- (Topic 3)
Users have reported an issue connecting to a server over the network. A workstation was recently added to the network and configured with a shared USB printer. Which of the following is most likely causing the issue?
Correct Answer:
D
The workstation was configured with a static IP that is the same as the server is the most likely cause of the issue where users are unable to access any network resources. A static IP address is an IP address that is manually assigned to a device and does not change over time. A static IP address can be useful for devices that need to be easily identified or accessed on a network, such as servers or printers. However, if two devices on the same network have the same static IP address, it can cause an IP address conflict. An IP address conflict occurs when two devices try to use the same IP address at the same time, resulting in network communication errors or failures. An IP address conflict can prevent users from accessing any network resources that rely on the IP address for identification or routing. References: [CompTIA Network+ Certification Exam
Objectives], What Is an IP Address Conflict? | HowStuffWorks
- (Topic 2)
Which of the following attacks encrypts user data and requires a proper backup implementation to recover?
Correct Answer:
C
Ransomware is a type of malware that encrypts user data and demands a ransom for its decryption. Ransomware can prevent users from accessing their files and applications, and cause data loss or corruption. A proper backup implementation is essential to recover from a ransomware attack, as it can help restore the encrypted data without paying the ransom or relying on the attackers’ decryption key. References: https://www.comptia.org/blog/what-is-ransomware
- (Topic 3)
A technician performed a manual reconfiguration of a firewall, and network connectivity was reestablished. Some connection events that were previously sent to a syslog server are no longer being generated by the flrewal Which of Vie following should the technician perform to fix the Issue?
Correct Answer:
A
Logging level is a setting that determines what types of events are recorded by a device and sent to a syslog server. Different logging levels have different severity levels, ranging from emergency to debug. If the technician performed a manual reconfiguration of the firewall, it is possible that the logging level was changed or reset to a lower level that does not include the connection events that were previously sent to the syslog server. To fix the issue, the technician should adjust the proper logging level on the new firewall to match the desired level of detail and severity for the connection events. References: Network+ Study Guide Objective 3.4: Explain common scanning, monitoring and patching processes and summarize their expected outputs. Subobjective: Syslog.
- (Topic 3)
Which of the following layers is where TCP/IP port numbers identify which network application is receiving the packet and where it is applied?
Correct Answer:
B
Layer 4 is where TCP/IP port numbers identify which network application is receiving the packet and where it is applied. Layer 4 is also known as the transport layer in the TCP/IP model or the OSI model. The transport layer is responsible for providing reliable or unreliable end-to-end data transmission between hosts on a network. The transport layer uses port numbers to identify and multiplex different applications or processes that communicate over the network. Port numbers are 16-bit numbers that range from 0 to 65535 and are divided into three categories: well-known ports (0-1023), registered ports (1024-49151), and dynamic ports (49152-65535). Some examples of well-known port numbers are 80 for HTTP, 443 for HTTPS, and 25 for SMTP. References: [CompTIA Network+ Certification Exam Objectives], Transport Layer - an overview | ScienceDirect Topics
- (Topic 3)
A junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. Which of the following
issues is the engineer attempting to prevent?
Correct Answer:
C
VLAN hopping is a type of network attack where an attacker can send or receive traffic from a VLAN that they are not supposed to access. VLAN hopping can allow an attacker to bypass security policies, access sensitive data, or launch other attacks on the network. VLAN hopping can be performed using two methods: double tagging and switch spoofing1.
Double tagging is where the attacker sends a frame with two VLAN tags, one for the native VLAN and one for the target VLAN. The native VLAN is the VLAN that is used for untagged traffic on a trunk port. If the attacker’s access port is in the same VLAN as the native VLAN, the switch will accept the frame and forward it on the trunk port. The switch will remove the first tag, which is the native VLAN, and send the frame with the second tag, which is the target VLAN. The frame will then reach the target VLAN and be processed by the devices in that VLAN.
Switch spoofing is where the attacker sends Dynamic Trunking Protocol (DTP) packets and tries to negotiate a trunk with the switch. DTP is a Cisco protocol that allows switches to automatically form trunks between them. If the switch’s port is configured with the default dynamic auto or dynamic desirable mode, it will accept the DTP packets and form a trunk with the attacker. The attacker will then have access to all VLANs on the trunk.
To prevent VLAN hopping, the junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. This means that the engineer is changing the VLAN that is used for untagged traffic on the trunk ports to a different VLAN than the default VLAN 1. This will prevent double tagging attacks, as the attacker’s access port will not be in the same VLAN as the native VLAN, and the switch will not accept the frames with two tags. The engineer should also disable DTP on the trunk ports and use the switchport nonegotiate command to prevent switch spoofing attacks2.
ReferencesVLAN Hopping - NetworkLessons.comVLAN Hopping on Native VLAN - Cisco Community
