Prepare for the CompTIA Network+ N10-008 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
What type of authentication requires users to first enter their username and password and subsequently input a verification code sent via SMS?
TACACS+
Kerberos
Single Sign-On
Multi-factor Authentication
Multi-factor authentication is an authentication method where the user is required to prove their identity using multiple authentication methods like something you have, something you know, something you are, etc.
Multi-factor authentication (MFA; two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication.
Multi-factor_authentication - Wikipedia, the free encyclopediaLin, a network engineer, needs to troubleshoot a remote router within the WAN. Which of the following user authentications would be the BEST to implement?
MS-CHAP
Kerberos
TACACS+
PKI
TACACS+ is an open standard protocol developed by Cisco that is used to authenticate users across a network.
Terminal Access Controller Access-Control System (TACACS, ) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks including but not limited to the ARPANET, MILNET and BBNNET. It spawned related protocols: Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol. TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network. TACACS Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ has largely replaced its predecessors.
TACACS - Wikipedia, the free encyclopediaWhich of the following dynamic routing protocols uses a path vector mechanism and is often used between Internet Service Providers (ISPs) for routing between autonomous systems?
Enhanced Interior Gateway Routing Protocol (EIGRP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Routing Information Protocol (RIP)
Border Gateway Protocol (BGP) uses a path vector mechanism that includes the path of AS numbers that data travels, which is essential for maintaining a robust and loop-free interdomain routing between autonomous systems, making it a common choice among ISPs for this purpose.
A network administrator is setting up a new centralized authentication system for the company's multi-vendor network infrastructure. Security policies require individual accountability and the ability to implement command authorization based on roles. Which authentication protocol would BEST meet these requirements?
Terminal Access Controller Access-Control System Plus (TACACS+)
Remote Authentication Dial-In User Service (RADIUS)
Lightweight Directory Access Protocol (LDAP)
Kerberos
TACACS+ is a protocol that provides centralized authentication, authorization, and accounting (AAA) services for computers that communicate with a network. Unlike RADIUS, TACACS+ allows for separate and customizable command authorization for each user, which aligns with the security requirement for role-based command authorization. RADIUS also supports centralized authentication but lacks the granularity of per-command authorization.
Which of the following devices resides at the data link layer of the Open Systems Interconnections (OSI) model?
Repeater
Passive Hub
Router
Ethernet switch
Ethernet switch is in layer 2 (data link) of the OSI model, while repeater/hub are in layer 1 (physical), and router is layer 3 (network).
The data link layer, or layer 2, is the second layer of the seven-layer OSI model of computer networking. This layer is the protocol layer that transfers data between nodes on a network segment across the physical layer. The data link layer provides the functional and procedural means to transfer data between network entities and may also provide the means to detect and possibly correct errors that can occur in the physical layer. The data link layer is concerned with local delivery of frames between nodes on the same level of the network. Data-link frames, as these protocol data units are called, do not cross the boundaries of a local area network. Inter-network routing and global addressing are higher-layer functions, allowing data-link protocols to focus on local delivery, addressing, and media arbitration. In this way, the data link layer is analogous to a neighborhood traffic cop; it endeavors to arbitrate between parties contending for access to a medium, without concern for their ultimate destination. When devices attempt to use a medium simultaneously, frame collisions occur. Data-link protocols specify how devices detect and recover from such collisions, and may provide mechanisms to reduce or prevent them. Examples of data link protocols are Ethernet, the IEEE 802.11 WiFi protocols, ATM and Frame Relay. In the Internet Protocol Suite (TCP/IP), the data link layer functionality is contained within the link layer, the lowest layer of the descriptive model, which is assumed to be independent of physical infrastructure.
Data_link_layer - Wikipedia, the free encyclopediaWhat are Management Information Bases commonly utilized for in network management systems?
Encrypting data traffic between SNMP managers and network devices.
Directly managing user authentication processes on network devices.
Physically altering network configurations and settings in real-time.
Storing structured information about network device objects for access and management via SNMP protocols.
Management Information Bases are used for storing structured information about all the managed objects on a network device. These objects could include configurations, statistics, and control information. Each MIB object is assigned a unique Object Identifier (OID) which can be used by an SNMP manager to retrieve or set the object's value on a managed device. The incorrect answers are misleading because while SNMP can carry out the actions described, the MIBs themselves are not the mechanisms that execute the actions; they simply hold the information.
A company has decided to decommission a batch of old servers that contain sensitive client information. As part of the decommissioning process, the company wants to ensure that the data cannot be recovered after disposal. Which of the following methods should be employed to sanitize the servers before disposal?
Physically destroy the storage devices
Reformat the storage drives
Overwrite drives with non-sensitive data
Delete all partitions on the hard drives
Physically destroying the storage devices is the most secure method of data sanitization because it physically shreds or pulverizes the drives, making data recovery nearly impossible. Simply reformatting drives or deleting partitions would not be secure as specialized software can be used to recover the information. Overwriting with non-sensitive data is a method of data wiping, but it is not as secure as physical destruction, especially for sensitive data that demands the highest level of security.
You are troubleshooting the connectivity of a Windows desktop. You go into command-line and you want to pull up the TCP/IP protocol information for the device. What command would get you the information?
hostname
ping
arp
ipconfig
The ipconfig command within the command-line interface will show all current TCP/IP configuration information for the device it is ran on. Microsoft Windows is one of the operating systems that support that command.
ipconfig (standing for "Internet Protocol configuration") is a console application program of some computer operating systems that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings.
Ipconfig - Wikipedia, the free encyclopediaA medium-sized company wants to maintain control over their sensitive data but also wishes to utilize cloud resources for some of their services, such as CRM and email. Which deployment model should they implement to best serve their needs while keeping critical data on-premises?
Private cloud
Dual cloud
Public cloud
On Premise Cloud
BYOD
Hybrid cloud
The hybrid cloud model is the most appropriate solution for the scenario because it allows a company to retain sensitive data on-premises while also utilizing public cloud services for less-critical applications. This provides the flexibility of the cloud and maintains the security of sensitive data within the company's control.
What term best supports a network technician's reason for setting up redundant infrastructure?
Virtual Private Compute (VPC) Networks
Quality of Service
Bandwidth shaping
Fault tolerance
In a fault-tolerant network infrastructure, multiple layers of redundancy and mechanisms are put in place to minimize the impact of potential failures. The goal is to create a network architecture that can gracefully handle faults without causing significant downtime or compromising data integrity.
Fault tolerance is the resilient property that enables a system to continue operating properly in the event of failure or major dysfunction in one or more of its components. If its operating quality decreases at all, the decrease is proportional to the severity of the failure, as compared to a naively designed system, in which even a small failure can lead to total breakdown. Fault tolerance is particularly sought after in high-availability, mission-critical, or even life-critical systems. The ability of maintaining functionality when portions of a system break down is referred to as graceful degradation.A fault-tolerant design enables a system to continue its intended operation, possibly at a reduced level, rather than failing completely, when some part of the system fails. The term is most commonly used to describe computer systems designed to continue more or less fully operational with, perhaps, a reduction in throughput or an increase in response time in the event of some partial failure. That is, the system as a whole is not stopped due to problems either in the hardware or the software. An example in another field is a motor vehicle designed so it will continue to be drivable if one of the tires is punctured, or a structure that is able to retain its integrity in the presence of damage due to causes such as fatigue, corrosion, manufacturing flaws, or impact. Within the scope of an individual system, fault tolerance can be achieved by anticipating exceptional conditions and building the system to cope with
Fault_tolerance - Wikipedia, the free encyclopediaA group of developers are working on a confidential software product. Which agreement would the company have them sign to attempt to ensure the developers doesn’t release any information about the software?
MOU
SLA
SOP
NDA
A non-disclosure agreement (NDA) is an agreement between 2 or more parties where it is agreed upon that certain information will only be shared amongst the parties but not with anyone else.
A non-disclosure agreement (NDA), also known as a confidentiality agreement (CA), confidential disclosure agreement (CDA), proprietary information agreement (PIA), or secrecy agreement (SA), is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to. Doctor–patient confidentiality (physician–patient privilege), attorney–client privilege, priest–penitent privilege and bank–client confidentiality agreements are examples of NDAs, which are often not enshrined in a written contract between the parties. It is a contract through which the parties agree not to disclose any information covered by the agreement. An NDA creates a confidential relationship between the parties, typically to protect any type of confidential and proprietary information or trade secrets. As such, an NDA protects non-public business information. Like all contracts, they cannot be enforced if the contracted activities are illegal. NDAs are commonly signed when two companies, individuals, or other entities (such as partnerships, societies, etc.) are considering doing business and need to understand the processes used in each other's business for the purpose of evaluating the potential business relationship. NDAs can be "mutual", meaning both parties are restricted in their use of the materials provided, or they can restrict the use of material by a single party. An employee can be required to sign an NDA or NDA-like agreement with an employer, protecting trade secrets. In fact, some employment agreements include a clause restricting employees' use and dissemination of
Non-disclosure_agreement - Wikipedia, the free encyclopediaWhen using the show route
command on a router, what information are you most likely seeking?
To display the device's routing table.
To view the device's configuration file.
To examine the device's physical port states.
To show the list of firewall rules currently applied.
The show route
command is primarily used to display the device's routing table. The routing table contains the paths the router knows about to direct network traffic to various destinations. It lists the routes to particular network destinations and the distance or metric of each route, helping with troubleshooting connectivity issues by ensuring that routes to specific destinations exist and are correctly entered.
If you observe a green padlock and a check mark next to your bank's URL in your browser, signifying that a TLS-secured connection has been established, which port has most likely been used for the connection?
80
344
443
8080
Hypertext Transfer Protocol Secure (HTTPS) uses port 443 while HTTP uses port 80.
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL. The principal motivations for HTTPS are authentication of the accessed website and protection of the privacy and integrity of the exchanged data while it is in transit. It protects against man-in-the-middle attacks, and the bidirectional block cipher encryption of communications between a client and server protects the communications against eavesdropping and tampering. The authentication aspect of HTTPS requires a trusted third party to sign server-side digital certificates. This was historically an expensive operation, which meant fully authenticated HTTPS connections were usually found only on secured payment transaction services and other secured corporate information systems on the World Wide Web. In 2016, a campaign by the Electronic Frontier Foundation with the support of web browser developers led to the protocol becoming more prevalent. HTTPS is now used more often by web users than the original, non-secure HTTP, primarily to protect page authenticity on all types of websites, secure accounts, and keep user communications, identity, and web browsing private.
HTTPS - Wikipedia, the free encyclopediaAn enterprise network administrator has been notified by multiple users that they have been redirected to malicious websites despite entering the correct URLs. Upon investigation, it was discovered that the local DNS server's cache may have been poisoned. Which of the following actions should the network administrator prioritize to mitigate this issue?
Change the local DNS server's cache settings to refuse responses from unauthorized or external sources.
Implement DNSSEC for all DNS queries.
Flush the DNS cache on all affected machines.
Immediately switch to a different DNS provider.
Changing the local DNS server cache settings to refuse responses from unauthorized or unknown external sources is fundamental in mitigating a DNS cache poisoning attack. It prevents the server from accepting malicious redirect information. Implementing DNSSEC adds a layer of validation that can help protect against this attack, but it's an additional step following the primary action of securing the cache. Flushing the DNS cache will temporarily remove the malicious entries, but without addressing the cache settings, the server remains susceptible to another attack. Switching DNS providers may resolve the issue temporarily but doesn't address the vulnerability in the configuration.
What term is used to describe Ethernet frames that are smaller than the minimum size requirement of 64 bytes and are therefore considered a type of network error?
Runts
Collisions
Giants
Checksum errors
Runts are frames that do not meet the minimum size requirement of 64 bytes for Ethernet frames. They are typically generated by collisions or other problems on the network and can be an indication of a malfunctioning network interface card (NIC) or cabling issues.
Looks like thats it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features