Prepare to Pass the CompTIA Network+ Certification Exam

Get ready for the Network+ exam with our in-depth, comprehensive study guide. The Network+ certification is a vendor-neutral, essential distinction that verifies that an individual has the skills and knowledge to build, manage and protect the data network. In order to be best prepared to earn your certification, you should have completed a Network+ training course. Our free CompTIA+ Network+ online training course covers the essential knowledge you’ll need to get ready for the exam. After you’ve finished the Network+ training course, the next step is to read through this study guide in it’s entirety— it’s packed with everything you’ll need to be successful on the exam.

Basic Network Components

Which of the following is a component that provides resources over a network?

  1. Client
  2. LAN
  3. Router
  4. Server

Answer: The correct answer is 4.

Breakdown: A server provides or “serves” up resources to a network. Examples of resources are access to email, pages on a web server, or files on a file server.

Dynamic NAT

What NAT variation automatically assigns an inside global address to a device on the private network from a pool of available addresses?

  1. SNAT
  2. DNAT
  3. PAT
  4. GNAT

Answer: The correct answer is 2.

Breakdown: Dynamic NAT (DNAT) automatically assigns inside global IP addresses from a pool of addresses as opposed to Static NAT (SNAT) where manual (static) assignment is performed.

NAT Basics

What NAT IP address is a public address that references an inside device?

  1. Inside local
  2. Inside global
  3. Outside local
  4. Outside global

Answer: The correct answer is 2.

Breakdown: An inside global address is a public IP address that references an inside device such as an email or Web server.

Exterior Gateway Protocols (EGP)

Which of the following routing protocols is an EGP?

  1. BGP
  2. IS-IS
  3. RIP
  4. OSPF

Answer: The correct answer is 1.

Breakdown: Border Gateway Protocol is used to exchange routing information between the service provider’s autonomous system (AS) and each of the other autonomous systems. BGP is the only EGP in widespread use today and is considered to be the routing protocol that runs the Internet.

Preventing Routing Loops

Which are features of distance-vector routing protocols that are used to prevent routing loops? (Choose all that apply).

  1. Reverse path forwarding (RPF) check
  2. Split horizon
  3. Poison reverse
  4. Rendezvous point

Answer: The correct answers are 2 and 3. Split horizon: The split horizon feature prevents a route learned on one interface from being advertised back out of that same interface. Poison reverse: The poison reverse feature causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.

Believability of a Route

What routing protocol characteristic indicates the believability of the routing protocol?

  1. Weight
  2. Metric
  3. Administrative distance
  4. SPF algorithm

Answer: The correct answer is 3.

Breakdown: The index of believability for a routing protocol is called administrative distance (AD). Lower AD values are more believable than higher values.

Default Route

What is the network address and subnet mask of a default route?


Answer: The correct answer is 4.

Breakdown: The default fault route is a statically configured route.

Destination IP Address

When a PC on an Ethernet network attempts to communicate with a host on a different subnet, what destination IP address and destination MAC address are placed in the packet/frame header transmitted by the client PC?

  1. IP address of the default gateway and MAC address of the default gateway.
  2. IP address of the remote host and MAC address of the default gateway.
  3. IP address of the remote host and the MAC address of the remote host.
  4. IP address of the remote host and the MAC address of the local PC.

Answer: The correct answer is 2.

Breakdown: IP address of the remote host and MAC address of the default gateway.

IPv6 Address Abbreviation

Simplify the following IPv6 address: 0AA0:0123:4040:0000:0000:000:000A:100B

  1. AA0::123:404:A:100B
  2. AA::123:404:A:1B
  3. AA0:123:4040::A:100B
  4. 0AA0:0123:4040::0:000A:100BSection

Answer: The correct answer is 3.

Breakdown: The repeating zeros in digits 4-6 can be truncated with “::” and the leading zeroes in the 1st and 7th digits can be dropped to shorten the entire IPv6 address.

Classful Masks

A client with an IP address of belongs to what network?


Answer: The correct answer is 1.

Breakdown: The first octet (172) indicates that this is a Class B network with a classful mask of /16. Applying this mask to the original IP address yields the network.

Network Subnetting

Your company has been assigned the following network: Come up with a subnet mask that will accommodate seven subnets while also accommodating the maximum number of hosts per subnet.

  1. /24
  2. /26
  3. /27
  4. /28

Answer: The correct answer is 3.

Breakdown: To achieve 7 subnets the number of borrowed bits must be greater than 2 (2^2 = 4), hence 2^3 = 8. The network is a class C making the classful mask: /24. Hence, 24 + 3 gives us a subnet mask of /27. The number of hosts per subnet are: 2^3 – 2 = 6.

Prefix Notation

What is the prefix notation for a subnet mask of

  1. /20
  2. /24
  3. /28
  4. /29

Answer: The correct answer is 3.

Breakdown: The subnet mask for 255.255.255 has the following prefix notation /24. The remaining contiguous left justified ones is 4. The resulting prefix notation is then /24 + /4 = /28.

IP Address Assignment

Which of the following are dynamic methods for assigning IP addresses to networked devices?

  1. BOOTP
  2. APIPA
  3. Zeroconf
  4. DHCP

Answer: The correct answers are 1 and 4.

Breakdown: Both BOOTP and DHCP involve a broadcast from an attached network device to request an IP address. BOOTP is an obsolete protocol that relies on mapping the MAC address of a device to an IP address. DHCP is a more robust solution that has a wide variety of options beyond basic IP address, subnet mask, and default gateway parameters.

IP Address Classes

What is the class of IP address

  1. Class A
  2. Class B
  3. Class C
  4. Class D

Answer: The correct answer is 1.

Breakdown: Class A IP addresses are in the range of

Decimal To Binary Conversion

What is the decimal representation for this binary number: 10110100?

  1. 114
  2. 190
  3. 172
  4. 180

Answer: The correct answer is 4.

Breakdown: 2^7 + 2^5 + 2^4 + 2^2 = 128 + 32 + 16 + 4 = 180

Binary To Decimal Conversion

What is the binary representation of the decimal number 117?

  1. 10110101
  2. 01110101
  3. 10110110
  4. 01101001

Answer: The correct answer is 2.

Breakdown: 2^6 + 2^5 + 2^4 + 2^2 + 2^0 = 64 + 32 + 16 + 4 + 1 = 117

Network Authentication

Which device on IEEE 802.1X is responsible for checking the credentials of a device seeking to gain access to the network?

  1. Supplicant
  2. Authentication server
  3. Access point
  4. Authenticator

Answer: The correct answer is 2.

Breakdown: The authentication server is a network component that runs a particular authentication protocol such as RADIUS and checks the supplicant’s (device wishing network access) against a database of stored credentials. The authentication server also provides the authenticator (switch) with an authenticator key that is used to securely transmit data between the client and the switch using some form of data encryption.

Packet Sniffing Fundamentals

You want to monitor traffic between two ports on a switch with a laptop running the Wireshark packet sniffing software connected to a third port. What feature on the switch would you enable to allow you to monitor the traffic between the other two ports?

  1. Port interception
  2. Port duplexing
  3. Port mirroring
  4. Port redirect

Answer: The correct answer is 3.

Breakdown: The port mirroring feature on supported switches allows traffic passing between ports to be “mirrored” out another port for diagnostic purposes.

Power Over Ethernet Specifications

What is the maximum amount of power a switch is allowed to provide over any one port as specified by the IEEE 802.3af standard for PoE?

  1. 7.7 W
  2. 15.4 W
  3. 26.4 W
  4. 32.4 W

Answer: The correct answer is 2.

Breakdown: The IEEE standard can supply a maximum of 15.4 W of power over each switch port in order to power attached devices. The newer IEEE 802.3at standard can supply as much as 32.4 W, thus offering the ability to power a wider range of devices.

Spanning Tree Protocol Basics

On a network running STP, what is the port within each segment that is closest to the root bridge (in terms of cost) called?

  1. Root
  2. Designated
  3. Non-designated
  4. Non-root

Answer: The correct answer is 2.

Breakdown: Every network segment has a single designated port, which is the port on that segment that is closest to the root bridge, in terms of cost. Therefore, all ports on a root bridge are designated ports.

VLAN Essentials

Which are true about VLANs? (Choose all that apply.)

  1. A VLAN has a single broadcast domain.
  2. For traffic to pass between two VLANs, the traffic must be routed.
  3. Because a switch has a MAC address table, traffic does not need to be routed to pass between two VLANS.
  4. A VLAN has a single collision domain.

Answer: The correct answers are 1 and 2.

Breakdown: Like a switch, a VLAN has a single broadcast domain, however, a VLAN allows the grouping of ports on the switch into subnets with separate broadcast domains. For traffic to travel between two VLANs, that traffic must be routed. A more efficient way of connecting VLANs back to a router is to use a trunking standard such as IEEE 802.1Q.

Ethernet Collision Detection and Handling

When two devices simultaneously transmit data on an Ethernet network and a collision is detected, what happens?

  1. Each device compares the other device’s priority value (determined by IP address) with its own and the device with the highest priority attempts to resend its data first.
  2. Each device waits for a clear to send (CTS) sign from the switch before resending its data.
  3. Each device randomly picks a priority value and the device choosing the highest value resends its data first.
  4. Each device sets a random back off timer and the device will attempt to resend its data after its timer expires.

Answer: The correct answer is 4.

Breakdown: Each device sets a random back off timer and the device will attempt to resend its data after its timer expires.

Ethernet Origins

Which Ethernet implementation uses UTP?

  1. IEEE 802.3
  2. 10BASE5
  3. 10BASE2
  4. 10BASE-T

Answer: The correct answer is 4.

Breakdown: 10BASE-T is a 10-Mbps implementation of Ethernet that relies on UTP cabling. 10BASE5 and 10BASE2 used different thicknesses of coaxial cable (“thicknet” and “thinnet” or “cheapernet” respectively). IEEE-802.3 is the overall standard for Ethernet that includes all implementations.

Proxy Server Benefits

What are the possible benefits of a proxy server? (Choose all that apply).

  1. Load balancing
  2. Content filtering
  3. Data caching
  4. Security

Answer: The correct answers are 2, 3 and 4.

Breakdown: A proxy server is a specialized network device that sits between clients and the external network (Internet). It can cache frequently requested content to improve performance, security by hiding internal IP addresses from the outside network, and filtering content in order to block access to internal users to unauthorized sites based on corporate policies.

Specialized Network Devices

Which device allows traffic to enter and exit a private corporate network?

  1. VPN Concentrator
  2. DHCP Server
  3. Firewall
  4. Proxy Server

Answer: The correct answer is 3.

Breakdown: A firewall allows traffic to enter and exit a private network using various strategies such as packet inspection or security rules.

Switch Broadcast Domains

How many broadcast domains does a 12-port switch have?

  1. None
  2. One
  3. Two
  4. Twelve

Answer: The correct answer is 2.

Breakdown: A switch is a layer 2 device with a single broadcast domain.

Router Broadcast Domains

How many broadcast domains does a 12-port router have?

  1. None
  2. One
  3. Two
  4. Twelve

Answer: The correct answer is 4.

Breakdown: A router has a separate broadcast and collision domain for each port.

Network Infrastructure Devices

Which network infrastructure device primarily makes forwarding decisions based on MAC addresses?

  1. Router
  2. Switch
  3. Hub
  4. Multilayer switch

Answer: The correct answer is 2.

Breakdown: A switch is able to dynamically learn the MAC addresses of the devices attached to its ports. It maintains these addresses in a MAC address table. Subsequent segments are then transmitted only to the port associated with the MAC address contained in the segment.

Environmental Considerations of Cabling

Which type of cable would you choose for installation in a drop ceiling that is used as an open air return duct?

  1. Riser
  2. Plenum
  3. Multimode
  4. Twin-axial

Answer: The correct answer is 2.

Breakdown: The location of cable sometimes requires adherence to fire codes, where in the event of fire, toxic fumes could be spread throughout a building. Plenum grade cabling is manufactured to be fire retardant, and in some cases, uses a low-smoke PVC insulation to minimize the emission of dangerous fumes.

UTP Cabling

Which of the following categories of UTP cabling are suitable are 1000BASE-T networks? (Choose all that apply)

  1. Cat 5
  2. Cat 5e
  3. Cat 6
  4. Cat 6e

Answer: The correct answer is 2 and 3.

Breakdown: The reduced crosstalk and higher data capacity of Cat 5e and Cat 6 cabling make them suitable choices for 1000BASE-T networks.

TCP and UDP Ports

In which range is the TCP port number for the HTTP protocol located?

  1. Below 1024
  2. Between 1024 and 16,384
  3. Above 16,384

Answer: The correct answer is 1.

Breakdown: The TCP port number for the HTTP protocol is in the range of the well-known TCP ports numbers (below 1024) at port 80.

TCP/IP Stack

Which of the following are the four layers of the TCP/IP stack?

  1. Network Interface, Internet, Session, Application
  2. Physical, Internet, Transport, Application
  3. Network Interface, Datalink, Presentation, Application
  4. Network Interface, Internet, Transport, Application

Answer: The correct answer is 4.

Windowing Flow Control Service

Which best describes the windowing flow control service?

  1. A buffering technique where a chunk of memory is allocated to store segments when bandwidth is not sufficient to transmit all of the segments.
  2. An application layer service that allows connected clients to remotely run Microsoft Windows.
  3. A network layer protocol that restricts data delivery based on IP address.
  4. A transport layer flow control service that exponentially increases the number of segments transmitted for each successfully acknowledged transmission reception.

Answer: The correct answer is 4.

Breakdown: Windowing is a dynamic form of flow control implemented at the transport layer. The window is reset if an acknowledgement is not received with the specified timeout period (RTT).

Connectionless Transport Layer Protocol

Which of the following protocols is a connectionless transport layer protocol?

  1. IP
  2. UDP
  3. TCP
  4. 802.11g

Answer: The correct answer is 2.

Breakdown: User Datagram Protocol (UDP) is a connectionless transport protocol. It is an unreliable transport protocol meaning that if a segment is dropped, the sender is unaware and no retransmission occurs.

Bandwidth Usage

Which approach to bandwidth usage on a network utilizes all available frequencies on a medium for data transmission?

  1. Broadband
  2. Time-division multiplexing
  3. Baseband
  4. Simplex

Answer: The correct answer is 3.

Breakdown: Baseband bandwidth usage utilizes all available frequencies on the wire. Ethernet is an example of a baseband technology. Broadband, on the other hand, divides up the medium into separate channels of different frequencies for the transmission of various kinds of information such as voice and data.

OSI Model

Which layer of the OSI reference model is responsible for providing email services?

  1. Physical layer
  2. Transport layer
  3. Application layer
  4. Network layer

Answer: The correct answer is 3.

Breakdown: The application layer of the OSI reference model for providing application services such as email and file sharing. Note: do not confuse software applications such as Microsoft Outlook with application services.

Resource Sharing Features

What are some of the advantages of a peer-to-peer network when compared with a client-server network?

  1. Less Expensive
  2. Simplified administration
  3. More scalable
  4. Better performance

Answer: The correct answer is 1.

Breakdown: A peer-to-peer network is less expensive to set up than a client-server network since it relies on lower cost computers and doesn’t require special server or network operating system software. The lower cost is traded off for more complex administration, decreased performance, and lower scalability when compared to a client-server network.

Resource Location

A peer-to-peer network requires that all connected computers be running the same OS in order to share resources?

  1. True
  2. False


  1. False Though it’s much easier to set up and configure peer-to-peer resource sharing between computers running the same OS, it is possible to install software to enable sharing between computers running different types of operating systems such as Windows and Mac.

Network Topology Features

Which two statements are true with regards to a Hub-and-Spoke topology?

  1. Lower cost and high redundancy
  2. Lower cost and easy to add remote sites
  3. Higher cost and lower redundancy
  4. Lower cost and remote sites directly connected

Answer: The correct answer is 2.

Breakdown: Since remote sites are not directly connected to one another, lower cost is achieved using fewer WAN links. Adding a remote site is as simple as establishing a new WAN link between the remote site and the hub. This reduced cost and simplicity comes at the cost of suboptimal routes and a single point of failure situated at the hub.

Network Topology

Which network topology offers both an optimal route between selected sites as well as avoiding the expense of interconnecting every site to every other site?

  1. Full mesh
  2. Hub and spoke
  3. Bus
  4. Partial mesh

Answer: The correct answer is 4.

Breakdown: A partial mesh topology combines the advantages of redundancy and lower cost by optimizing routes between sites with higher intersite traffic. While not as fault-tolerant as a full mesh topology or as inexpensive as a hub-and-spoke topology, it’s a reasonable compromise to consider under appropriate circumstances and requirements.

Network Geography Features

A network that connects a wireless headset to a PC using Bluetooth is considered what type of network?

  1. WAN
  2. CAN
  3. MAN
  4. PAN

Answer: The correct answer is 4.

Breakdown: A Personal Area Network (PAN) is a network with a very small scale (smaller than a LAN). It’s range is typically limited to just a few meters. In the case above, a Bluetooth connection (wireless) is more specifically referred to as a WPAN.

Network Geography

Which of the following network geographies would you expect to see deployed to connect the LANs of multiple office buildings within an industrial park?

  1. MAN
  2. PAN
  3. CAN
  4. WAN

Answer: The correct answer is 3.

Breakdown: A Campus Area Network (CAN) is the most appropriate network category to implement when connecting together geographically close LANs.

Features of Network Components

Which of the network components below is purely physical (has no intelligence in the form of an embedded processing)?

  1. Hub
  2. Router
  3. Switch
  4. Server

Answer: The correct answer is 1.

Breakdown: A hub is an older technology that interconnects network components such as clients, servers, and printers. It operates purely at the physical level using electricity and is “dumb” in that it doesn’t run software instructions.

Multicast Protocols

What multicast protocol is used between clients and routers to let routers know which of their interfaces are connected to a multicast receiver?

  1. IGMP
  2. PIM-DM
  3. PIM-SM
  4. SPT switchover

Answer: The correct answer is 1.

Breakdown: Internet Group Management Protocol (IGMP) is the protocol used between clients and routers to let routers know which of their interfaces have multicast receivers attache4. Protocols such as PIM, PIM-DM, and PIM-SM are multicast routing protocols that route multicast traffic between multicast-enabled routers.


ISDN is considered to be what type of WAN connection?

  1. Dedicated leased line
  2. Circuit-switched connection
  3. Packet-switched connection
  4. Cell-switched connection

Answer: The correct answer is 2.

Breakdown: ISDN provides periodic connectivity to customers using a circuit-switched connection very much like placing a phone call.

WAN Media Types

Which of the following WAN technologies commonly use UTP cabling? (Choose all that apply)

  1. Cable modem
  2. ISDN
  3. DSL modem
  4. POTS dial-up modem

Answer: The correct answers are 2, 3 and 4.

Breakdown: ISDN, DSL, and POTS cabling all use UTP. Coaxial cable is used to connect a cable modem to the WAN interface.

E1 Wan Channels

How many channels on an E1 circuit are available for voice, video, or data?

  1. 23
  2. 24
  3. 30
  4. 32

Answer: The correct answer is 3.

Breakdown: An E1 circuit contains 32 channels, but only 30 can transmit data (or voice or video). Channel 1 is reserved for framing and synchronization and channel 17 is reserved for signaling (call setup, maintenance, and tear down). E1 circuits are popular outside of North America and Japan.

PPP Authentication Protocols

Which PPP authentication method provides one-way authentication and sends credentials in clear text?

  1. WEP
  2. MS-CHAP
  3. PAP
  4. CHAP

Answer: The correct answer is 3.

Breakdown: Password Authentication Protocol (PAP) performs one-way authentication between a client and server. Since the client’s credentials are sent in clear text, it presents a security vulnerability in the event of eavesdroppers listening in.

Cable Modem Servicing

What kind of network is used by many cable companies to service their cable modems and contains both fiber-optic and coaxial cabling?

  1. Head-end
  3. Composite
  4. HFC

Answer: The correct answer is 4.

Breakdown: Hybrid Fiber-Coax (HFC) is a distribution network used by cable companies to distribute television and data to subscribers. Upstream and downstream traffic is assigned to specific frequency ranges and a cable modem is located on the subscriber’s premises to send and receive data from the WAN.

ATM Payload Size

How big is the payload portion of an ATM cell?

  1. 5 bytes
  2. 48 bytes
  3. 53 bytes
  4. 64 bytes

Answer: The correct answer is 2.

Breakdown: An ATM cell contains a 48-byte payload and a 5-byte header. This payload size is the result of a compromise between the countries that participated in developing the international standard for ATMs.

MPLS Header Size

What is the size of an MPLS header?

  1. 4 bits
  2. 8 bits
  3. 16 bits
  4. 32 bits

Answer: The correct answer is 4.

Breakdown: Multiprotocol Label Switching (MPLS) inserts a 32-bit header between Layer 2 and Layer 3 headers. This is known as a shim header. Because this header resides between Layers 2 and 3, MPLS is considered to be a Layer 2 1/2 technology.

Wireless LANs

In a basic WLAN topology, how do connected clients on the network obtain IP addresses?

  1. DHCP
  2. BOOTP
  3. PAT
  4. Statically configured on client

Answer: The correct answer is 3.

Breakdown: On a WLAN, the router obtains an IP address via DHCP from the ISP. The router then uses Port Address Translation (PAT) to provide IP addresses to devices attaching to it either wirelessly or through a wired connection.

Wireless LAN Antennas

What type of WLAN antenna radiates relatively equal power in all directions?

  1. Unidirectional
  2. Yagi
  3. Parabolic
  4. Omnidirectional

Answer: The correct answer is 4.

Breakdown: An omnidirectional antenna radiates power at relatively equal power levels in all directions, which is somewhat similar to the theoretical isotropic antenna. It is typically deployed in small office/home office (SOHO) locations. Conversely, an unidirectional antenna focuses power in a specific direction in order to avoid potential interference and is often used to connect WLANs between two nearby buildings.

WLAN Channel Selection

When using the 2.4-GHz band for multiple access points in a WLAN located in the United States, which non overlapping channels should you select? (Choose all available channels)

  1. 0
  2. 1
  3. 5
  4. 6
  5. 10
  6. 11
  7. 14

Answer: The correct answers are 2, 4 and 6.

Breakdown: For the 2.4-GHz band, channel frequencies are separated by 5 MHz, but a single channel’s transmission can spread over a frequency range of 22 MHz. As a result, channels must have five channels of separation (5 * 5 MHz = 25 MHz, which is greater than 22 MHz). In the US, you could select non overlapping channels of 1, 6, and 11. Channel 14 is a non overlapping channel, but is not supported in the US.

WLAN Access Technology

What technology do WLANs use to determine when they can gain access to the wireless media?

  1. SPF
  2. CSMA/CA
  3. RSTP
  4. DUAL

Answer: The correct answer is 2.

Breakdown: WLANs use a similar technology to CSMA/CD used for Ethernet called Carrier Sense Multiple Access Collision Avoidance (CSMA/CA). Due to the half-duplex nature of WLANs like with Ethernet, devices only transmit in one direction at a time and must wait until the media is clear. A WLAN listens for a transmission to determine if it is safe to transmit. A collision avoidance algorithm causes wireless devices to wait for a random backoff time before transmitting.

WLAN Transmission Methods

Which WLAN transmission method achieves enhanced security where participants hop over a range of predetermined frequencies?

  1. DSSS
  2. FHSS
  3. OFDM
  4. MIMO

Answer: The correct answer is 2.

Breakdown: Frequency-hopping spread spectrum (FHSS) allows participants on a wireless network to “hop” between predetermined frequencies for their communications. This enhances security since participants can predict the next frequency to be used while this is very difficult for a third party to predict. FHSS can also provision extra bandwidth by simultaneously using more than one frequency. FHSS is not in common use today and DSSS and OFDM are now the prominent technologies.

Wireless AP Placement

What percentage of overlap is recommended for adjacent cells in order to prevent connection dropping as a user roams when extending the range of a 2.4-GHz WLAN?

  1. 5-10 percent
  2. 10-15 percent
  3. 15-20 percent
  4. 2-25 percent

Answer: The correct answer is 2.

Breakdown: Non Overlapping channels in a 2.4-GHz WLAN can overlap their coverage area in order to provide seamless roaming between AP coverage areas. It is commonly recommended to have a 10-15 percent overlap of coverage between adjoining cells.

WLAN Security

What type of authentication is said to be in use if users are not required to provide any credentials to associate with a wireless AP in order to access the WLAN?

  1. WEP
  2. SSID
  3. Open
  4. IV

Answer: The correct answer is 3.

Breakdown: A WLAN that does not require any authentication or provide any encryption for wireless devices is said to be using open authentication. Publicly available WLANs such as those found in airports and coffee shops often use open authentication. This type of authentication is often exploited by hackers who set up open access points to trick users into connecting to them. From there, they employ packet sniffing software to steal credentials and other personal information from unsuspecting victims.

IEEE 802.11i Security Standard

What standard developed by the Wi-Fi Alliance implements the requirements of IEEE 802.11i?

  1. TKIP
  2. MIC
  3. WEP
  4. WPA2

Answer: The correct answer is 4.

Breakdown: In 2004, the IEEE 802.11i standard was approved requiring stronger algorithms for encryption and integrity checking than those previously used in the WEP and WPA security protocols. These enhanced requirements are implemented in the Wi-Fi Alliance’s WPA version 2 (WPA2) security standard.

NIC Redundancy Modes

What mode of NIC redundancy has only one NIC active at a time?

  1. Publisher-subscriber
  2. Client-server
  3. Active-standby
  4. Active-subscriber

Answer: The correct answer is 3.

Breakdown: Active-standby is the method where only one NIC is active at a time. This approach allows the client to appear to have a single MAC address and IP address even in the event of a NIC failure. Because of added expense, NIC redundancy is most often utilized in strategic network hosts rather than in end-user client computers.

Content Caching

What performance optimization technology uses a network appliance, which stores a copy of content sourced remotely such as from a Web server and serves up that content to local clients, thus reducing the bandwidth burden on an IP WAN?

  1. Content engine
  2. Load balancer
  3. LACP
  4. CARP

Answer: The correct answer is 1.

Breakdown: A content engine is a network appliance that stores (caches) content from a remote source and serves the locally stored content to local clients. It reduces traffic on the WAN connection and also improves response time for content requests.

QoS Bandwidth Issues

A lack of bandwidth can lead to which QoS issues? (Choose all that apply)

  1. Delay
  2. Jitter
  3. Prioritization
  4. Packet drops

Answer: The correct answer is 1, 2, and 4.

Breakdown: A lack of bandwidth is the primary issue for most network quality problems. These issue may take the form of one or more of the following symptoms: Delay – longer time of arrival for packets sent from a source to a destination. Jitter – uneven arrival of packets. Drops – packets can get dropped if link congestion causes a router’s interface queue to overflow. Subsequent retransmissions can greatly slow down data throughput.

Voice QoS Policies

What is the maximum recommended one-way delay for voice traffic?

  1. 25 ms
  2. 75 ms
  3. 125 ms
  4. 150 ms

Answer: The correct answer is 4.

Breakdown: When implementing a QoS policy it’s important to determine the network performance requirements for various traffic types. For voice traffic the following requirements are recommended: no more than 150 ms of one-way delay; no more than 30 ms of jitter; and no more than 1 percent packet loss. These minimums are required in order to ensure that voice communications always remain intelligible.

IntServ QoS Mechanisms

Which of these QoS mechanisms are considered to be an IntServ mechanism. (Choose all that apply)

  1. LLQ
  2. RSVP
  3. RED
  4. cRTP

Answer: The correct answer is 2.

Breakdown: IntServ is often referred to as a hard QoS since its bandwidth reservations are strict and must be configured on every router. Resource Reservation Protocol (RSVP) is an example of an IntServ approach to QoS.

Compression for Link Efficiency

RTP header compression can compress the combined Layer 3 and Layer 4 headers from 40 bytes down to how many bytes?

  1. 1-3 bytes
  2. 2-4 bytes
  3. 3-5 bytes
  4. 4-6 bytes

Answer: The correct answer is 2.

Breakdown: RTP header compression (cRTP) can take Layer 3 and Layer 4 headers and compress them down to only 2 or 4 bytes in order to make better use of bandwidth on slower-speed links. This is part of the link fragmentation and interleaving (LFI) process.

LFI and Packet Delay

What type of delay is the amount of time required for a packet to exit a router’s serial interface?

  1. Serialization delay
  2. Packetization delay
  3. Propagation delay
  4. Queuing delay

Answer: The correct answer is 1.

Breakdown: LFI addresses the issue of serialization delay, which is the amount of time required for a packet to exit an interface. A technique for reducing the delay of voice data on a slower-speed link is to interleave voice packets with fragments of larger data packets in order to improve the effective throughput of voice data over the link.

Windows arp Command

Which command line switch for the arp command displays whether the arp table entry was dynamically learned or statically configured?

  1. -v
  2. -a
  3. -d
  4. -s

Answer: The correct answer is 2. The -a switch for the Windows arp command shows what MAC addresses have been learned for the listed IP addresses. The dynamically learned addresses display dynamic under the Type column, while statically configured addresses are listed as static under the Type column.

NetBios Diagnostic Command

Which Windows command is used to display NetBIOS over TCP/IP information?

  1. route
  2. nbtstat
  3. dig
  4. netstat

Answer: The correct answer is 2.

Breakdown: The nbtstat command displays NetBIOS information for IP-based networks. The nbt prefix of the command refers to NetBIOS over TCP/IP, which is called NBT or NetBT. This command can display a listing of NetBIOS device names learned by a Windows PC.

Windows ipconfig Command

What option would you specify after the ipconfig command to display a Windows PC’s DNS server’s IP address?

  1. No option is needed because the ipconfig command displays DNS server information by default.
  2. /full
  3. /fqdn
  4. /all

Answer: The correct answer is 4.

Breakdown: The ipconfig command entered by itself displays a summary of a PC’s IP address configuration. The /all option gives more verbose information including the DNS and WINS server IP addresses among other additional information beyond the default command.

ping Command Basics

What Layer 4 protocol is used by the ping command?

  1. IGMP
  2. PIM
  3. ICMP
  4. RTP

Answer: The correct answer is 3.

Breakdown: The ping command uses Internet Control Message Protocol (ICMP), which is a Layer 4 protocol. The ping command directs the PC to send an ICMP echo message to the specified destination host. If the destination host is reachable, then it responds with an ICMP echo reply message. Other ICMP messages can also be returned.

UNIX networking commands

Which command is used on a UNIX host to display information about each router hop along the path from a source to a destination?

  1. ping -t
  2. tracert
  3. ping -r
  4. traceroute

Answer: The correct answer is 4.

Breakdown: On UNIX systems the traceroute command is the equivalent of the tracert Windows command. It can help isolate which router hop along the path from a source to a destination is having issues. In addition, based on the round-trip response time reported for each hop, it can help isolate which network segment might be causing excessive delay due to congestion.

UNIX Command Help

What would you type at a UNIX command prompt to display detailed help for the UNIX host command?

  1. host help
  2. host /?
  3. manual host
  4. man host

Answer: The correct answer is 4.

Breakdown: One of the benefits of UNIX is its extensive syntax reference in the form of manual pages (man pages). Detailed help for any command can be invoked with the following syntax: HOST# man [command]

UNIX ping Command

Which of the following commands would you issue on a UNIX host to send five ICMP echo messages to a device with an IP address of

  1. ping
  2. ping -c 5
  3. ping -t 5
  4. ping -t 5

Answer: The correct answer is 2.

Breakdown: The UNIX ping command performs the same basic function as its counterpart under Windows, however, the UNIX ping command sends continuous pings as opposed to the Windows default of four. You can use the -c command switch followed by a count followed to limit the number of pings issued to the destination target.

Bit Error Rate Calculation

One error occurred during the transmission of 8 bits. What is the BER?

  1. .0125
  2. .025
  3. .125
  4. .25

Answer: The correct answer is 3.

Breakdown: BER = 1 / 8 = .125

Cable Testing

What piece of test equipment can be used to test the throughput of a Cat 5 cable?

  1. OTDR
  2. Multimeter
  3. BERT
  4. Cable certifier

Answer: The correct answer is 4.

Breakdown: If you are working with existing cable and wish to determine it category (e.g. Cat 3, Cat 5, etc.) or if you would like to test the supported frequency range of a cable, then you can use a cable certifier.

Diagnostics Best Practices

What is the best practice for preventing accidental damage to the sensitive components on a circuit board due to static from your body?

  1. Wear an ESD wrist strap.
  2. Apply antistatic spray to the circuit board.
  3. Ground the circuit board
  4. Stand on a carpeted floor (or a rug) when working on a circuit board to provide insulation between your body and an electric ground potential.

Answer: The correct answer is 1.

Breakdown: The static that accumulates on your body, especially under dry air conditions such as during the winter months, isn’t enough to harm you (just a few milliamps), however, it’s often enough to damage sensitive solid state components on a circuit board that you may be handling. As a precaution, you should wear an electrostatic discharge (ESD) wrist strap. The strap is equipped with a clip that you attach to something with ground potential such as a metal desk or metal button that is wired to a grounding point. This will channel any electrostatic discharge produced on your body to the grounding point and away from the circuit board.

Network Diagnostics Equipment

What piece of equipment would you use to examine the headers of Ethernet packets being transmitted from a device attached to a network?

  1. OTDR
  2. Multimeter
  3. Protocol analyzer
  4. Butt set

Answer: The correct answer is 3.

Breakdown: A protocol analyzer or network sniffer can be used to examine details of the packets traversing a network. A protocol analyzer can be either a standalone device or a software application running on a PC or laptop. By examining captured packets, a network administrator can gain valuable insights about the nature of the traffic on the network.

Network Management Basics

What is the object structure called that SNMP uses to collect information about a managed device?

  1. RIB
  2. MIB
  3. DUAL
  4. LSA

Answer: The correct answer is 2.

Breakdown: Simple Network Management Protocol (SNMP) maintains information about managed devices in a series of data objects. The structure of these objects is defined by a managed device’s Management Information Base (MIB).

Syslog Severity Levels

A notification that a specific operation failed to complete successfully is classified as what syslog severity level?

  1. Informational (1)
  2. Critical (2)
  3. Errors (5)
  4. Warnings (4)

Answer: The correct answer is 4.

Breakdown: Many network devices such as servers, routers, switches, etc. can send their log information to a common syslog server. By maintaining logs from multiple devices in a common log, network admins can better correlate events occurring on one device with events occurring on another by examining time stamps. Events are categorized by severity levels. An event with a severity level set to warning such as an operation failing to complete successfully is worth taking note of but generally does not threaten the availability of the network such as a higher severity level event would.

Windows Logs

What Microsoft Windows application allows you to view a variety of log types, including application, security, and system logs?

  1. Event Viewer
  2. Performance Monitor
  3. Microsoft Management Console
  4. Control Panel

Answer: The correct answer is 1.

Breakdown: Operating systems such as Microsoft Windows also generate logs for both client and server editions of the OS. Microsoft’s Event Viewer is an application that provides a graphical user interface (GUI) for viewing Windows log files. The Event Viewer allows you to view various types of logs including application, security, and system logs. Some of the information it provides are time stamps, severity levels, source of the event, and a detailed description of the event which sometimes includes an error code(s).

Data Encryption

Which is a symmetric encryption algorithm available in 128-bit, 192-bit, and 256-bit key versions?

  1. RSA
  2. 3DES
  3. AES
  4. TKIP

Answer: The correct answer is 3.

Breakdown: Advanced Encryption Standard (AES) is the most secure of the three primary symmetric encryption algorithms and is available in 128-bit, 192-bit, and 256-bit key versions.

Availability Attacks

In what type of attack does an attacker compromise multiple systems and then instruct those compromised systems (zombies) to simultaneously flood a target system with traffic?

  1. DoS
  2. TCP SYN flood
  3. Buffer overflow
  4. DDos

Answer: The correct answer is 4.

Breakdown: A distributed denial of service attack is a DoS attack that organizes a large collection of infected computers often referred to as zombies or bots into an ad hoc network referred to as a botnet. The attacker then can remotely command the bots to flood a target device with bogus traffic in the form of a TCP SYN flood or the “ping of death” or other form of availability attack.

Verifying Network Security

What application would you use to verify the security of a network and also check for any weaknesses?

  1. Honey pot
  2. Posture monitor
  3. Profile scanner
  4. Vulnerability scanner

Answer: The correct answer is 4.

Breakdown: It’s vital that the network security solution of a deployed network be checked on a periodic basis to verify that things work as expected and to also identify and secure any discovered weaknesses. Applications known as security scanners are used for this purpose. Two such applications are Nessus and Nmap. These scanners employ many of the same scanning features that attackers utilize in order to discover network vulnerabilities.

Firewall Basics

What feature allows a firewall to permit traffic to flow from a trusted network (e.g. corporate intranet) to an untrusted network (e.g. Internet) and then allow return traffic for that same session while blocking sessions originating from the untrusted network?

  1. Packet filtering
  2. Stateful inspection
  3. Demilitarized zone
  4. Implicit deny all instruction

Answer: The correct answer is 2.

Breakdown: A stateful firewall inspects traffic leaving and entering a private network and keeps track of sessions via source and destination IP addresses and port numbers. This method of stateful inspection is used by such a firewall to allow traffic from the inside network to exit and returning traffic for the same session to enter the inside network. A stateful firewall offers more flexibility than a packet-filtering firewall.

HTTPS Secured Connection

Which protocols are most commonly used to provide security for an HTTPS connection? (Choose all that apply)

  1. L2TP
  2. SSL
  3. PPTP
  4. TLS

Answer: The correct answer is 2 and 4.

Breakdown: A secure Web browsing connection is provided by Hypertext Transfer Protocol Secure (HTTPS). Two security protocols can be used for this secure connection: Secure Sockets Layer (SSL) or Transport Layer Security (TLS). TSL has largely replaced SSL as the VPN protocol of choice for providing encryption and reliability to upper layers of the OSI model. In most cases, when you securely connect to a website these days using HTTPS, you are using TLS.

Intrusion Prevention and Detection

Which detection methods are commonly used by IPS sensors? (Choose all that apply)

  1. Signature-based
  2. Distribution-based
  3. Policy-based
  4. Behavior-based

Answer: The correct answer is 1, 3, and 4.

Breakdown: An Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) are technologies that are often able to recognize an attack and respond appropriately. These systems utilize three main mechanisms for identifying attacks: Signature-based – potential attacks are identified by examining the bytes within data packets and comparing data sequences with stored sequences associated with known attacks. Policy-based – network traffic is checked against manually-configure security policies to look for suspicious traffic. Anomaly-based or behavior-based – a baseline of normal traffic patterns is established and significant variations from baseline are flagged as anomalous.

Network Troubleshooting Basics

Which of the following should be the most likely first step in a structured network troubleshooting methodology?

  1. Hypothesize the probable cause.
  2. Create an action plan.
  3. Create a post-mortem report.
  4. Define the problem.

Answer: The correct answer is 4.

Breakdown: A structured approach to network troubleshooting should begin with fully defining the problem. Only once the reported problem is defined as completely as possible from interviewing users, observing the problem, and using any other means available to characterize the nature of the problem, is it advisable to proceed with the next steps in the troubleshooting process.

Troubleshooting Flow

Which of the following comprise a simplified troubleshooting flow? (Choose all that apply)

  1. Problem report
  2. Problem deferral
  3. Problem diagnosis
  4. Problem resolution

Answer: The correct answer is 1, 3, and 4.

Breakdown: The basic steps in network troubleshooting are as follows: Problem report – user submits a trouble ticket for a problem and admin collects additional information in order to fully define the nature of the problem before proceeding to the next step. Problem diagnosis – hypotheses are developed as to the cause of the problem and then subsequently logically tested to see if they hold up to scrutiny. Problem resolution – a procedure is devised for resolving the problem. The resolution itself may need to be postponed for off-hours in order to minimize a disruption to business activities. A temporary fix or workaround may need to be implemented until the actual repair can be made.

Layer 2 Port Configuration

What Ethernet switch feature allows a port to automatically determine which leads are for transmitting data and which are for receiving data?

  1. MDIX
  2. STP
  3. LAPD
  4. UTP

Answer: The correct answer is 1.

Breakdown: Some Ethernet switches support medium dependent interface crossover (MDIX), which allows a switch port to properly configure its leads as transmit (Tx) or receive (Rx) leads. It is then possible to interconnect such switches with a straight-through cable as opposed to a crossover cable.

Layer 2 Loop Diagnosis

In the absence of STP, what issue(s) might cause a Layer 2 loop to exist in a network? (Choose all that apply)

  1. A router interface’s MTU decrementing
  2. MAC address table corruption
  3. Broadcast storms
  4. Packet fragmentation

Answer: The correct answer is 2 and 3.

Breakdown: Layer 2 loops can be caused in a network from either MAC address table corruption or from broadcast storms. These loops can greatly degrade network performance and even affect its availability. A mechanism to mitigate Layer 2 loops is the use of Spanning Tree Protocol (STP), however, STP can fail or perform suboptimally. Therefore, STP is something that should be examined when troubleshooting Layer 2 loops if it’s implemented on switches on the network.

Network Layer Troubleshooting

If you can successfully ping from host A to host B, what can you conclude about host A?

  1. Its OSI Layers 1-4 are functional.
  2. Its OSI Layers 1-3 are functional.
  3. Its OSI Layers 1-7 are functional.
  4. You can only conclude that ICMP traffic can reach host B.

Answer: The correct answer is 2.

Breakdown: For IP-based networks, the network layer (Layer 3) is a good place to begin troubleshooting. If pings are successful, which use the Layer 4 ICMP protocol, you can assume the Layers 1-3 are operational even if one or more Layer 4 protocols are having issues.

Layer 3 Troubleshooting

When a router drops a packet exceeding a router interface’s MTU size when that packet has its “do not fragment” bit set is called what?

  1. Route reflector
  2. Null hop
  3. Zero-point router
  4. Black-hole router

Answer: The correct answer is 4.

Breakdown: The router interface parameter maximum transmission unit (MTU) defines the largest packet size the interface will forward. If a packet exceeds the MTU, then the router attempts to fragment the packet. In the case where the packet has its don’t fragment (DF) bit set, then the router will drop the packet. Typically, the router sends a response to the sender with an ICMP message indicating why the packet was dropped, however, in the case where the router is configured to not respond to such a condition, then the packet is dropped without notifying the sender. Such a router is called a black-hole router. The traceroute utility can assist locating a black-hole router.

Subnet Troubleshooting

To what subnet does a host with an IP address of belong?


Answer: The correct answer is 3.

Breakdown: The interesting octet for a 18-bit subnet mask is the third octet: 11111111.11111111.11000000.00000000, which can be also written as The decimal value of the third octet in the subnet mask is 192. Therefore, the block size is 64 (256 – 192 = 64). The subnets are then as follows: The IP address therefore belongs to the subnet.

Wireless Network Troubleshooting

What are some of the common sources of wireless network radio frequency interference (RFI)? (Choose all that apply)

  1. Game consoles
  2. 900 MHz cordless phones
  3. Microwave ovens
  4. Baby monitors

Answer: The correct answer is 1, 3, and 4.

Breakdown: Many electronic devices emit signals that overlap with the 2.4-GHz WLAN band and all of the devices listed above, with the exception of the 900 MHz cordless phone can potentially interfere with a 2.4-GHz WLAN. Though not immune, a 5-GHz WLAN is further separated from common sources of RFI.