A network engineer performs the following tasks to increase server bandwidth: - Connects two network cables from the server to a switch stack - Configure LACP on the switchports - Verifies the correct configurations on the switch interfaces Which of the following needs to be configured on the server?
Correct Answer: C
Link Aggregation Control Protocol (LACP) is implemented specifically to enable port aggregation (AKA NIC teaming).
Question 657
Which of the following is MOST appropriate for enforcing bandwidth limits when the performance of an application is not affected by the use of buffering but is heavily impacted by packet drops?
Correct Answer: B
Explanation Traffic policing is a mechanism that monitors the traffic in any network and enforces a bandwidth limit by discarding packets that exceed a certain rate1. This can reduce congestion and ensure fair allocation of bandwidth among different applications or users. However, discarding packets can also affect the performance and quality of some applications, especially those that are sensitive to packet loss, such as voice or video. Traffic shaping is a congestion control mechanism that delays packets that exceed a certain rate instead of discarding them1. This can smooth out traffic bursts and avoid packet loss, but it also introduces latency and jitter. Traffic shaping can be beneficial for applications that can tolerate some delay but not packet loss, such as file transfers or streaming. Traffic marking is a mechanism that assigns different priority levels to packets based on their type, source, destination, or other criteria2. This can help to differentiate between different classes of service and apply different policies or treatments to them. However, traffic marking does not enforce bandwidth limits by itself; it only provides information for other mechanisms to act upon. Traffic classification is a process that identifies and categorizes packets based on their characteristics, such as protocol, port number, payload, or behavior. This can help to distinguish between different types of traffic and apply appropriate policies or actions to them. However, traffic classification does not enforce bandwidth limits by itself; it only provides input for other mechanisms to use.
Question 658
A network administrator needs to query the NSs for a remote application. Which of the following commands would BEST help the administrator accomplish this task?
Correct Answer: A
The Linux/Unix dig (short for domain information groper) utility does the exact same thing as nslookup. It's primarily a command-line utility that allows you to perform a single DNS lookup for a specific entity, but it can also be employed in batch mode for a series of lookups.
Question 659
A company cell phone was stolen from a technician's vehicle. The cell phone has a passcode, but it contains sensitive information about clients and vendors. Which of the following should also be enabled?
Correct Answer: C
Encryption is the process of transforming data into an unreadable format using a secret key or algorithm. It can protect sensitive information from unauthorized access or theft, even if the device is lost or stolen. Factory reset is the process of restoring a device to its original settings and deleting all user data and applications. It can be used to erase personal information from a device before selling or disposing of it, but it does not prevent data recovery by forensic tools. Therefore, option A is incorrect. Autolock is the feature that automatically locks a device after a period of inactivity or when the power button is pressed. It can prevent unauthorized access to a device by requiring a passcode, pattern, fingerprint, or face recognition to unlock it. However, it does not protect the data stored on the device from being extracted by other means. Therefore, option B is incorrect. Two-factor authentication is the method of verifying a user's identity by requiring two pieces of evidence, such as a password and a code sent to a phone or email. It can enhance the security of online accounts and services, but it does not apply to the data stored on a device. Therefore, option D is incorrect. Reference: CompTIA Network+ N10-008 Study Guide, Chapter 9: Network Security, pages 403-404, 407-408, 411-412. Professor Messer's Network+ Video Course, Section 5.1: Network Security Devices and Technologies, videos 5.1.1 - 5.1.3, 5.1.6, 5.1.7. CompTIA Network+ (N10-008) Sample Questions, Question 15.
Question 660
Which of the following compromises internet-connected devices and makes them vulnerable to becoming part of a botnet? (Select TWO).
Correct Answer: B,E
A botnet is a collection of internet-connected devices that are compromised and controlled by hackers, often without the knowledge of the device owners. Hackers use botnets to launch various types of malicious attacks, such as distributed denial-of-service (DDoS), spam, phishing, crypto-mining, and more123. To create a botnet, hackers need to infect the devices with malware that allows them to remotely control them and communicate with other infected devices. Malware can be delivered through various methods, such as phishing emails, malicious websites, drive-by downloads, exploit kits, and more12. Therefore, one of the ways that compromises internet-connected devices and makes them vulnerable to becoming part of a botnet is B. Malware infection. Malware infection can affect any type of device that connects to the internet, such as computers, smartphones, tablets, routers, cameras, smart TVs, and more12. Another way that compromises internet-connected devices and makes them vulnerable to becoming part of a botnet is E. Use of default credentials. Many internet-connected devices come with default usernames and passwords that are easy to guess or find online. Hackers can use these credentials to access the devices and install malware or change their settings12. Therefore, another answer is E. Use of default credentials. Use of default credentials can affect any type of device that has a web interface or a remote login service, such as routers, cameras, printers, smart devices, and more12. The other options are incorrect for the following reasons: A . Deauthentication attack is a type of attack that targets wireless networks and devices. It involves sending spoofed deauthentication frames to disconnect the devices from the network or force them to reconnect. It does not compromise the devices or make them part of a botnet, but it can disrupt their communication or enable other attacks. C . IP spoofing is a technique that involves forging the source IP address of a packet or a request. It can be used to hide the identity of the attacker, bypass security filters, or perform reflection or amplification attacks. It does not compromise the devices or make them part of a botnet, but it can make the attacks harder to trace or block. D . Firmware corruption is a type of attack that targets the firmware of a device, which is the software that controls its basic functions and hardware. It involves modifying or replacing the firmware with malicious code that can damage the device, change its behavior, or allow remote access. It can compromise the devices or make them part of a botnet, but it is not a common or easy method, as it requires physical access or a specific vulnerability to exploit. F . Dictionary attack is a type of attack that involves guessing passwords or encryption keys by using a list of common or likely words. It can be used to gain unauthorized access to accounts, devices, or data. It can compromise the devices or make them part of a botnet, but it is not a specific or efficient method, as it requires a lot of time and resources to perform. Reference: 1: What is a Botnet and How to Protect Your Devices in 2024 - VPNOverview.com 2: What is a botnet? When infected devices attack | CSO Online 3: What is a DDoS Botnet | Common Botnets and Botnet Tools | Imperva 4: Deauthentication attack - Wikipedia 5: IP spoofing - Wikipedia 6: Firmware - Wikipedia 7: Dictionary attack - Wikipedia
