Scroll down to see your responses and detailed results
Prepare for the CompTIA Network+ N10-008 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
A network administrator is investigating intermittent issues on a web application server. The administrator wants to capture packets on interface eth0 that are part of established TCP sessions, not the initial TCP handshakes. Which tcpdump command will correctly filter out packets that do not have the SYN flag set, ensuring that only established connections are monitored?
tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn) == 0'
tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn) != 0'
tcpdump -i eth0 'tcp'
tcpdump -i eth0 'tcp[tcpflags] & (tcp-ack) == 0'
The correct command to capture packets that are part of established TCP sessions is tcpdump -i eth0 'tcp[tcpflags] & (tcp-syn) == 0'
. This command uses a bitwise AND operator to inspect the TCP flags and checks if the SYN flag is not set. This captures packets that are not part of the initial TCP handshake, as required. The other options incorrectly filter the traffic, either capturing all TCP packets, only SYN packets, or only packets without ACK flag set, instead of filtering out SYN packets to focus on established connections. Understanding the TCP flag filtering is crucial when performing in-depth packet analysis.
Which mechanism do devices use to automatically configure their own network addresses on an IPv6 network based on router advertisements, negating the necessity for a server-based address allocation service?
Router Advertisement (RA)
Stateless address autoconfiguration (SLAAC)
Neighbor Discovery Protocol (NDP)
Address Resolution Protocol (ARP)
Stateless address autoconfiguration (SLAAC) enables an IPv6 network device to configure its own network interface addresses using a combination of locally available information and router advertisements. No manual configuration is needed, nor is there a requirement for another service, such as DHCP, to assign the addresses, making SLAAC pivotal for autonomic network address configuration in IPv6 networks.
Which of the following is a loopback address?
::0
00-21-86-5C-B4-6C
127.0.0.1
::127:0:0:1
127.0.0.1
is the IPv4 loopback address. Answer 00-21-86-5C-B4-6C
is a mac address, while the remaining answers are IPv6 addresses, in IPv6 the loopback is ::1
In computer networking, localhost is a hostname that refers to the current computer used to access it. The name localhost is reserved for loopback purposes. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware.
Localhost - Wikipedia, the free encyclopediaA network technician needs to measure the available bandwidth between two servers on the same network. Which tool is most appropriate for conducting a test to determine the performance of the network between the servers?
NetFlow analyzers
iperf
Wireshark
Ping
The correct answer is 'iperf' because it is specifically used for measuring the maximum bandwidth of the network, which can help in determining the performance between two points on a network. The other options presented are not intended primarily for bandwidth measurement. 'Wireshark' is used for packet analysis and capturing network traffic. 'Ping' is used for checking connectivity and response times, while 'NetFlow analyzers' are used to visualize network traffic flows for monitoring purposes.
An organization is facing an attack where multiple compromised systems are being used to flood their web servers with traffic, preventing legitimate users from accessing online services. Which of the following would BEST describe this type of attack?
A SYN flood attack targeting the TCP handshake process to consume server resources.
Traffic shaping configured incorrectly, leading to unintentional disruption of service.
A distributed denial-of-service attack where multiple systems are targeting the servers.
A denial-of-service attack emanating from a single IP address to block service availability.
A distributed denial-of-service (DDoS) attack involves multiple systems, which are often compromised, that flood the target system with network traffic to overwhelm resources and bandwidth, thereby disrupting service. While a DoS attack also disrupts service, it typically originates from a single source, making the option about a single IP less appropriate. Traffic shaping is a management technique and not an attack type, thus it is incorrect in this context. A SYN flood is a type of DDoS but the question describes a scenario involving multiple systems, which directly indicates a DDoS attack, making the general term more accurate in this context.
A network administrator is using an analysis protocol to gain insights into traffic traversing network devices, with the objective of detecting unusual traffic patterns and identifying potential threats. Which type of information should the administrator analyze to achieve this goal?
Endpoints of communication, timings, and application identifiers
Hardware addresses of endpoints
Mediums used to connect network components
Segmentation and tagging details of network traffic
The administrator should analyze flow records. These records typically consist of details like the endpoints communicating over the network, the time at which communications occurred, and the identifiers for the applications in use. This information is integral to traffic pattern analysis and threat detection, as it allows for the assessment of communication origins, destinations, and timing, which can reveal unusual or unauthorized activities. The information about the type of cable is not directly related to traffic flows and is more pertinent to network infrastructure assessments. The physical addresses, often referring to MAC addresses, are important for internal network configuration and troubleshooting but are less useful for identifying traffic patterns across larger IP networks. The configuration of VLANs is crucial for internal network segmentation but does not provide direct insights into the content or nature of the data flows.
An energy company utilizes a SCADA system for monitoring their power distribution network. They are updating their network infrastructure to improve communication reliability and data throughput. The network engineer has been asked to identify a network device that can segment network traffic to reduce broadcast domains and provide the best performance for the SCADA network components. Which device should the engineer recommend?
Layer 3 capable switch
Wireless LAN controller
Repeater
Hub
A Layer 3 capable switch is the correct choice because it can segment network traffic into different VLANs to reduce broadcast domains, and perform inter-VLAN routing without the need for an external router. This improves overall network performance and is suitable for a SCADA network where reliability and efficiency are critical. A hub cannot segment traffic and creates one large collision domain, leading to inefficiencies and potential network collisions. A wireless LAN controller is specifically designed to manage wireless access points, and is not applicable for segmenting wired SCADA network traffic. A repeater merely extends the signal but does not segment the traffic or reduce broadcast domains.
An organization has deployed several routers and switches within a secured server room. They want to ensure that any unauthorized physical access to these devices is immediately detected and reported. Which of the following solutions would provide the most effective tamper detection for this scenario?
Putting case locks on all hardware equipment
Using RFID tags on devices and scanning them regularly to check for unauthorized movements
Setting up CCTV with motion detection around the server racks
Installing an intrusion detection alarm system with sensors attached to the network devices
An intrusion detection alarm system is designed to detect unauthorized entry into a specific area or to compromise equipment. This system can incorporate multiple sensors that trigger an alarm when tampering is detected, making it the most comprehensive solution for detecting and reporting unauthorized physical access. CCTV with motion detection only records and possibly notifies of movement in the visual field, but without intrusion sensors, it doesn't specifically indicate tampering with the equipment. RFID tags simplify inventory management but do not alert to tampering events. A case lock secures the hardware but does not provide active monitoring or reporting if tampering occurs.
A network administrator is setting up a wireless local area network in a busy office space that already has multiple wireless networks. The administrator needs to configure the new wireless access points to minimize interference with existing networks. Considering the characteristics of the 2.4GHz frequency band, which of the following channels should the administrator choose to achieve this goal?
Channel 10
Channel 3
Channel 5
Channel 1, 6, or 11
The 2.4GHz frequency band is divided into multiple channels, each 22 MHz wide, with only channels 1, 6, and 11 being non-overlapping in many regulatory regions. Using non-overlapping channels prevents interference between wireless networks operating in close physical proximity. Therefore, the network administrator should choose either channel 1, 6, or 11, based on which is least used by the existing networks, to minimize the chances of interference.
Which protocol provides centralized authentication, authorization, and accounting services for users who are attempting to gain access to network resources and uses TCP port 49?
RADIUS
LDAP
Kerberos
TACACS+
TACACS+ is designed to provide a centralized authentication mechanism for users accessing network devices and services. It works on TCP port 49, ensuring reliable transport. Unlike RADIUS, which typically uses UDP, TACACS+ uses TCP, thus providing a connection-oriented protocol that guarantees the delivery of packets.
A Krone punchdown block can be used interchangeably with a 110 punchdown tool without any impact on the quality of the connection.
True
False
This statement is false because Krone and 110 punchdown blocks have different design specifications and thus often require their specific tools for proper wire termination. Using a 110 punchdown tool on a Krone block can result in poor connections and may damage the block or the tool.
Which Windows command line utility will use ICMP echo/reply packets to test a connection to a remote host?
ping
nslookup
netstat
dxdiag
The Windows ping command uses ICMP (Internet Control Message Protocol) echo request to reach a target IP, then the host will reply with an ICMP Reply.
ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software. Ping measures the round-trip time for messages sent from the originating host to a destination computer that are echoed back to the source. The name comes from active sonar terminology that sends a pulse of sound and listens for the echo to detect objects under water.Ping operates by means of Internet Control Message Protocol (ICMP) packets. Pinging involves sending an ICMP echo request to the target host and waiting for an ICMP echo reply. The program reports errors, packet loss, and a statistical summary of the results, typically including the minimum, maximum, the mean round-trip times, and standard deviation of the mean. The command-line options of the ping utility and its output vary between the numerous implementations. Options may include the size of the payload, count of tests, limits for the number of network hops (TTL) that probes traverse, interval between the requests and time to wait for a response. Many systems provide a companion utility ping6, for testing on Internet Protocol version 6 (IPv6) networks, which implement ICMPv6.
Ping (networking utility) - Wikipedia, the free encyclopediaDuring a routine network maintenance check, you notice an increase in complaints about network slowdown from a department that had no issues the previous week. What is one of the first steps you should take in troubleshooting this issue?
Check if there have been any recent changes to the network configuration, devices, or infrastructure in that department
Advise the department to stop using the internet until the issue is resolved
Increase the bandwidth limit for the affected department
Replace all the network cables in the department
Identifying any changes that have occurred is critical in troubleshooting network issues. Changes can include software or hardware updates, configuration adjustments, or new installations that could a potential cause for the observed network slowdown.
A company is looking to increase network availability by ensuring that in case a single switch fails, the network will still remain operational without a significant performance decrease. Which solution is BEST recommended for this scenario?
Replace existing switch power supplies with higher-rated ones to ensure uninterrupted power delivery.
Use switches in a stacked configuration to work as a single switch unit.
Implement Spanning Tree Protocol to prevent switching loops.
Install a protocol analyzer on the network to identify potential switch faults.
Using switches in a stacked configuration is the recommended solution because it allows for multiple switches to be configured and managed as a single entity, providing redundancy. If one switch within the stack fails, the rest of the switches continue to operate, thus maintaining network availability. The implementation of Spanning Tree Protocol, while useful for preventing loops, does not itself provide redundancy for switch failure. The addition of a protocol analyzer improves monitoring capabilities but does not offer resilience against hardware failure. Installing a higher-rated power supply enhances power delivery and reliability but does not address switch redundancy.
A network device designed to manage the distribution of a network's workload between near-identical resources is called:
Router
DNS Server
Load Balancer
Firewall
A Load Balancer is a network device that distributes workloads between different resources like servers, routers and switches. For example, a large website may use a Load Balancer and multiple identical web servers to prevent from overloading a single device.
In computing, load balancing is the process of distributing a set of tasks over a set of resources (computing units), with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle. Load balancing is the subject of research in the field of parallel computers. Two main approaches exist: static algorithms, which do not take into account the state of the different machines, and dynamic algorithms, which are usually more general and more efficient but require exchanges of information between the different computing units, at the risk of a loss of efficiency.
Load_balancing_(computing) - Wikipedia, the free encyclopediaLooks like that's it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features