Which of the following technologies allows traffic to be sent through two different ISPs to increase performance?
Correct Answer: C
Load balancing is a technology that allows traffic to be sent through two different ISPs to increase performance. Load balancing is a process of distributing network traffic across multiple servers or links to optimize resource utilization, throughput, latency, and reliability. Load balancing can be implemented at different layers of the OSI model, such as layer 4 (transport) or layer 7 (application). Load balancing can also be used for outbound traffic by using multiple ISPs and routing protocols such as BGP (Border Gateway Protocol) to select the best path for each packet. Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/border-gateway-protocol-bgp/prod_white_paper0900aecd806c4eeb.html
Question 132
A company's management team wants to implement NAC on the wired and wireless networks. Which of the following is an authentication component that must be used in this solution?
Correct Answer: B
802.1X is an authentication component that must be used in a network access control (NAC) solution. NAC is a method of enforcing security policies on devices that want to access a network, by verifying their identity, compliance, and authorization. 802.1X is a standard that defines how to provide authentication for devices trying to connect to a LAN or WLAN. It uses the Extensible Authentication Protocol (EAP) to exchange authentication information between the device (supplicant), the network access device (authenticator), and the authentication server (typically RADIUS or TACACS+). 802.1X can prevent unauthorized devices from accessing the network, and can also assign them to different VLANs or apply different policies based on their role or group. IPSec is a protocol suite that provides encryption, authentication, and integrity for IP packets. It can be used to create secure VPN tunnels between networks or hosts. IPSec is not an authentication component for NAC, but rather a security component for protecting data in transit. EAP is a framework that supports multiple authentication methods, such as passwords, certificates, tokens, or biometrics. EAP is used by 802.1X to provide authentication for network access, but it is not a component by itself. EAP requires a carrier protocol, such as 802.1X, to transport the authentication messages. TACACS+ is a protocol that provides authentication, authorization, and accounting (AAA) services for network devices or users. It can be used as an authentication server for 802.1X, but it is not an authentication component for NAC by itself. TACACS+ requires a client-server protocol, such as 802.1X, to communicate with the network access device. Reference What is 802.1X Network Access Control (NAC)? Compare TACACS + and RADIUS 802.1X: What EXACTLY is it regarding WPA and EAP? CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008)
Question 133
A network engineer needs to reduce the overhead of file transfers. Which of the following configuration changes would accomplish that goal?
Correct Answer: B
Jumbo frames are Ethernet frames that have a payload size larger than the standard 1500 bytes. They can range from 1501 to 9000 bytes, depending on the network device and configuration. Jumbo frames can reduce the overhead of file transfers by decreasing the number of frames that need to be sent and received, as well as the number of headers and checksums that need to be processed. Jumbo frames can also improve the throughput and efficiency of the network, as they reduce the fragmentation and reassembly of packets, and the CPU utilization of the network devices. However, jumbo frames also have some drawbacks, such as increased latency, higher memory requirements, and compatibility issues with some network devices and applications. Therefore, they should be used with caution and only when the network supports them. To enable jumbo frames, both the sender and the receiver, as well as all the intermediate devices (such as switches and routers) along the path, must support and be configured with the same maximum transmission unit (MTU) size. Otherwise, the frames will be dropped or fragmented, resulting in poor performance or errors. The other options are not relevant to reducing the overhead of file transfers: Link aggregation is a technique of combining multiple physical links into a logical link, to increase the bandwidth and redundancy of the network. It does not affect the frame size or the overhead of file transfers. Port security is a feature that restricts the access to a switch port based on the MAC address of the device connected to it. It prevents unauthorized devices from accessing the network, but it does not reduce the overhead of file transfers. Flow control is a mechanism that regulates the rate of data transmission between two devices, to avoid congestion and data loss. It can be implemented at the data link layer (using pause frames) or the transport layer (using TCP windowing). It does not reduce the overhead of file transfers, but rather adapts to the network conditions. Lower FTP port is not a valid configuration change, as FTP uses well-defined ports for its operation. FTP uses port 21 for control connections and port 20 for data connections, or a random port above 1024 for passive mode. Changing the FTP port would not reduce the overhead of file transfers, but rather cause connection problems or security risks. Reference: CompTIA Network+ N10-008 Study Guide, Chapter 2: Network Devices and Technologies, Section 2.3: Configure Switches, p. 97-98 Professor Messer's Network+ N10-008 Course Notes, Section 2.3: Switch Configuration, p. 22 Professor Messer's Network+ N10-008 Video Training Course, 2.3 Switch Configuration - Part 2
Question 134
Which of the following BEST describes a split-tunnel client-to-server VPN connection?
Correct Answer: C
In a split-tunnel VPN, only certain network traffic (usually traffic destined for the remote network) is sent over the VPN tunnel, while other traffic is sent directly to the local gateway and out to the internet. This can improve overall network performance for the user, but can also introduce some security risks if the local network is not properly secured.
Question 135
An engineer needs to restrict the database servers that are in the same subnet from communicating with each other. The database servers will still need to communicate with the application servers in a different subnet. In some cases, the database servers will be clustered, and the servers will need to communicate with other cluster members. Which of the following technologies will be BEST to use to implement this filtering without creating rules?
