login and other network services, including secure file transfers through SFTP (SSH File Transfer Protocol).

C. × Incorrect: HTTP is incorrect because operates on port 80 or 443 for HTTPS, which are not used for secure file transfer.

D. × Incorrect: SMTP is incorrect because it uses port 25 for email transmission and does not handle file transfers.

A. × Incorrect: DNS record validation is incorrect because it does not control DHCP client-server interactions.

B. ✓ Correct: DHCP server policies is correct because it specifies policies that ensure only authorized DHCP servers can provide configurations to clients.

C. × Incorrect: NAT port forwarding is incorrect because it is unrelated to controlling DHCP server authorization and client configuration.

D. × Incorrect: Static IP reservations is incorrect because static reservations bind addresses to clients but do not authorize which DHCP servers may answer.

A. × Incorrect: ISO/IEC 27001 Information Security Management Systems is incorrect because it focuses on establishing an information security management system rather than providing guidance on using the Cybersecurity Framework.

B. ✓ Correct: NIST Getting Started with the Cybersecurity Framework is correct because it offers insights and examples of how various organizations apply the Cybersecurity Framework to enhance their cybersecurity risk management practices.

C. × Incorrect: CompTIA Network+ N10-009 Study Guide is incorrect because it covers general network certification topics, not specific guidance on the Cybersecurity Framework.

D. × Incorrect: Cisco Networking Academy Curriculum is incorrect because it provides curriculum for networking education rather than information about implementing the Cybersecurity Framework.

A. × Incorrect: DNS server configuration is incorrect because it does not affect how NAT translates IP addresses between internal and external networks.

B. × Incorrect: DHCP lease duration is incorrect because it is unrelated to the translation of network traffic by NAT rules.

C. ✓ Correct: Interface IP address ranges is correct because checking interface IP address ranges ensures that the NAT rules correctly map internal private addresses to public ones for proper traffic translation.

D. × Incorrect: Certificate authority settings is incorrect because it is not relevant to NAT operations or traffic translation.

A. × Incorrect: Implementing multifactor authentication exclusively on internal networks is incorrect because it does not address the specific security needs of a DMZ.

B. ✓ Correct: Integrating SIEM with microsegmentation to monitor and control access in real-time is correct because integrating SIEM with microsegmentation provides real-time monitoring and control, enhancing the security of a DMZ by detecting and responding to threats promptly and segmenting the network to limit potential damage.

C. × Incorrect: Deploying an IDS/IPS system only within the organization's intranet is incorrect because it does not provide adequate protection for the DMZ, which requires specialized security measures.

D. × Incorrect: Relying solely on traditional firewalls for DMZ protection is incorrect because it is insufficient in today’s threat landscape; advanced monitoring and segmentation are necessary.

A. × Incorrect: Software as a Service (SaaS) is incorrect because it provides fully managed software applications without requiring users to manage underlying infrastructure.

B. × Incorrect: Platform as a Service (PaaS) is incorrect because it offers development tools and environments for building, testing, and deploying applications, but does not allow management of virtualized network resources and infrastructure.

C. ✓ Correct: Infrastructure as a Service (IaaS) provides users with the ability to manage their own virtualized network resources and infrastructure.

D. × Incorrect: Multitenancy Services is incorrect because they refer to multiple customers sharing the same infrastructure or platform, which does not specifically relate to managing one's own virtualized network resources.

A. × Incorrect: Copper cable type is incorrect because it does not affect fiber signal strength.

B. × Incorrect: Patch panel configuration is incorrect because issues would typically cause connectivity problems rather than weak signals on properly terminated fibers.

C. × Incorrect: Power over Ethernet (PoE) settings is incorrect because it is unrelated to optical signal strength in fiber connections.

D. ✓ Correct: Transceiver compatibility directly affects the ability of devices to communicate effectively over fiber, impacting signal strength.

A. ✓ Correct: Setting an appropriate Recovery Point Objective (RPO) is correct because it defines the maximum acceptable period of data loss due to a disaster, helping to minimize data loss effectively.

B. × Incorrect: Implementing cold site redundancy is incorrect because while cold site redundancy provides an alternative location for operations after a disaster, it does not directly address minimizing data loss at the moment of recovery.

C. × Incorrect: Conducting regular failover testing is incorrect because ensures that systems can switch over smoothly during a disaster but does not specify how much data might be lost in the process.

D. × Incorrect: Establishing warm site availability is incorrect because it offers faster recovery than cold sites but still does not directly set limits on acceptable data loss.

A. ✓ Correct: Traceroute helps identify routing loops by showing the path packets take and where they might be looping.

B. × Incorrect: ping is incorrect because it does not provide information about the route taken between networks; it only confirms reachability.

C. × Incorrect: Packet Debugging is incorrect because tools are more specialized and typically used for detailed analysis rather than diagnosing routing loop issues.

D. × Incorrect: ICMP is incorrect because (Internet Control Message Protocol) is a protocol, not a tool, and while ping uses ICMP, traceroute provides the necessary path information to diagnose routing loops.

A. ✓ Correct: MFA is correct because multi-Factor Authentication (MFA) ensures that users are verified through multiple factors before accessing network resources in a Zero Trust environment.

B. × Incorrect: RADIUS is incorrect because it is an authentication protocol but does not inherently provide multi-factor verification, which is crucial for Zero Trust security principles.

C. × Incorrect: IPsec is incorrect because it is used to secure communications between devices and networks rather than verifying user identity through multiple factors.

D. × Incorrect: TACACS+ is incorrect because it is a network access control protocol that authenticates users before they can use network services but do not provide multi-factor verification.

A. ✓ Correct: Layer 3 - Network is correct because it represents the Network layer in the OSI model, which handles routing and forwarding of packets, similar to the Internet Layer in TCP/IP.

B. × Incorrect: Layer 2 - Data Link is incorrect because it refers to the Data Link layer, which deals with physical network access and frame transmission, not packet routing or addressing.

C. × Incorrect: Layer 4 - Transport is incorrect because it corresponds to the Transport layer, responsible for end-to-end data delivery between hosts, rather than inter-network communication.

D. × Incorrect: Layer 7 - Application is incorrect because it pertains to the Application layer, where applications interact directly with software, far removed from network-layer functions.

A. × Incorrect: Dynamic routing protocol is incorrect because s automatically discover and maintain routes but do not prioritize backup links specifically.

B. ✓ Correct: Floating static route is correct because it is a floating static route has a higher administrative distance than other routes and will only be used if no better path exists, ensuring traffic goes through the backup link when needed.

C. × Incorrect: Default route is incorrect because s are used for unknown destinations and do not provide specific failover functionality.

D. × Incorrect: Directly connected interface is incorrect because s represent immediate connections to networks but offer no mechanism for routing around failed links.

A. × Incorrect: Implementing new software features is incorrect because may add functionality, but it does not directly provide the preventive security maintenance described by NIST SP 800-40 Rev. 4.

B. × Incorrect: Conducting regular security audits is incorrect because regular security audits assess conditions and detect issues, but patch management is the preventive maintenance activity named in the stem.

C. ✓ Correct: Performing enterprise patch management ensures that all systems are up-to-date and secure against known vulnerabilities, aligning directly with NIST SP 800-40 Rev. 4 recommendations for preventive maintenance.

D. × Incorrect: Creating detailed network diagrams is incorrect because network diagrams document infrastructure, but they do not remediate known vulnerabilities the way patch management does.

A. × Incorrect: Adjusting the signal strength on access points is incorrect because adjusting signal strength does not reduce channel overlap; it only affects how far the signal reaches.

B. ✓ Correct: Modifying the channel settings can ensure that adjacent channels do not interfere with each other, reducing overlap.

C. × Incorrect: Changing the frequency band is incorrect because changing frequency bands may avoid some interference, but it does not directly resolve channel overlap within the band being used.

D. × Incorrect: Increasing the number of SSIDs is incorrect because it does not reduce channel overlap; it only creates more network identities.

A. × Incorrect: Conducting ARP poisoning to redirect traffic is incorrect because it describes a tactic used for ARP spoofing rather than leveraging a DoS attack to facilitate secondary attacks.

B. × Incorrect: Launching DNS amplification attacks to overwhelm servers is incorrect because it is DNS amplification, but it can be part of a DDoS attack, the question asks about using the distraction of a DoS attack to hide other activities, not just overwhelming servers.

C. × Incorrect: Creating man-in-the-middle scenarios for data interception is incorrect because man-in-the-middle scenarios are unrelated to the use of a DoS attack as a smokescreen for additional intrusions.

D. ✓ Correct: Using the distraction of a DoS attack to mask additional intrusions is correct because it accurately describes how attackers use the chaos caused by a DoS or DDoS attack to conceal other malicious activities on network services.

A. × Incorrect: Star/hub and spoke is incorrect because they is a star/hub and spoke topology connects devices to a central hub rather than providing direct connections between all devices.

B. ✓ Correct: Mesh is correct because it is a mesh topology provides direct connections between all devices, ensuring high redundancy and reliability.

C. × Incorrect: Three-tier is incorrect because it is a three-tier topology divides the network into core, distribution, and access layers, not directly connecting every device for redundancy.

D. × Incorrect: Collapsed core is incorrect because it is a collapsed core topology combines the core and distribution layers of a hierarchical design, which does not inherently ensure direct connections between all devices.

A. ✓ Correct: mobility network-id vlan is correct because it assigns VLANs for mobility in a multi-SSID WLAN configuration.

B. × Incorrect: ssid vlan is incorrect because it does not specify the command used to assign VLANs for mobility; instead, it refers to an SSID and VLAN relationship without context.

C. × Incorrect: vlan ssid is incorrect because while it mentions VLANs and SSIDs, it incorrectly reverses their order and does not provide a valid command syntax.

D. × Incorrect: network-id mobility is incorrect because although it includes 'network-id', the correct full command requires 'mobility network-id vlan' to properly assign VLANs for mobility.

A. × Incorrect: MODULE-IDENTITY, OBJECT-TYPE, TEXTUAL-CONVENTION is incorrect because it includes OBJECT-TYPE and MODULE-IDENTITY which are not part of the SNMP-FRAMEWORK-MIB imports according to RFC 3411.

B. × Incorrect: snmpModules, OBJECT-GROUP, MODULE-COMPLIANCE is incorrect because snmpModules, OBJECT-GROUP, and MODULE-COMPLIANCE do not appear in the list of imported items specified by RFC 3411 for SNMP-FRAMEWORK-MIB.

C. × Incorrect: SNMPv2-SMI, OBJECT-TYPE, snmpFrameworkMIB is incorrect because while SNMPv2-SMI and OBJECT-TYPE are related to MIB definitions, they are not specifically listed as imports within the SNMP-FRAMEWORK-MIB according to RFC 3411.

D. ✓ Correct: TEXTUAL-CONVENTION, OBJECT-GROUP, SNMPv2-TC is correct because it accurately lists TEXTUAL-CONVENTION, OBJECT-GROUP, and SNMPv2-TC which are explicitly imported in the SNMP-FRAMEWORK-MIB definition per RFC 3411.

A. × Incorrect: Check for signal loss using an OTDR is incorrect because it involves Optical Time Domain Reflectometer (OTDR) which is used for fiber optic cable testing and not Ethernet cables.

B. × Incorrect: Verify the duplex settings between connected devices is incorrect because duplex settings are a configuration issue rather than a physical layer problem, which does not address the suspected connector issues.

C. ✓ Correct: Inspect the connectors on both ends of the cable for proper termination is correct because inspecting connectors ensures proper termination and absence of damage that can cause signal loss and intermittent connectivity in Ethernet connections.

D. × Incorrect: Run a network trace to identify packet loss is incorrect because running a network trace identifies software or higher-layer issues, not physical cable problems.

A. × Incorrect: IPsec is incorrect because it provides secure communication at the network layer but does not directly address endpoint-to-endpoint encryption and authentication in a Zero Trust environment.

B. ✓ Correct: TLS (Transport Layer Security) is essential for establishing secure connections between endpoints by providing critical encryption and authentication mechanisms necessary for securing communications.

C. × Incorrect: RADIUS is incorrect because it is used for network access control and authentication but does not provide the direct endpoint-to-endpoint security required in a Zero Trust architecture.

D. × Incorrect: MFA is incorrect because (Multi-Factor Authentication) enhances user identity verification but does not secure data transmission between endpoints.

A. × Incorrect: It increases the number of available IP addresses is incorrect because it increases address efficiency but does not directly reduce the consumption rate of IPv4 addresses.

B. ✓ Correct: It reduces the rate at which IPv4 address space is consumed by efficiently allocating IP blocks based on actual needs.

C. × Incorrect: It eliminates the need for subnet masks is incorrect because cIDR still requires subnet masks, just in a more flexible and efficient manner than traditional classful addressing.

D. × Incorrect: It allows for larger network sizes without segmentation is incorrect because it is CIDR, but it can create smaller subnets to manage network sizes better, it does not inherently allow for larger networks without segmentation.