Question 738 - N10-008 discussion

Cameras can be used to identify users after an action has occurred by recording their faces, clothing, or other distinctive features. Cameras are often used as a deterrent and a forensic tool for security purposes. Access control vestibules, asset tags, and motion detectors are not effective in identifying users, but rather in controlling access, tracking assets, and detecting movement.

Collisions occur when two or more devices try to transmit signals on the same physical medium at the same time. This causes interference and data loss. Collisions can only happen at the physical layer of the OSI model, which is responsible for transmitting and receiving raw bits over a physical medium such as a cable or a wireless channel. The physical layer does not have any mechanism to prevent or resolve collisions. Therefore, higher layers of the OSI model, such as the data link layer, need to implement protocols to detect and recover from collisions, such as CSMA/CD for Ethernet networks.

Reference Collision in computer networking Data Link Layer | Layer 2 | The OSI-Model

A network engineer has added a new route on a border router and is trying to determine if traffic is using the new route. Which of the following commands should the engineer use?

ping

arp

tracert

route

The tracert command is a network diagnostic tool that traces the route of packets from the source host to the destination host. It displays the IP addresses and hostnames of the routers along the path, as well as the time taken for each hop. The tracert command can be used to determine if traffic is using the new route by comparing the output before and after adding the route. If the new route is effective, the tracert command should show a different or shorter path to the destination host.

Reference Networking Commands For Troubleshooting Windows - GeeksforGeeks Nine Switch Commands Every Cisco Network Engineer Needs to Know

A technician is configuring a wireless access point in a public space for guests to use. Which of the following should the technician configure so that only approved connections are allowed?

Geofencing

Captive portal

Secure SNMP

Private VLANs

A captive portal is a web page that requires users to authenticate or accept terms of service before they can access the internet through a wireless access point. A captive portal can be used to control who can use the wireless network, limit the bandwidth or time of usage, or display advertisements or information. A captive portal is a common feature of public wireless networks, such as those in hotels, airports, cafes, or libraries. A captive portal can prevent unauthorized or malicious users from accessing the network or consuming network resources.

Reference Public Wireless Access Points Definition | Law Insider Are Public Wi-Fi Networks Safe? What You Need To Know

A user cannot connect to the network, although others in the office are unaffected. The network technician sees that the link lights on the NIC are not on. The technician needs to check which switchport the user is connected to, but the cabling is not labeled. Which of the following is the best way for the technician to find where the computer is connected?

Look up the computer's IP address in the switch ARP table.

Use a cable tester to trace the cable.

Look up the computer's MAC address in the switch CAM table.

Use a tone generator to trace the cable.

A tone generator is a device that emits an audible signal on a wire. A tone probe is a device that detects the signal on the wire. By attaching the tone generator to one end of the cable and using the tone probe to scan the other end, the technician can identify which switchport the cable is connected to. This method does not require any knowledge of the computer's IP or MAC address, or access to the switch configuration. It is also faster and more reliable than physically tracing the cable or disconnecting the cable and looking for the link light to go out on the switch.

Reference How to find what port im connected to on a switch from my PC? Switch Port Monitoring Guide - Comparitech Finding Out Which Network Switch Port My Computer is Connected

A network administrator is creating a VLAN that will only allow executives to connect to a data source. Which of the following is this scenario an example of?

Availability

Confidentiality

Internal threat

External threat

Integrity

Confidentiality is the principle of preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information1. By creating a VLAN that will only allow executives to connect to a data source, the network administrator is implementing a form of network segmentation that enhances the confidentiality of the data. This prevents unauthorized users or processes from accessing or modifying the data, which could compromise its integrity or availability.Confidentiality is one of the components of the CIA triad, a widely used information security model that guides the efforts and policies aimed at keeping data secure234.

Reference Defending Your Network: A Comprehensive Guide to VLAN Hopping Attacks The CIA triad: Definition, components and examples | CSO Online Executive Summary --- NIST SP 1800-25 documentation The CIA Triad --- Confidentiality, Integrity, and Availability Explained Confidentiality, Integrity and Availability - DevQA.io

A network administrator walks into a data center and notices an unknown person is following closely. The administrator stops and directs the person to the security desk. Which of the following attacks did the network administrator prevent?

Evil twin

Tailgating

Piggybacking

Shoulder surfing

Tailgating is a type of physical security attack in which an unauthorized person follows an authorized person into a restricted area, such as a data center, without proper identification or authentication. Tailgating can allow attackers to access sensitive data, equipment, or network resources, or to plant malicious devices or software. The network administrator prevented tailgating by stopping and directing the unknown person to the security desk, where they would have to verify their identity and purpose.

Reference Digital Threats and Cyberattacks at the Network Level Network attacks and how to prevent them

Which of the following is most closely associated with attempting to actively prevent network intrusion?

IDS

Firewall

IPS

VPN

An intrusion prevention system (IPS) is a network security tool that continuously monitors network traffic for malicious activity and takes action to prevent it, such as reporting, blocking, or dropping it. An IPS is different from an intrusion detection system (IDS), which only detects and alerts about threats, but does not stop them. A firewall is a device or software that filters network traffic based on predefined rules, but it does not analyze the traffic for anomalies or signatures of known attacks. A VPN is a virtual private network that creates a secure tunnel between two endpoints, but it does not prevent intrusions from within the network or from compromised endpoints.

Reference What is an Intrusion Prevention System (IPS)? | Fortinet What is an Intrusion Prevention System? - Palo Alto Networks

An administrator needs to ensure an access switch is sending the appropriate logs to the network monitoring server. Which of the following logging levels is most appropriate for the access layer switch?

Level 0

Level 2

Level 5

Level 7

Logging levels are used to categorize the severity and importance of log messages generated by network devices. The lower the level, the higher the priority. Level 0 is the most critical, while level 7 is the most verbose and least important. Level 5 is the default logging level for most Cisco devices, and it corresponds to notifications. Notifications are messages that indicate normal but significant events, such as interface status changes, configuration changes, or system restarts. These messages are useful for monitoring the health and performance of the network, and they do not generate excessive traffic or consume too much memory or CPU resources. Therefore, level 5 is the most appropriate logging level for an access layer switch, which connects end devices to the network and does not need to log debug or informational messages.

Reference How to configure logging in Cisco IOS Cisco Guide to Harden Cisco IOS Devices Cisco Privilege Levels -- Explanation and Configuration

A network consultant is installing a new wireless network with the following specifications:

5GHz

1,300Mbps

20/40/80MHz

Which of the following standards should the network consultant use?

802.11a

802.11ac

802.11b

802.11n

Clients have reported slowness between a branch and a hub location. The senior engineer suspects asymmetrical routing is causing the issue. Which of the following should the engineer run on both the source and the destination network devices to validate this theory?

traceroute

ping

route

nslookup

Asymmetric routing occurs when traffic does not traverse the same path in both directions of a conversation. This can cause problems when there are stateful devices, such as firewalls or NAT devices, in the path that expect the traffic to be symmetrical.Asymmetric routing can also result in suboptimal TCP performance, as TCP assumes that the SYN and ACK packets take the same path1.

To validate the theory of asymmetric routing, the engineer should run the traceroute command on both the source and the destination network devices. The traceroute command shows the route that packets take to reach a destination, by displaying the IP addresses and hostnames of the routers along the path, as well as the time taken for each hop.By comparing the output of the traceroute command from both ends, the engineer can determine if the traffic is taking different paths in each direction, and identify where the asymmetry occurs2.

The ping command is not sufficient to validate the theory of asymmetric routing, as it only tests the connectivity and latency between two devices, but does not show the intermediate hops or the path taken by the packets. The route command shows the routing table of a device, but does not show the actual path taken by the packets. The nslookup command resolves a hostname to an IP address, or vice versa, but does not show the route or the connectivity between two devices.

Reference How to Find & Fix Asymmetric Routing Issues | Auvik Identifying and Troubleshooting Asymmetric Routing in WAAS - Cisco Community

After a firewall replacement, some alarms and metrics related to network availability stopped updating on a monitoring system relying on SNMP. Which of the following should the network administrator do first?

Modify the device's MIB on the monitoring system.

Configure syslog to send events to the monitoring system.

Use port mirroring to redirect traffic to the monitoring system.

Deploy SMB to transfer data to the monitoring system.

SNMP (Simple Network Management Protocol) is a protocol that allows network devices to communicate with a monitoring system and provide information about their status, performance, and configuration.SNMP relies on MIBs (Management Information Bases), which are collections of objects that define the types of information that can be accessed or modified on a device1.

When a firewall replacement occurs, the new firewall may have a different MIB than the old one, which means that the monitoring system may not be able to recognize or interpret the data sent by the new firewall. This can cause some alarms and metrics related to network availability to stop updating on the monitoring system.To fix this, the network administrator should modify the device's MIB on the monitoring system, so that it matches the MIB of the new firewall and can correctly process the SNMP data2.

The other options are not relevant to the issue. Configuring syslog to send events to the monitoring system would not affect the SNMP data, as syslog is a different protocol that sends log messages from network devices to a central server. Using port mirroring to redirect traffic to the monitoring system would not help, as port mirroring is a technique that copies traffic from one port to another for analysis or troubleshooting purposes, but does not change the format or content of the traffic. Deploying SMB to transfer data to the monitoring system would not work, as SMB is a protocol that allows file sharing and access between network devices, but does not support SNMP data.

Reference Grafana & Prometheus SNMP: advanced network monitoring guide Configuring Windows Systems for Monitoring with SNMP - ScienceLogic

Which of the following use cases would justify the deployment of an mGRE hub-and-spoke topology?

An increase in network security using encryption and packet encapsulation

A network expansion caused by an increase in the number of branch locations to the headquarters

A mandatory requirement to increase the deployment of an SDWAN network

An improvement in network efficiency by increasing the useful packet payload

mGRE (Multipoint GRE) is a type of GRE (Generic Routing Encapsulation) tunnel that allows a single interface to support multiple tunnel endpoints, instead of having to configure a separate point-to-point tunnel for each destination.mGRE simplifies the configuration and management of large-scale VPN networks, such as DMVPN (Dynamic Multipoint VPN), which is a Cisco technology that uses mGRE, NHRP (Next Hop Resolution Protocol), and IPsec to create secure and dynamic VPN connections between a hub and multiple spokes1.

A network expansion caused by an increase in the number of branch locations to the headquarters would justify the deployment of an mGRE hub-and-spoke topology, because it would reduce the complexity and overhead of configuring and maintaining multiple point-to-point tunnels between the hub and each spoke.mGRE would also enable spoke-to-spoke communication without having to go through the hub, which would improve the network performance and efficiency23.

The other options are not directly related to the use case of mGRE hub-and-spoke topology. An increase in network security using encryption and packet encapsulation can be achieved by using IPsec, which is a separate protocol that can be applied to any type of GRE tunnel, not just mGRE. A mandatory requirement to increase the deployment of an SDWAN network can be met by using various technologies and vendors, not necessarily mGRE or DMVPN. An improvement in network efficiency by increasing the useful packet payload can be achieved by using various techniques, such as compression, fragmentation, or QoS, not specifically mGRE.

Reference Understanding Cisco Dynamic Multipoint VPN - DMVPN, mGRE, NHRP MGRE Easy Steps - Cisco Community What is DMVPN (Dynamic Multipoint VPN), NHRP, mGRE and How to configu - Cisco Community

Users report they cannot reach any websites on the internet. An on-site network engineer is able to duplicate the issue on a different PC. The network engineer then tries to ping a website and receives the following message:

Ping request could not find host www.google.com. Please check the name and try again.

Which of the following is the next step the engineer should take?

Ping 127. 0. 0. 1 to test local hardware.

Test the website from outside the company.

Ping internal name server functionality.

Check internet firewall logs for blocked DNS traffic.

The error message ''Ping request could not find host www.google.com'' indicates that the network engineer's PC cannot resolve the hostname www.google.com to its corresponding IP address. This means that there is a problem with the DNS (Domain Name System) service, which is responsible for translating hostnames to IP addresses and vice versa. The DNS service can be provided by internal or external name servers, depending on the network configuration.

The next step the engineer should take is to ping the internal name server functionality, which means to test if the PC can communicate with the name server that is configured in its network settings, and if the name server can resolve internal hostnames, such as those of the company's servers or devices. To do this, the engineer can use the following commands:

To find out the IP address of the name server, useipconfig /alland look for the DNS Servers entry.

To ping the name server, useping <name server IP address>and check if the packets are sent and received successfully.

To test the name resolution, usenslookup <internal hostname>and check if the name server returns the correct IP address.

If the ping or the nslookup commands fail, it means that the internal name server is not working properly, and the engineer should troubleshoot the name server configuration or connectivity. If the ping and the nslookup commands succeed, it means that the internal name server is working properly, but there is a problem with the external name resolution, and the engineer should check the internet firewall logs for blocked DNS traffic, or test the website from outside the company.

Reference Windows 10 can't resolve hostnames - ping with IP works but not with hostname Ping request could not find host xyz.local. Please check the name and try again DNS problem, nslookup works, ping doesn't

Users are connected to a switch on an Ethernet interface of a campus router. The service provider is connected to the serial 1 interface on the router. The output of the interfaces is:

E1/0: 192.168.8.1/24

S1: 192.168.7.252/30

After router and device configurations are applied, internet access is not possible. Which of the following is the most likely cause?

The Ethernet interface was configured with an incorrect IP address.

The router was configured with an incorrect loopback address.

The router was configured with an incorrect default gateway.

The serial interface was configured with the incorrect subnet mask.

The default gateway is the IP address of the router that connects a network to the internet or another network. The default gateway is usually configured on the devices that need to access the internet or other networks, such as PCs, servers, or routers. If the router was configured with an incorrect default gateway, it would not be able to forward packets to the correct destination, and internet access would not be possible.

The other options are not the most likely causes of the issue. The Ethernet interface is the physical port that connects a device to a network using a cable. If the Ethernet interface was configured with an incorrect IP address, it would cause a problem with the local network connectivity, not the internet access. The loopback address is a special IP address that refers to the device itself, usually used for testing or troubleshooting purposes. If the router was configured with an incorrect loopback address, it would not affect the internet access, as the loopback address is not used for routing packets to other networks. The serial interface is another type of physical port that connects a device to a network using a serial cable, often used for WAN connections. If the serial interface was configured with the incorrect subnet mask, it would cause a problem with the WAN connectivity, not the internet access, as the subnet mask is used to determine the network and host portions of an IP address.

Reference What is a Default Gateway? | HowStuffWorks What is an Ethernet Interface? - Definition from Techopedia What is a Loopback Address? - Definition from Techopedia What is a Serial Interface? - Definition from Techopedia

A user wants to avoid using a password to access a third-party website. Which of the following does the user need in order to allow this type of access to the third-party website?

Multifactor

RADIUS

SSO

Local authentication

A junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. Which of the following issues is the engineer attempting to prevent?

DDoS

ARP spoofing

VLAN hopping

Rogue DHCP

VLAN hopping is a type of network attack where an attacker can send or receive traffic from a VLAN that they are not supposed to access. VLAN hopping can allow an attacker to bypass security policies, access sensitive data, or launch other attacks on the network.VLAN hopping can be performed using two methods: double tagging and switch spoofing1.

Double tagging is where the attacker sends a frame with two VLAN tags, one for the native VLAN and one for the target VLAN. The native VLAN is the VLAN that is used for untagged traffic on a trunk port. If the attacker's access port is in the same VLAN as the native VLAN, the switch will accept the frame and forward it on the trunk port. The switch will remove the first tag, which is the native VLAN, and send the frame with the second tag, which is the target VLAN. The frame will then reach the target VLAN and be processed by the devices in that VLAN.

Switch spoofing is where the attacker sends Dynamic Trunking Protocol (DTP) packets and tries to negotiate a trunk with the switch. DTP is a Cisco protocol that allows switches to automatically form trunks between them. If the switch's port is configured with the default dynamic auto or dynamic desirable mode, it will accept the DTP packets and form a trunk with the attacker. The attacker will then have access to all VLANs on the trunk.

To prevent VLAN hopping, the junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. This means that the engineer is changing the VLAN that is used for untagged traffic on the trunk ports to a different VLAN than the default VLAN 1. This will prevent double tagging attacks, as the attacker's access port will not be in the same VLAN as the native VLAN, and the switch will not accept the frames with two tags.The engineer should also disable DTP on the trunk ports and use the switchport nonegotiate command to prevent switch spoofing attacks2.

Reference VLAN Hopping - NetworkLessons.com VLAN Hopping on Native VLAN - Cisco Community

CompTIA Network+ N10-008 Certification Exam Objectives, Domain 5.0: Network Security, Subobjective 5.1: Summarize the importance of physical security controls, page 231

CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008), Chapter 18: Network Security, Section: Physical Security, page 7372

A technician reviews a network performance report and finds a high level of collisions happening on the network. At which of the following layers of the OSI model would these collisions be found?

Layer 1

Layer 3

Layer 4

Layer 7