CCNA CyberOps Associate Exam Answers


CCNA (Version 7.00) Modules 5 – 10: Network Fundamentals Group Exam (Answers)


                                            

              

1. Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
a) It is easier to use than other operating systems.
b) More network applications are created for this environment.
c) It is more secure than other server operating systems.
d) The administrator has more control over the operating system.

Solution: d) The administrator has more control over the operating system.
Explanation: There are several reasons why Linux is a good choice for the SOC. Linux is open source. The command line interface is a very powerful environment. The user has more control over the operating system. Linux allows for better network communication control.

2. Which two methods can be used to harden a computing device? (Choose two.)
a) Allow default services to remain enabled.
b) Allow USB auto-detection.
c) Enforce the password history mechanism.
d) Update patches on a strict annual basis irrespective of release date.
e) Ensure physical security.

Solution: c) Enforce the password history mechanism. e) Ensure physical security.
Explanation: The basic best practices for device hardening are as follows: Ensure physical security. Minimize installed packages. Disable unused services. Use SSH and disable the root account login over SSH. Keep the system updated. Disable USB auto-detection. Enforce strong passwords. Force periodic password changes. Keep users from reusing old passwords. Review logs regularly.

3. Which Linux command can be used to display the name of the current working directory?
a) sudo
b) ps
c) pwd
d) chmod

Solution: c) pwd
Explanation: One of the most important commands in Linux is the pwd command, which stands for print working directory. It shows users the physical path for the directory they are working in.

4. Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file?
AD
ls –l analyst.txt
-rwxrw-r-- sales staff 1028 May 28 15:50 analyst.txt
a) write only
b) read, write
c) read only
d) read, write, execute

Solution: d) read, write, execute
Explanation: The file permissions are always displayed in the User Group and Other order. In the example displayed, the file has the following permissions: The dash ( – ) means that this is a file. For directories, the first dash would replaced with a “d”. The first set of characters is for user permission (rwx). The user, sales, who owns the file can read, write and execute the file. The second set of characters is for group permissions (rw-). The group, staff, who owns the file can read and write to the file. The third set of characters is for any other user or group permissions (r–). Any other user or group on the computer can only read the file.

5. A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?
a) system viewer
b) file viewer
c) package management tool
d) terminal emulator

Solution: d) terminal emulator
Explanation: A terminal emulator is an application program a user of Linux can use in order to access the CLI environment.

6. What is the well-known port address number used by DNS to serve requests?
a) 25
b) 53
c) 110
d) 60

Solution: b) 53
Explanation: Port numbers are used in TCP and UDP communications to differentiate between the various services running on a device. The well-known port number used by DNS is port 53.

7. Which user can override file permissions on a Linux computer?
a) any user that has ‘group’ permission to the file
b) only the creator of the file
c) any user that has ‘other’ permission to the file
d) root user

Solution: d) root user
Explanation: A user has as much rights to a file as the file permissions allow. The only user that can override file permission on a Linux computer is the root user. Because the root user has the power to override file permissions, the root user can write to any file.

8. Match the commonly used ports on a Linux server with the corresponding service.
SMTP: 25
DNS: 53
HTTPS: 443
SSH: 22
TELNET: 23

1. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?
a) private
b) public
c) network
d) wireless

Solution: a) private

Explanation: In setting up the wireless network in a small office, it is a best practice to use private IP addressing because of the flexibility and easy management it offers.

2. Which two parts are components of an IPv4 address? (Choose two.)
a) logical portion
b) host portion
c) broadcast portion
d) subnet portion
e) network portion
f) physical portion

Solution: b) host portion and e) network portion

Explanation: An IPv4 address is divided into two parts: a network portion – to identify the specific network on which a host resides, and a host portion – to identify specific hosts on a network. A subnet mask is used to identify the length of each portion.

3. Match each IPv4 address to the appropriate address category. (Not all options are used.)
AD
host address:
192.168.100.161/25
203.0.113.100/24
network address:
10.10.10.128/25
172.110.12.64/28
broadcast address:
192.168.1.191/26
10.0.0.159/27

Solution: See explanation below.

Explanation: To determine whether a given IPv4 address is a network, host, or broadcast address, first determine the address space based on the subnet mask. Convert the address and mask to binary values, then perform the ANDing function to determine the network address. To calculate the of the address space, use the number of host bits in the subnet mask as an exponent of 2. The number of valid host addresses in the space is that number minus 2. The network address will have all zeroes in the host portion, and the broadcast address will have all ones. For example, 10.0.50.10/30 yields a network IP address of 10.0.50.8 when the mask is ANDed with the given address. Because there are only 2 host bits in the mask, there are only 2 valid host IP addresses (4-2). 10.0.50.10 is one of the two valid host IP addresses.

4. What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?
a) 2001:4200:5900:0:1:0:0:a000
b) 2001:0420:0059:0000:0001:0000:000a
c) 2001:0420:0059:0000:0001:000a
d) 2001:0420:0059:0000:0001:0000:0000:000a
e) 2001:420:59:0:1:0:0:a
f) 2001:4200:5900:0000:1000:0000:0000:a000

Solution: c) 2001:0420:0059:0000:0001:000a

Explanation: To decompress an IPv6 address, the two rules of compression must be reversed. Any 16-bit hextet that has less than four hex characters is missing the leading zeros that were removed. An IPv6 address should have a total of 8 groups of 16-bit hextets, a (::) can be replaced with consecutive zeros that were removed.

5. A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?
a) route print
b) ipconfig /all
c) netstat -r
d) arp -a

Solution: d) arp -a

Explanation: ARP is a protocol used with IPv4 to map a MAC address to an associated specific IP address. The command arp -a will display the MAC address table on a Windows PC.

6. A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?
a) the network domain of the destination host
b) the MAC address of the destination host
c) the IP address of the default gateway
d) the MAC address of the default gateway

Solution: b) the MAC address of the destination host

Explanation: A frame is encapsulated with source and destination MAC addresses. The source device will not know the MAC address of the remote host. An ARP request will be sent by the source and will be responded to by the router. The router will respond with the MAC address of its interface, the one which is connected to the same network as the source.

7. What addresses are mapped by ARP?
a) destination IPv4 address to the source MAC address
b) destination MAC address to a destination IPv4 address
c) destination MAC address to the source IPv4 address
d) destination IPv4 address to the destination host name

Solution: b) destination MAC address to a destination IPv4 address

Explanation: ARP, or the Address Resolution Protocol, works by mapping a destination MAC address to a destination IPv4 address. The host knows the destination IPv4 address and uses ARP to resolve the corresponding destination MAC address.

8. What type of information is contained in an ARP table?
a) domain name to IP address mappings
b) switch ports associated with destination MAC addresses
c) routes to reach destination networks
d) IP address to MAC address mappings

Solution: d) IP address to MAC address mappings

Explanation: ARP tables are used to store mappings of IP addresses to MAC addresses. When a network device needs to forward a packet, the device knows only the IP address. To deliver the packet on an Ethernet network, a MAC address is needed. ARP resolves the MAC address and stores it in an ARP table.

9. Match the characteristic to the protocol category. (Not all options are used.)
TCP:
a) 3-way handshake
b) window size

UDP:
c) connectionless
d) best for VoIP

Both UDP and TCP:
e) Port number
f) checksum

Solution:
TCP:
a) 3-way handshake
b) window size

UDP:
c) connectionless
d) best for VoIP

Both UDP and TCP:
e) Port number
f) checksum

Explanation: TCP uses 3-way handshaking as part of being able to provide reliable communication and window size to provide data flow control. UDP is a connectionless protocol that is great for video conferencing. Both TCP and UDP have port numbers to distinguish between applications and application windows and a checksum field for error detection.

10. What type of information is contained in a DNS MX record?
a) the IP address of an authoritative name server
b) the FQDN of the alias used to identify a service
c) the domain name mapped to mail exchange servers
d) the IP address for an FQDN entry

Solution: c) the domain name mapped to mail exchange servers

Explanation: MX, or mail exchange messages, are used to map a domain name to several mail exchange servers that all belong to the same domain.

11. Match the application protocols to the correct transport protocols.
TCP: FTP, HTTP, SMTP.
UDP: TFTP, DHCP.

Solution:
TCP: FTP, HTTP, SMTP.
UDP: TFTP, DHCP.

Explanation: FTP (File Transfer Protocol), HTTP (Hypertext Transfer Protocol), and SMTP (Simple Mail Transfer Protocol) are application layer protocols that use TCP for reliable data transmission. TFTP (Trivial File Transfer Protocol) and DHCP (Dynamic Host Configuration Protocol) are application layer protocols that use UDP for faster, connectionless communication.

12. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?
a) 1000 segments
b) 100 segments
c) 1 segment
d) 10 segments

Solution: d) 10 segments

Explanation: With a window of 1000 bytes, the destination host accepts segments until all 1000 bytes of data have been received. Then the destination host sends an acknowledgment.

13. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1. What does this code represent?
a) port unreachable
b) network unreachable
c) protocol unreachable
d) host unreachable

Solution: d) host unreachable

14. Which two commands can be used on a Windows host to display the routing table? (Choose two.)
a) netstat -r
b) show ip route
c) netstat -s
d) route print
e) tracert

Solution: a) netstat -r
d) route print


Explanation: On a Windows host, the route print or netstat -r commands can be used to display the host routing table. Both commands generate the same output. On a router, the show ip route command is used to display the routing table. The netstat -s command is used to display per-protocol statistics. The tracert command is used to display the path that a packet travels to its destination.

15. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2. What does this code represent?
a) host unreachable
b) port unreachable
c) network unreachable
d) protocol unreachable

Solution: c) network unreachable

Explanation: When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. The message will include a code that indicates why the packet could not be delivered. These are some of the Destination Unreachable codes for ICMPv4:
0: net unreachable
1: host unreachable
2: protocol unreachable
3: port unreachable

16. What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?
a) the ICMPv6 Router Solicitation
b) the DHCPv6 Advertise message
c) the DHCPv6 Reply message
d) the ICMPv6 Router Advertisement

Solution: d) the ICMPv6 Router Advertisement

Explanation: Before an IPv6 enabled interface will use stateful DHCPv6 to obtain an IPv6 address, the interface must receive an ICMPv6 Router Advertisement with the managed configuration flag (M flag) set to 1.

17. What is the purpose of ICMP messages?
a) to inform routers about network topology changes
b) to ensure the delivery of an IP packet
c) to provide feedback of IP packet transmissions
d) to monitor the process of a domain name to IP address resolution

Solution: c) to provide feedback of IP packet transmissions

Explanation: The purpose of ICMP messages is to provide feedback about issues that are related to the processing of IP packets.

18. Match the HTTP status code group to the type of message generated by the HTTP server.
client error: 4xx
redirection: 3xx
success: 2xx
informational: 1xx
server error: 5xx

Explanation: HTTP status codes are issued by a server in response to a client's request made to the server. They indicate the outcome of the request.

19. What network service uses the WHOIS protocol?
a) HTTPS
b) DNS
c) SMTP
d) FTP

Solution: b) DNS

Explanation: WHOIS is a TCP-based protocol that is used to identify the owners of internet domains through the DNS system.

20. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?
a) It sends a DHCPNAK and begins the DHCP process over again.
b) It accepts both DHCPOFFER messages and sends a DHCPACK.
c) It discards both offers and sends a new DHCPDISCOVER.
d) It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

Solution: d) It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

Explanation: If there are multiple DHCP servers in a network, it is possible for a client to receive more than one DHCPOFFER. In this scenario, the client will only send one DHCPREQUEST, which includes the server from which the client is accepting the offer.

21. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?
a) inside global
b) inside local
c) outside global
d) outside local

Solution: c) outside global

Explanation: From the perspective of users behind NAT, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.

22. Match each characteristic to the appropriate email protocol.
POP:
does not require a centralized backup solution.
mail is deleted as it is downloaded.
desirable for an ISP or large business.
IMAP:
download copies of messages to be the client.
original messages must be manually deleted.
requires a larger amount of disk space.

Explanation: Both POP and IMAP are used to retrieve email messages. SMTP is the default protocol used to send email. However, POP does not store messages and automatically deletes them as they are downloaded. A large business or ISP would prefer this, not a small business. It is the responsibility of the client to store and organize messages. IMAP requires a centralized backup because it stores all messages until they are manually deleted. This means that more disk space must be allocated to IMAP.

23. What is done to an IP packet before it is transmitted over the physical medium?
a) It is tagged with information guaranteeing reliable delivery.
b) It is segmented into smaller individual pieces.
c) It is encapsulated in a Layer 2 frame.
d) It is encapsulated into a TCP segment.

Solution: c) It is encapsulated in a Layer 2 frame.

Explanation: When messages are sent on a network, the encapsulation process works from the top of the OSI or TCP/IP model to the bottom. At each layer of the model, the upper layer information is encapsulated into the data field of the next protocol. For example, before an IP packet can be sent, it is encapsulated in a data link frame at Layer 2 so that it can be sent over the physical medium

24. Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?
a) segment
b) packet
c) frame
d) bits

Solution: a) segment

Explanation: At the transport layer, a host computer will de-encapsulate a segment to reassemble data to an acceptable format by the application layer protocol of the TCP/IP model.

25. Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?
a) peer-to-peer
b) client/server
c) master-slave
d) point-to-point

Solution: b) client/server

Explanation: In the client/server network model, a network device assumes the role of server in order to provide a particular service such as file transfer and storage. In the client/server network model, a dedicated server does not have to be used, but if one is present, the network model being used is the client/server model. In contrast, a peer-to-peer network does not have a dedicated server.

26. Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?
a) anycast
b) broadcast
c) unicast
d) multicast

Solution: d) multicast

Explanation: An anycast is used with IPv6 transmissions. A unicast is a transmission to a single host destination. A broadcast is a transmission sent to all hosts on a destination network.

27. Refer to the exhibit. PC1 attempts to connect to File_server1 and sends an ARP request to obtain a destination MAC address. Which MAC address will PC1 receive in the ARP reply?
a) the MAC address of the G0/0 interface on R2
b) the MAC address of S2
c) the MAC address of S1
d) the MAC address of File_server1
e) the MAC address of the G0/0 interface on R1

Solution: e) the MAC address of the G0/0 interface on R1

Explanation: PC1 must have a MAC address to use as a destination Layer 2 address. PC1 will send an ARP request as a broadcast and R1 will send back an ARP reply with its G0/0 interface MAC address. PC1 can then forward the packet to the MAC address of the default gateway, R1.

28. What is the result of an ARP poisoning attack?
a) Network clients are infected with a virus.
b) Network clients experience a denial of service.
c) Client memory buffers are overwhelmed.
d) Client information is stolen.

Solution: d) Client information is stolen.

Explanation: ARP poisoning is a technique used by an attacker to reply to an ARP request for an IPv4 address belonging to another device, such as the default gateway. The attacker, who is effectively doing an MITM attack, pretends to be the default gateway and sends an ARP reply to the transmitter of the ARP request. The receiver of the ARP reply will add the wrong MAC address to the ARP table and will send the packets to the attacker. Therefore, all traffic to the default gateway will funnel through the attacker device.

29. What is the function of the HTTP GET message?
a) to upload content to a web server from a web client
b) to retrieve client email from an email server using TCP port 110
c) to request an HTML page from a web server
d) to send error information from a web server to a web client

Solution: c) to request an HTML page from a web server

Explanation: There are three common HTTP message types: GET – used by clients to request data from the web server; POST – used by clients to upload data to a web server; PUT – used by clients to upload data to a web server

30. Which protocol is a client/server file sharing protocol and also a request/response protocol?
a) FTP
b) UDP
c) TCP
d) SMB

Solution: d) SMB

Explanation: The Server Message Block (SMB) is a client/server file sharing protocol that describes the structure of shared network resources such as directories, files, printers, and serial ports. SMB is also a request/response protocol.

31. How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?
a) A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.
b) A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.
c) A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.
d) A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.

Solution: a) A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.

Explanation: The DHCPDISCOVER message is sent by a DHCPv4 client and targets a broadcast IP along with the destination port 67. The DHCPv4 server or servers respond to the DHCPv4 clients by targeting port 68.

32. What is a description of a DNS zone transfer?
a) transferring blocks of DNS data from a DNS server to another server
b) the action taken when a DNS server sends a query on behalf of a DNS resolver
c) forwarding a request from a DNS server in a subdomain to an authoritative source
d) finding an address match and transferring the numbered address from a DNS server to the original requesting client

Solution: a) transferring blocks of DNS data from a DNS server to another server

Explanation: When a server requires data for a zone, it will request a transfer of that data from an authoritative server for that zone. The process of transferring blocks of DNS data between servers is known as a zone transfer.

33. What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)
a) 128 bytes
b) 64 bytes
c) 1024 bytes
d) 56 bytes
e) 1518 bytes

Solution: b) 64 bytes and e) 1518 bytes

Explanation: The minimum Ethernet frame is 64 bytes. The maximum Ethernet frame is 1518 bytes. A network technician must know the minimum and maximum frame size in order to recognize runt and jumbo frames.

34. Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?
a) DNS
b) IP
c) HTTP
d) DHCP

Solution: d) DHCP

Explanation: When a Windows computer cannot communicate with an IPv4 DHCP server, the computer automatically assigns itself an IP address in the 169.254.0.0/16 range. Linux and Apple computers do not automatically assign an IP address.

35. Which statement describes a feature of the IP protocol?
a) IP relies on Layer 2 protocols for transmission error control.
b) MAC addresses are used during the IP packet encapsulation.
c) IP relies on upper layer services to handle situations of missing or out-of-order packets.
d) IP encapsulation is modified based on network media.

Solution: c) IP relies on upper layer services to handle situations of missing or out-of-order packets.

Explanation: IP protocol is a connection-less protocol, considered unreliable in terms of end-to-end delivery. It does not provide error control in the cases where receiving packets are out-of-order or in cases of missing packets. It relies on upper layer services, such as TCP, to resolve these issues.

36. What is a basic characteristic of the IP protocol?
a) connectionless
b) media dependent
c) user data segmentation
d) reliable end-to-end delivery

Solution: a) connectionless

Explanation: Internet Protocol (IP) is a network layer protocol that does not require initial exchange of control information to establish an end-to-end connection before packets are forwarded. Thus, IP is connectionless and does not provide reliable end-to-end delivery by itself. IP is media independent. User data segmentation is a service provided at the transport layer.

37. Which statement describes the ping and tracert commands?
a) Both ping and tracert can show results in a graphical display.
b) Ping shows whether the transmission is successful; tracert does not.
c) Tracert shows each hop, while ping shows a destination reply only.
d) Tracert uses IP addresses; ping does not.

Solution: c) Tracert shows each hop, while ping shows a destination reply only.

Explanation: The ping utility tests end-to-end connectivity between the two hosts. However, if the message does not reach the destination, there is no way to determine where the problem is located. On the other hand, the traceroute utility ( tracert in Windows) traces the route a message takes from its source to the destination. Traceroute displays each hop along the way and the time it takes for the message to get to that network and back.

38. A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?
a) cloud computing
b) video conferencing
c) online collaboration
d) bring your own device

Solution: d) bring your own device

Explanation: BYOD allows end users to use personal tools to access the corporate network. Allowing this trend can have major impacts on a network, such as security and compatibility with corporate software and devices.

39. Match each description to its corresponding term.
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 7
message encoding : the process of converting information from one format into another acceptable for transmission
message sizing : the process of breaking up a long message into individual pieces before being sent over the network
message encapsulation : the process of placing one message format inside another message format
(Empty) : the process of determining when to begin sending messages on a network
(Empty) : the process of unpacking one message format from another message format

40. Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?
a) router advertisement messages received from the link router
b) router solicitation messages received from the link router
c) neighbor advertisement messages received from link neighbors
d) neighbor solicitation messages sent to link neighbors

Solution: a) router advertisement messages received from the link router

Explanation: When using SLAAC, a host will learn from the router advertisement that is sent by the link router the address to use as a default gateway.

41. Refer to the exhibit. This PC is unable to communicate with the host at 172.16.0.100. What information can be gathered from the displayed output?
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 8
Exhibit
a) The target host is turned off.
b) The communication fails after the default gateway.
c) 172.16.0.100 is only a single hop away.
d) This PC has the wrong subnet configured on its NIC

Solution: b) The communication fails after the default gateway.

Explanation: The tracert command shows the path a packet takes through the network to the destination. In this example, only a response from the first router in the path is received, and all other responses time out. The first router is the default gateway for this host, and because a response is received from the router, it can be assumed that this host is on the same subnet as the router.

42. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1. What does this code represent?
a) network unreachable
b) port unreachable
c) protocol unreachable
d) host unreachable

Solution: d) host unreachable

43. What are three responsibilities of the transport layer? (Choose three.)
a) identifying the applications and services on the client and server that should handle transmitted data
b) conducting error detection of the contents in frames
c) meeting the reliability requirements of applications, if any
d) directing packets towards the destination network
e) formatting data into a compatible form for receipt by the destination devices
f) multiplexing multiple communication streams from many users or applications on the same network

Solution:
- a) identifying the applications and services on the client and server that should handle transmitted data
- b) conducting error detection of the contents in frames
- c) meeting the reliability requirements of applications, if any

Explanation: The transport layer has several responsibilities. Some of the primary responsibilities include tracking the individual communication streams between applications on the source and destination hosts, segmenting data at the source and reassembling the data at the destination, identifying the proper application for each communication stream through the use of port numbers, multiplexing the communications of multiple users or applications over a single network, and managing the reliability requirements of applications.

44. How does network scanning help assess operations security?
a) It can detect open TCP ports on network systems.
b) It can detect weak or blank passwords.
c) It can simulate attacks from malicious sources.
d) It can log abnormal activity.

Solution: a) It can detect open TCP ports on network systems.

Explanation: Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack.

45. Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?
a) 1514
b) 6666
c) 48598
d) 9

Solution: c) 48598

Explanation: During the TCP three-way handshake process, the output shows that the host uses source port 48598 to initiate the connection and request the download.

46. Which two operations are provided by TCP but not by UDP? (Choose two.)
a) retransmitting any unacknowledged data
b) acknowledging received data
c) reconstructing data in the order received
d) identifying the applications
e) tracking individual conversations

Solution: a) retransmitting any unacknowledged data, b) acknowledging received data

Explanation: Numbering and tracking data segments, acknowledging received data, and retransmitting any unacknowledged data are reliability operations to ensure that all of the data arrives at the destination. UDP does not provide reliability. Both TCP and UDP identify the applications and track individual conversations. UDP does not number data segments and reconstructs data in the order that it is received.

47. A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet?
a) when the router receives an ICMP Time Exceeded message
b) when the RTT value reaches zero
c) when the values of both the Echo Request and Echo Reply messages reach zero
d) when the host responds with an ICMP Echo Reply message
e) when the value in the TTL field reaches zero

Solution: e) when the value in the TTL field reaches zero

Explanation: When a router receives a traceroute packet, the value in the TTL field is decremented by 1. When the value in the field reaches zero, the receiving router will not forward the packet, and will send an ICMP Time Exceeded message back to the source.

48. A network administrator is testing network connectivity by issuing the ping command on a router. Which symbol will be displayed to indicate that a time expired during the wait for an ICMP echo reply message?
a) AD
b) U
c) .
d) !
e) $

Solution: c) .

Explanation: When the ping command is issued on a router, the most common indicators are as follows: ! – indicates receipt of an ICMP echo reply message. . – indicates a time expired while waiting for an ICMP echo reply message. U – an ICMP message of unreachability was received.

49. A technician is configuring email on a mobile device. The user wants to be able to keep the original email on the server, organize it into folders, and synchronize the folders between the mobile device and the server. Which email protocol should the technician use?
a) SMTP
b) MIME
c) POP3
d) IMAP

Solution: d) IMAP

Explanation: The IMAP protocol allows email data to be synchronized between a client and server. Changes made in one location, such as marking an email as read, are automatically applied to the other location. POP3 is also an email protocol. However, the data is not synchronized between the client and the server. SMTP is used for sending email, and is typically used in conjunction with the POP3 protocol. MIME is an email standard that is used to define attachment types, and allows extra content like pictures and documents to be attached to email messages.

50. At which OSI layer is a source MAC address added to a PDU during the encapsulation process?
a) application layer
b) presentation layer
c) data link layer
d) transport layer

Solution: c) data link layer

51. Which value, that is contained in an IPv4 header field, is decremented by each router that receives a packet?
a) Time-to-Live
b) Fragment Offset
c) Header Length
d) Differentiated Services

Solution: a) Time-to-Live

Explanation: When a router receives a packet, the router will decrement the Time-to-Live (TTL) field by one. When the field reaches zero, the receiving router will discard the packet and will send an ICMP Time Exceeded message to the sender.

52. What are three responsibilities of the transport layer? (Choose three.)
a) identifying the applications and services on the client and server that should handle transmitted data
b) conducting error detection of the contents in frames
c) meeting the reliability requirements of applications, if any
d) directing packets towards the destination network
e) formatting data into a compatible form for receipt by the destination devices
f) multiplexing multiple communication streams from many users or applications on the same network

Solution: a) identifying the applications and services on the client and server that should handle transmitted data, c) meeting the reliability requirements of applications, if any, f) multiplexing multiple communication streams from many users or applications on the same network

Explanation: The transport layer has several responsibilities. Some of the primary responsibilities include tracking the individual communication streams between applications on the source and destination hosts, segmenting data at the source and reassembling the data at the destination, identifying the proper application for each communication stream through the use of port numbers, multiplexing the communications of multiple users or applications over a single network, and managing the reliability requirements of applications.

53. Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)
a) route redirection
b) neighbor solicitation
c) router solicitation
d) router advertisement
e) protocol unreachable

Solution: e) protocol unreachable

Explanation: The ICMP messages common to both ICMPv4 and ICMPv6 include: host confirmation, destination (net, host, protocol, port) or service unreachable, time exceeded, and route redirection. Router solicitation, neighbor solicitation, and router advertisement are new protocols implemented in ICMPv6.

54. What mechanism is used by a router to prevent a received IPv4 packet from traveling endlessly on a network?
a) It checks the value of the TTL field and if it is 100, it discards the packet and sends a Destination Unreachable message to the source host.
b) It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.
c) It checks the value of the TTL field and if it is 0, it discards the packet and sends a Destination Unreachable message to the source host.
d) It increments the value of the TTL field by 1 and if the result is 100, it discards the packet and sends a Parameter Problem message to the source host.

Solution: b) It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.

Explanation: To prevent an IPv4 packet to travel in the network endlessly, TCP/IP protocols use ICMPv4 protocol to provide feedback about issues. When a router receives a packet and decrements the TTL field in the IPv4 packet by 1 and if the result is zero, it discards the packet and sends a Time Exceeded message to the source host.

55. A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the host identifier of the device?
a) 2001:0db8:cafe:4500:1000:00d8:0058:00ab
b) 00ab
c) 2001:0db8:cafe:4500
d) 1000:00d8:0058:00ab

Solution: b) 00ab

Explanation: The address has a prefix length of /64. Thus the first 64 bits represent the network portion, whereas the last 64 bits represent the host portion of the IPv6 address.

56. What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)
a) DHCP
b) FTP
c) DNS
d) NAT
e) ARP

Solution: b) FTP, c) DNS, e) ARP

Explanation: DNS, DHCP, and FTP are all application layer protocols in the TCP/IP protocol suite. ARP and PPP are network access layer protocols, and NAT is an internet layer protocol in the TCP/IP protocol suite.

57. A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?
a) The computer has an invalid IP address.
b) The cable is not connected properly to the NIC.
c) The computer has an incorrect subnet mask.
d) The computer has an invalid default gateway address.

Solution: d) The computer has an invalid default gateway address.

Explanation: The default gateway is the address of the device a host uses to access the Internet or another network. If the default gateway is missing or incorrect, that host will not be able to communicate outside the local network. Because the host can access other hosts on the local network, the network cable and the other parts of the IP configuration are working.

58. Refer to the exhibit. PC1 issues an ARP request because it needs to send a packet to PC3. In this scenario, what will happen next?
a) RT1 will send an ARP reply with its own Fa0/1 MAC address.
b) SW1 will send an ARP reply with its Fa0/1 MAC address.
c) RT1 will send an ARP reply with the PC3 MAC address.
d) RT1 will forward the ARP request to PC3.
e) RT1 will send an ARP reply with its own Fa0/0 MAC address.

Solution: e) RT1 will send an ARP reply with its own Fa0/0 MAC address.

Explanation: When a network device has to communicate with a device on another network, it broadcasts an ARP request asking for the default gateway MAC address. The default gateway (RT1) unicasts an ARP reply with the Fa0/0 MAC address.

59. A user who is unable to connect to the file server contacts the help desk. The helpdesk technician asks the user to ping the IP address of the default gateway that is configured on the workstation. What is the purpose for this ping command?
a) to resolve the domain name of the file server to its IP address
b) to request that gateway forward the connection request to the file server
c) to obtain a dynamic IP address from the server
d) to test that the host has the capability to reach hosts on other networks

Solution: d) to test that the host has the capability to reach hosts on other networks

Explanation: The ping command is used to test connectivity between hosts. The other options describe tasks not performed by ping. Pinging the default gateway will test whether the host has the capability to reach hosts on its own network and on other networks.

60. A user gets an IP address of 192.168.0.1 from the company network administrator. A friend of the user at a different company gets the same IP address on another PC. How can two PCs use the same IP address and still reach the Internet, send and receive email, and search the web?
a) ISPs use Domain Name Service to change a user IP address into a public IP address that can be used on the Internet.
b) Both users must be using the same Internet Service Provider.
c) Both users must be on the same network.
d) ISPs use Network Address Translation to change a user IP address into an address that can be used on the Internet.

Solution: d) ISPs use Network Address Translation to change a user IP address into an address that can be used on the Internet.

Explanation: As user traffic from behind an ISP firewall reaches the gateway device, Network Address Translation changes private IP addresses into a public, routable IP address. Private user addresses remain hidden from the public Internet, and thus more than one user can have the same private IP address, regardless of ISP.

61. How many host addresses are available on the 192.168.10.128/26 network?
a) 30
b) 32
c) 60
d) 62
e) 64

Solution: d) 62

Explanation: A /26 prefix gives 6 host bits, which provides a total of 64 addresses, because 2^6 = 64. Subtracting the network and broadcast addresses leaves 62 usable host addresses.

62. What are the three ranges of IP addresses that are reserved for internal private use? (Choose three.)
a) 64.100.0.0/14
b) 192.168.0.0/16
c) 192.31.7.0/24
d) 172.16.0.0/12
e) 10.0.0.0/8
f) 127.16.0.0/12

Solution: b) 192.168.0.0/16, d) 172.16.0.0/12, e) 10.0.0.0/8

Explanation: The private IP address blocks that are used inside companies are as follows:10.0.0.0 /8 (any address that starts with 10 in the first octet)172.16.0.0 /12 (any address that starts with 172.16 in the first two octets through 172.31.255.255)192.168.0.0 /16 (any address that starts with 192.168 in the first two octets)

63. Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address 50:6a:03:96:71:22?
a) PC-A
b) router DG
c) DSN server
d) router ISP
e) web server

Solution: b) router DG

Explanation: The Wireshark capture is of a DNS query from PC-A to the DNS server. Because the DNS server is on a remote network, the PC will send the query to the default gateway router, router DG, using the MAC address of the router G0/0 interface on the router.

64. A host PC is attempting to lease an address through DHCP. What message is sent by the server to let the client know it is able to use the provided IP information?
a) DHCPDISCOVER
b) DHCPOFFER
c) DHCPREQUEST
d) DHCPACK
e) DHCPNACK

Solution: d) DHCPACK

Explanation: When a host uses DHCP to automatically configure an IP address, the typically sends two messages: the DHCPDISCOVER message and the DHCPREQUEST message. These two messages are usually sent as broadcasts to ensure that all DHCP servers receive them. The servers respond to these messages using DHCPOFFER, DHCPACK, and DHCPNACK messages, depending on the circumstance.

65. An employee complains that a Windows PC cannot connect to the Internet. A network technician issues the ipconfig command on the PC and is shown an IP address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.)
a) The PC is configured to obtain an IP address automatically.
b) The default gateway address is not configured.
c) The DNS server address is misconfigured.
d) The enterprise network is misconfigured for dynamic routing.
e) The PC cannot contact a DHCP server.

Solution: a) The PC is configured to obtain an IP address automatically, e) The PC cannot contact a DHCP server.

Explanation: When a Windows PC is configured to obtain an IP address automatically, the PC will try to obtain an IP address from a DHCP server. When the PC cannot contact a DHCP server, Windows will automatically assign an address belonging to the 169.254.0.0/16 range.

66. What is a function of the tracert command that differs from the ping command when they are used on a workstation?
a) The tracert command is used to test the connectivity between two devices.
b) The tracert command reaches the destination faster.
c) The tracert command shows the information of routers in the path.
d) The tracert command sends one ICMP message to each hop in the path.

Solution: c) The tracert command shows the information of routers in the path.

Explanation: The tracert command sends three pings to each hop (router) in the path toward the destination and displays the domain name and IP address of hops from their responses. Because tracert uses the ping command, the travel time is the same as a standalone ping command. The primary function of a standalone ping command is to test the connectivity between two hosts.

67. Which two functions or operations are performed by the MAC sublayer? (Choose two.)
a) It is responsible for Media Access Control.
b) It performs the function of NIC driver software.
c) It adds a header and trailer to form an OSI Layer 2 PDU.
d) It handles communication between upper and lower layers.
e) It adds control information to network protocol layer data.

Solution: a) It is responsible for Media Access Control, c) It adds a header and trailer to form an OSI Layer 2 PDU.

Explanation: The MAC sublayer is the lower of the two data link sublayers and is closest to the physical layer. The two primary functions of the MAC sublayer are to encapsulate the data from the upper layer protocols and to control access to the media.

68. Which field in an IPv4 packet header will typically stay the same during its transmission?
a) Flag
b) Time-to-Live
c) Packet Length
d) Destination Address

Solution: d) Destination Address

Explanation: The value in the Destination Address field in an IPv4 header will stay the same during its transmission. The other options might change during its transmission.

69. Match each statement about FTP communications to the connection it describes. (Not all options are used.)
Explanation: Both connections that are required for FTP operations are established from the client to the FTP server. The client first opens a control connection via TCP port 21. The client then opens a data connection for the actual file transfer via TCP port 20.

70. What are the two sizes (minimum and expected maximum) of an Ethernet frame? (Choose two.)
a) 128 bytes
b) 1024 bytes
c) 1518 bytes
d) 64 bytes
e) 56 bytes

Solution: d) 64 bytes, c) 1518 bytes

Explanation: The minimum Ethernet frame is 64 bytes. The maximum expected Ethernet frame is 1518 bytes. A network technician must know the minimum and expected maximum frame size in order to recognize runt and jumbo frames.