Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server B. Install a DHCP server on the authentication server C. Install an encryption key on the authentication server D. Install a digital certificate on the authentication server
Explanation: When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode —which should be used by businesses and organizations—and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key management, and supports other enterprise-type functionality, such as VLANs and NAP. However, it requires an external authentication server, called a Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X authentication of users.
To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X, here’s the basic overall steps: Choose, install, and configure a RADIUS server, or use a hosted service.
Create a certificate authority (CA), so you can issue and install a digital certificate onto the RADIUS server, which may be done as a part of the RADIUS server installation and configuration. Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS, you’d also create digital certificates for each end-user. On the server, populate the RADIUS client database with the IP address and shared secret for each AP. On the server, populate user data with usernames and passwords for each end-user. On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP address and the shared secret you created for that particular AP. On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 802.1X authentication settings.
A network technician receives a call from a use who is experiencing network connectivity issues. The network technician questions the user and learns the user brought in a personal wired router to use multiple computers and connect to the network. Which of the following has the user MOST likely introduced to the network?
A. Rogue DHCP server B. Evil twin C. VLAN mismatch D. Honeypot
While troubleshooting a connectivity issue, a network technician determines the IP address of a number of workstations is 169.254.0.0/16 and the workstations cannot access the Internet. Which of the following should the technician check to resolve the problem?
A. Default gateway address B. Misconfigured DNS C. DHCP server D. NIC failure
Correct Answer: C
Explanation: If a DHCP server fails, the workstations are assigned an address from the 169.254.0.0 address range by Automatic Private IP Addressing (APIPA). APIPA also configures a suitable subnet mask, but it doesn’t configure the system with a default gateway address. This allows communication on the local network, but not externally.
While troubleshooting, a technician notices that some clients using FTP still work and that pings to the local router and servers are working. The technician tries to ping all known nodes on the network and they reply positively, except for one of the servers. The technician notices that ping works only when the host name is used but not when FQDN is used. Which of the following servers is MOST likely down?
A. WINS server B. Domain controller C. DHCP server D. DNS server
A network technician has detected duplicate IP addresses on the network. After testing the behavior of rogue DHCP servers, the technician believes that the issue is related to an unauthorized home router. Which of the following should the technician do NEXT in the troubleshooting methodology?
A. Document the findings and action taken. B. Establish a plan to locate the rogue DHCP server. C. Remove the rogue DHCP server from the network. D. Identify the root cause of the problem.
Correct Answer: B
Explanation: By testing the behavior of rogue DHCP servers and determining that the issue is related to an unauthorized home router, the technician has completed the third step in the 7-step troubleshooting process. The next step is to establish a plan of action to resolve the problem and identify potential effects. Establishing a plan to locate the rogue DHCP server meets the requirements of this step. 1. Identify the problem. Information gathering. Identify symptoms. Question users. Determine if anything has changed. 2. Establish a theory of probable cause. Question the obvious. 3. Test the theory to determine cause: When the theory is confirmed, determine the next steps to resolve the problem. If theory is not confirmed, re-establish a new theory or escalate. 4. Establish a plan of action to resolve the problem and identify potential effects. 5. Implement the solution or escalate as necessary. 6. Verify full system functionality and if applicable implement preventive measures. 7. Document findings, actions, and outcomes.
A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. Which of the following is MOST likely the source of the problem?
A. 802.1q is not configured on the switch port B. APIPA has been misconfigured on the VLAN C. Bad SFP in the PC’s 10/100 NIC D. OS updates have not been installed
Correct Answer: A
Explanation: APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is that switch port, to which the computer is connected, is misconfigured. The 802.1q protocol is used to configure VLAN trunking on switch ports.
A host has been assigned the address 169.254.0.1. This is an example of which of the following address types?
A. APIPA B. MAC C. Static D. Public
Correct Answer: A
Explanation: APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client when a DHCP server is unavailable. When a client computer configured to use DHCP boots up, it first looks for a DHCP server to provide the client with IP address and subnet mask. If the client is unable to contact a DHCP server, it uses APIPA to automatically configure itself with an IP address from a range that has been reserved especially for Microsoft. The client also configures itself with a default class B subnet mask of 255.255.0.0. The client will use the self-configured IP address until a DHCP server becomes available.
Peter, a network technician, is setting up a DHCP server on a LAN segment. Which of the following options should Peter configure in the DHCP scope, in order to allow hosts on that LAN segment using dynamic IP addresses, to be able to access the Internet and internal company servers? (Select THREE).
A. Default gateway B. Subnet mask C. Reservations D. TFTP server E. Lease expiration time of 1 day F. DNS servers G. Bootp
Correct Answer: ABF
Explanation: The question states that the client computers need to access the Internet as well as internal company servers. To access the Internet, the client computers need to be configured with an IP address with a subnet mask (answer B) and the address of the router that connects the company network to the Internet. This is known as the ‘default gateway’ (answer A). To be able to resolve web page URLs to web server IP addresses, the client computers need to be configured with the address of a DNS server (answer F).
A network DHCP server crashes and has to be rebuilt from scratch. Shortly afterwards many users report an “Address Conflict” alert on their computers. Which of the following tools should the users run to help fix this issue?
A critical server was replaced by the IT staff the previous night. The following morning, some users are reporting that they are unable to browse to the Internet upon booting their workstations. Users who did not shut down their workstations the previous day are able to connect to the Internet. A technician looks at the following report from a workstation with no Internet connectivity: IP Address: 192.168.1.101 Netmask: 255.255.255.0 DHCP Server: 192.168.1.1DNS Server: 192.168.1.2 Default Gateway: 192.168.1.1 Given the above report, which of the following is the cause of why some workstations are unable to browse the Internet?
A. The workstation has an APIPA address. B. The DHCP server is unavailable. C. The default gateway router is misconfigured. D. The DHCP server is misconfigured.