CompTIA Security+ Question C-62

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

A. Implicit deny
B. VLAN management
C. Port security
D. Access control lists

Answer: D

Explanation:
In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server.

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

CompTIA Security+ Question A-96

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

A. UDP
B. IPv6
C. IPSec
D. VPN

Answer: B

Explanation:
ARP is not used in IPv6 networks. The Address Resolution Protocol (ARP) is a telecommunication protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP is used for converting a network address (e.g. an IPv4 address) to a physical address like an Ethernet address (also named a MAC address). In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).

CompTIA Security+ Question A-39

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

A. HIPS
B. Antivirus
C. NIDS
D. ACL

Answer: A

Explanation:
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system.

CompTIA Network+ Question C-79

The network install is failing redundancy testing at the MDF. The traffic being transported is a mixture of multicast and unicast signals. Which of the following would BEST handle the rerouting caused by the disruption of service?

A. Layer 3 switch
B. Proxy server
C. Layer 2 switch
D. Smart hub

Correct Answer: A

Explanation:
The question states that the traffic being transported is a mixture of multicast and unicast signals. There are three basic types of network transmissions: broadcasts, which are packets transmitted to every node on the network; unicasts, which are packets transmitted to just one node; and multicasts, which are packets transmitted to a group of nodes. Multicast is a layer 3 feature of IPv4 & IPv6. Therefore, we would need a layer 3 switch (or a router) to reroute the traffic. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.

CompTIA Network+ Question B-1

A network administrator is using a packet analyzer to determine an issue on the local LAN. Two separate computers are showing an error message on the screen and are unable to communicate with other computers in the same lab. The network administrator looks at the following output:

SRC MAC SRC IP DST MAC DST IP
00:1D:1F:AB:10:7D192.168.1.10:200015:BE:9F:AB:10:1D192.168.1.14:1200
05:DD:1F:AB:10:27192.168.1.10:100022:C7:2F:AB:10:A2192.168.1.15:1300

Given that all the computers in the lab are directly connected to the same switch, and are not using any virtualization technology, at which of the following layers of the OSI model is the problem occurring?

A. Network
B. Application
C. Data link
D. Transport

Correct Answer: A

Explanation:
If we look at the Source Mac column, we can see two different MAC addresses. Every network interface card has a unique MAC address. These are the network cards in the two separate computers.
If we look in the Source IP column, we can see that the two network cards have been assigned the same IP address (192.168.1.10). This is the problem in this question. The error message on the screens will be saying that “An IP conflict exists”. Every network card connected to the network needs to be configured with a different IP address.
As the problem is with the IP address configuration of the two computers, we know that the problem is occurring at the Network layer (layer 3) of the OSI model. The network layer is responsible for Internet Protocol (IP) addressing and routing.

CompTIA Network+ Question A-69

A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. Which of the following options would satisfy these requirements?

A. Add a router and enable OSPF.
B. Add a layer 3 switch and create a VLAN.
C. Add a bridge between two switches.
D. Add a firewall and implement proper ACL.

Correct Answer: B

Explanation:
We can limit the amount of broadcast traffic on a switched network by dividing the computers into logical network segments called VLANs.
A virtual local area network (VLAN) is a logical group of computers that appear to be on the same LAN even if they are on separate IP subnets. These logical subnets are configured in the network switches. Each VLAN is a broadcast domain meaning that only computers within the same VLAN will receive broadcast traffic.
To allow different segments (VLAN) to communicate with each other, a router is required to establish a connection between the systems. We can use a network router to route between the VLANs or we can use a ‘Layer 3’ switch. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.

CompTIA Network+ Question A-39

When a client calls and describes a problem with a computer not being able to reach the Internet, in which of the following places of the OSI model would a technician begin troubleshooting?

A. Transport layer
B. Physical layer
C. Network layer
D. Session layer

Correct Answer: B

Explanation:
The bottom layer of the OSI reference model is Layer 1, the physical layer.
The physical layer is the layer that defines the hardware elements of a network. These elements include:
Network Interface Cards Network topology Network cabling
The type of signals used for data transmissions
When troubleshooting a network connectivity issue, the first thing you would check is the computer’s network cabling, the network card etc. In other words, the computer’s physical connection to the network.

CompTIA Network+ Question A-30

Which of the following protocols is used to encapsulate other network layer protocols such as multicast and IPX over WAN connections?

A. MPLS
B. ESP
C. GRE
D. PPP

Correct Answer: C