CompTIA Network+ Question A-69

A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. Which of the following options would satisfy these requirements?

A. Add a router and enable OSPF.
B. Add a layer 3 switch and create a VLAN.
C. Add a bridge between two switches.
D. Add a firewall and implement proper ACL.

Correct Answer: B

Explanation:
We can limit the amount of broadcast traffic on a switched network by dividing the computers into logical network segments called VLANs.
A virtual local area network (VLAN) is a logical group of computers that appear to be on the same LAN even if they are on separate IP subnets. These logical subnets are configured in the network switches. Each VLAN is a broadcast domain meaning that only computers within the same VLAN will receive broadcast traffic.
To allow different segments (VLAN) to communicate with each other, a router is required to establish a connection between the systems. We can use a network router to route between the VLANs or we can use a ‘Layer 3’ switch. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.

CompTIA Network+ Question A-65

A malicious student is blocking mobile devices from connecting to the internet when other students are in the classroom. Which of the following is the malicious student implementing?

A. Removing the AP from the classroom
B. ACL
C. Jamming
D. Firewall
E. IPS

Correct Answer: C

CompTIA Network+ Question A-48

A technician is attempting to resolve an issue with users on the network not being able to access websites. The technician pings the default gateway and DNS servers successfully. Pinging a website by URL is unsuccessful but using a known IP address is successful. Which of the following will resolve the issue?

A. Update the HOST file with the URLs for all websites
B. Use NSLOOKUP to resolve URLs
C. Ensure ICMP messages can pass through the firewall
D. Enable port 53 on the firewall

Correct Answer: D

CompTIA Network+ Question A-45

When configuring a new server, a technician requests that an MX record be created in DNS for the new server, but the record was not entered properly. Which of the following was MOST likely installed that required an MX record to function properly?

A. Load balancer
B. FTP server
C. Firewall DMZ
D. Mail server

Correct Answer: D

Explanation:
A mail exchanger record (MX record) is a DNS record used by email servers to determine the name of the email server responsible for accepting email for the recipient’s domain.
For example a user sends an email to recipient@somedomain.com. The sending user’s email server will query the somedomain.com DNS zone for an MX record for the domain. The MX record will specify the hostname of the email server responsible for accepting email for the somedomain.com domain, for example, mailserver.somedomain.com. The sending email server will then perform a second DNS query to resolve mailserver.somedomain.com to an IP address. The sending mail server will then forward the email to the destination mail server.

CompTIA Network+ Question A-43

After connecting a workstation directly to a small business firewall, a network administrator is trying to manage it via HTTPS without losing its stored configuration. The only two pieces of information that the network administrator knows about the firewall are the management interface MAC address, which is 01:4a:d1:fa:b1:0e, and the administrator’s password. Which of the following will allow the administrator to log onto the firewall via HTTPS if the management’s IP address is unknown and the administrator’s workstation IP address is 192.168.0.10/23?

A. Use the reset button on the back of the firewall to restore it to its factory default, and then log onto
B. Run the following command on the administrator’s workstation: arp –s 192.168.1.200 01:4a:d1:fa:b1:0e
C. Use an SNMP tool to query the firewall properties and determine the correct management IP address
D. Use a crossover cable to connect to the console port and reconfigure the firewall management IP to 192.168.0.1

Correct Answer: B

Explanation:
Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses. The arp –s command adds a static permanent address to the ARP cache. This will allow the administrator to access the firewall.

CompTIA Network+ Question A-35

Which of the following devices should a network administrator configure on the outermost part of the network?

A. Media converter
B. Switch
C. Modem
D. Firewall

Correct Answer: D

CompTIA Network+ Question A-18

A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACL should the technician configure? (Select TWO)

A. PERMIT SRCIP 192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
B. PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80
C. PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY
D. PERMIT SRCIP: ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
E. PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:ANY DPORT:80

Correct Answer: B

CompTIA Network+ Question A-17

Which of the following devices implements CSMA/CA virtually through the RTS/CTS protocols?

A. Firewall
B. Router
C. 802.11 AP
D. Switch

Correct Answer: C

Explanation:
802.11 AP is a Wireless Access Point used in a wireless network.
If two computers on a network send data frames at the same time, a collision between the frames can occur. The frames are then discarded and the sending computers will attempt to send the data again.
Carrier sense multiple access with collision avoidance (CSMA/CA) is a protocol used in wireless networks where computers connected to the wireless network attempt to avoid collisions by transmitting data only when the channel is sensed to be “idle”. Carrier Sense Multiple Access/Collision Detect (CSMA/CD) is unreliable in wireless networks because computers connected to the wireless network often cannot see each other so CSMA/CA is a better option for avoiding collisions.
Request to Send/Clear to Send (RTS/CTS) can also be used to mediate access to the wireless network. This goes some way to alleviating the problem of computers not being able to see each other because in a wireless network, the Wireless Access Point only issues a “Clear to Send” to one node at a time.
With RTS/CTS, a Request to Send (RTS) packet is sent by the sending computer, and a Clear to Send (CTS) packet is sent by the intended receiver. This will alert all computers within range of the sender, receiver or both, to not transmit for the duration of the transmission. This is known as the IEEE 802.11 RTS/CTS exchange.

CompTIA Network+ Question A-11

A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. Which of the following could the technician do to fix this issue while causing internal users to route to the website using an internal address?

A. Configure NAT on the firewall
B. Implement a split horizon DNS
C. Place the server in the DMZ
D. Adjust the proper internal ACL

Correct Answer: B

Explanation:
Split horizon DNS (also known as Split Brain DNS) is a mechanism for DNS servers to supply different DNS query results depending on the source of the request. This can be done by hardware-based separation but is most commonly done in software.
In this question, we want external users to be able to access the website by using a public IP address. To do this, we would have an external facing DNS server hosting a DNS zone for the website domain. For the internal users, we would have an internal facing DNS server hosting a DNS zone for the website domain. The external DNS zone will resolve the website URL to an external public IP address. The internal DNS server will resolve the website URL to an internal private IP address.

CompTIA Network+ Question A-1

A company has decided to update their usage policy to allow employees to surf the web unrestricted from their work computers. Which of the following actions should the IT security team implement to help protect the network from attack as a result of this new policy?

A. Install host-based anti-malware software
B. Implement MAC filtering on all wireless access points
C. Add an implicit deny to the core router ACL
D. Block port 80 outbound on the company firewall
E. Require users to utilize two-factor authentication

Correct Answer: A

Explanation:
To protect the computers from employees installing malicious software they download on the internet, antimalware should be run on all systems.
After a single machine in a company is compromised and is running malicious software (malware), the attacker can then use that single computer to proceed further into the internal network using the compromised host as a pivot point. The malware may have been implemented by an outside attacker or by an inside disgruntled employee.