CompTIA N10-008 Practice Test - Questions Answers, Page 28

https://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/command/reference/cpt93_cr/cpt93_cr_c hapter_01000.html

A MAC address is a unique identifier assigned to a network interface card (NIC) that allows it tocommunicate on a physical network layer, such as Ethernet1.An IP address is a logical identifierassigned to a device that allows it to communicate on a network layer, such as IP2.A technician can use different methods to find the IP address of a device if they know its MACaddress. Two of the most common methods are looking at the ARP table and the DHCP leases.The ARP table is a data structure that stores the mappings between IP addresses and MACaddresses on a device.ARP stands for Address Resolution Protocol, which is a network protocolthat enables devices to discover the MAC address of another device based on its IP address3.The ARP table is populated by sending ARP requests and receiving ARP replies, or byusing static ARP entries that are manually configured4.A technician can look at the ARP table of their own device or a nearby device, such as a routeror a switch, to find the IP address of a device with a known MAC address. For example, on aWindows device, the technician can use the commandarp -ato display the ARP table, and lookfor the entry that matches the MAC address. On a Cisco device, the technician can use thecommandshow ip arpto display the ARP table, and look for the entry that matches the MACaddress.The DHCP leases are the records of the IP addresses that are assigned by a DHCP server toDHCP clients. DHCP stands for Dynamic Host Configuration Protocol, which is a networkprotocol that enables devices to obtain IP addresses and other network configurationparameters automatically from a DHCP server. The DHCP leases contain information such as theIP address, the MAC address, the lease duration, and the expiration time of each DHCP client.A technician can look at the DHCP leases of the DHCP server that serves the network segmentwhere the device with the known MAC address is connected. For example, on a Windows DHCPserver, the technician can use the DHCP console to view the DHCP leases, and look for the entrythat matches the MAC address. On a Cisco DHCP server, the technician can use thecommandshow ip dhcp bindingto view the DHCP leases, and look for the entry that matches theMAC address.The other options are incorrect for the following reasons:C . IP route table is a data structure that stores the routes to different network destinations ona device. It does not store the MAC addresses of the devices on the network.D . DNS cache is a data structure that stores the mappings between domain names and IPaddresses on a device. DNS stands for Domain Name System, which is a network service thattranslates human-readable domain names into IP addresses. It does not store the MACaddresses of the devices on the network.E . MAC address table is a data structure that stores the mappings between MAC addresses andswitch ports on a switch. It does not store the IP addresses of the devices on the network.F . STP topology is a network design that uses the Spanning Tree Protocol (STP) to prevent loopsand create a loop-free logical topology on a switched network. It does not store the IPaddresses or the MAC addresses of the devices on the network.Reference:1: MAC address - Wikipedia2: IP address - Wikipedia

A botnet is a network of compromised devices that are remotely controlled by a maliciousactor, usually for the purpose of launching distributed denial-of-service (DDoS) attacks, sendingspam, stealing data, or performing other malicious activities1.A malware infection is a common way of compromising internet-connected devices and makingthem part of a botnet. Malware is any software that is designed to harm or exploit a device, anetwork, or a user.Malware can be delivered through various methods, such as phishing emails,malicious downloads, drive-by downloads, or removable media2.Malware can infect a deviceand allow a remote attacker to take control of it, monitor its activities, or use its resources3 The use of default credentials is another common way of compromising internet-connecteddevices and making them part of a botnet. Default credentials are the username and passwordcombinations that are preconfigured by the manufacturer or vendor of a device, such as arouter, a camera, or a printer. Default credentials are often easy to guess or find online, andmany users do not change them after setting up their devices. This makes the devicesvulnerable to unauthorized access and manipulation by attackers who can scan the internet fordevices with default credentials and add them to their botnet .A deauthentication attack is a type of wireless attack that aims to disconnect a legitimate userfrom a wireless network by sending spoofed deauthentication frames to the user's device orthe access point (AP). A deauthentication attack can cause a denial of service, disrupt networkcommunication, or facilitate other attacks, such as capturing the handshake during thereconnection process. However, a deauthentication attack does not compromise the device ormake it part of a botnet.IP spoofing is a technique of forging the source IP address of a packet to make it appear as if itcame from a different device or location. IP spoofing can be used to bypass security filters, hidethe identity of the attacker, or launch reflection or amplification attacks. However, IP spoofingdoes not compromise the device or make it part of a botnet, unless it is combined with othermethods, such as malware infection or exploitation of vulnerabilities.Firmware corruption is a condition where the firmware of a device, which is the software thatcontrols its basic functions and operations, becomes damaged or altered due to variousreasons, such as power surges, hardware failures, malicious attacks, or improper updates.Firmware corruption can cause the device to malfunction, lose data, or become inaccessible.However, firmware corruption does not compromise the device or make it part of a botnet,unless it is caused by a malicious attack that replaces the firmware with a malicious version.A dictionary attack is a type of brute-force attack that tries to guess the password of a user or adevice by using a list of common or likely passwords, such as those found in a dictionary, adatabase, or a previous breach. A dictionary attack can be used to compromise a device andmake it part of a botnet, but only if the device has a weak or predictable password. Therefore, adictionary attack is not a direct way of compromising a device, but rather a means of exploitingthe use of default or weak credentials.

Split tunnel is a configuration that allows a remote user to access both the local network and the Internet at the same time. In a split tunnel configuration, only traffic destined for the corporate network is sent through the VPN tunnel, while all other traffic is sent directly to the Internet. This allows the remote user to access the Internet without the company's VPN server being able to monitor or intercept their traffic. Using a split tunnel configuration can help the company to mitigate employee concerns about internet activity being monitored and reassure employees that their private internet activity is not being monitored.