Modules 5 – 10: Network Fundamentals Group Exam (Answers)

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer. If the question is not here, find it in Questions Bank.

NOTE: If you have the new question on this test, please comment Question and Multiple-Choice list in form below this article. We will update answers for you in the shortest time. Thank you! We truly value your contribution to the website.

CyberOps Associate (Version 1.0) – Modules 5 – 10: Network Fundamentals Group Exam

1. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?

  • private
  • public
  • network
  • wireless

Explanation: In setting up the wireless network in a small office, it is a best practice to use private IP addressing because of the flexibility and easy management it offers.

2. Which two parts are components of an IPv4 address? (Choose two.)

  • logical portion
  • host portion
  • broadcast portion
  • subnet portion
  • network portion
  • physical portion

Explanation: An IPv4 address is divided into two parts: a network portion – to identify the specific network on which a host resides, and a host portion – to identify specific hosts on a network. A subnet mask is used to identify the length of each portion.

3. Match each IPv4 address to the appropriate address category. (Not all options are used.)
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 1
host address:

  • 192.168.100.161/25
  • 203.0.113.100/24

network address:

  • 10.10.10.128/25
  • 172.110.12.64/28

broadcast address:

  • 192.168.1.191/26
  • 10.0.0.159/27

Explanation: To determine whether a given IPv4 address is a network, host, or broadcast address, first determine the address space based on the subnet mask. Convert the address and mask to binary values, then perform the ANDing function to determine the network address. To calculate the of the address space, use the number of host bits in the subnet mask as an exponent of 2. The number of valid host addresses in the space is that number minus 2. The network address will have all zeroes in the host portion, and the broadcast address will have all ones. For example, 10.0.50.10/30 yields a network IP address of 10.0.50.8 when the mask is ANDed with the given address. Because there are only 2 host bits in the mask, there are only 2 valid host addresses (4-2). 10.0.50.10 is one of the two valid host IP addresses.


4. What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?

  • 2001:4200:5900:0:1:0:0:a000
  • 2001:0420:0059:0000:0001:0000:000a
  • 2001:0420:0059:0000:0001:000a
  • 2001:0420:0059:0000:0001:0000:0000:000a
  • 2001:420:59:0:1:0:0:a
  • 2001:4200:5900:0000:1000:0000:0000:a000

Explanation: To decompress an IPv6 address, the two rules of compression must be reversed. Any 16-bit hextet that has less than four hex characters is missing the leading zeros that were removed. An IPv6 address should have a total of 8 groups of 16-bit hextets, a (::) can be replaced with consecutive zeros that were removed.

5. A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?

  • route print
  • ipconfig /all
  • netstat -r
  • arp -a

Explanation: ARP is a protocol used with IPv4 to map a MAC address to an associated specific IP address. The command arp -a will display the MAC address table on a Windows PC.

6. A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?

  • the network domain of the destination host
  • the MAC address of the destination host
  • the IP address of the default gateway
  • the MAC address of the default gateway

Explanation: A frame is encapsulated with source and destination MAC addresses. The source device will not know the MAC address of the remote host. An ARP request will be sent by the source and will be responded to by the router. The router will respond with the MAC address of its interface, the one which is connected to the same network as the source.

7. What addresses are mapped by ARP?

  • destination IPv4 address to the source MAC address
  • destination MAC address to a destination IPv4 address
  • destination MAC address to the source IPv4 address
  • destination IPv4 address to the destination host name

Explanation: ARP, or the Address Resolution Protocol, works by mapping a destination MAC address to a destination IPv4 address. The host knows the destination IPv4 address and uses ARP to resolve the corresponding destination MAC address.

8. What type of information is contained in an ARP table?

  • domain name to IP address mappings
  • switch ports associated with destination MAC addresses
  • routes to reach destination networks
  • IP address to MAC address mappings

Explanation: ARP tables are used to store mappings of IP addresses to MAC addresses. When a network device needs to forward a packet, the device knows only the IP address. To deliver the packet on an Ethernet network, a MAC address is needed. ARP resolves the MAC address and stores it in an ARP table.

9. Match the characteristic to the protocol category. (Not all options are used.)
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 2
TCP:

  • 3-wayhandshake
  • window size

UDP:

  • connectionless
  • best for VoIP

Both UDP and TCP:

  • Port number
  • checksum

Explanation: TCP uses 3-way handshaking as part of being able to provide reliable communication and window size to provide data flow control. UDP is a connectionless protocol that is great for video conferencing. Both TCP and UDP have port numbers to distinguish between applications and application windows and a checksum field for error detection.


10. What type of information is contained in a DNS MX record?

  • the IP address of an authoritative name server
  • the FQDN of the alias used to identify a service
  • the domain name mapped to mail exchange servers
  • the IP address for an FQDN entry

Explanation: MX, or mail exchange messages, are used to map a domain name to several mail exchange servers that all belong to the same domain.


11. Match the application protocols to the correct transport protocols.
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 3

  • TCP: FTP, HTTP, SMTP.
  • UDP: TFTP, DHCP.

12. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?

  • 1000 segments
  • 100 segments
  • 1 segment
  • 10 segments

Explanation: With a window of 1000 bytes, the destination host accepts segments until all 1000 bytes of data have been received. Then the destination host sends an acknowledgment.


13. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?

  • port unreachable
  • network unreachable
  • protocol unreachable
  • host unreachable

14. Which two commands can be used on a Windows host to display the routing table? (Choose two.)

  • netstat -r
  • show ip route
  • netstat -s
  • route print
  • tracert

Explanation: On a Windows host, the route print or netstat -r commands can be used to display the host routing table. Both commands generate the same output. On a router, the show ip route command is used to display the routing table. The netstat -s command is used to display per-protocol statistics. The tracert command is used to display the path that a packet travels to its destination.

15. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

  • host unreachable
  • port unreachable
  • network unreachable
  • protocol unreachable

Explanation: When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. The message will include a code that indicates why the packet could not be delivered. These are some of the Destination Unreachable codes for ICMPv4:

0 : net unreachable
1 : host unreachable
2 : protocol unreachable
3 : port unreachable


16. What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?

  • the ICMPv6 Router Solicitation
  • the DHCPv6 Advertise message
  • the DHCPv6 Reply message
  • the ICMPv6 Router Advertisement

Explanation: Before an IPv6 enabled interface will use stateful DHCPv6 to obtain an IPv6 address, the interface must receive an ICMPv6 Router Advertisement with the managed configuration flag (M flag) set to 1.

17. What is the purpose of ICMP messages?

  • to inform routers about network topology changes
  • to ensure the delivery of an IP packet
  • to provide feedback of IP packet transmissions
  • to monitor the process of a domain name to IP address resolution

Explanation: The purpose of ICMP messages is to provide feedback about issues that are related to the processing of IP packets.

18. Match the HTTP status code group to the type of message generated by the HTTP server.
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 4

  • client error: ~~> 4xx
  • redirection: ~~> 3xx
  • success: ~~> 2xx
  • informational: ~~> 1xx
  • server error: ~~> 5xx

19. What network service uses the WHOIS protocol?

  • HTTPS
  • DNS
  • SMTP
  • FTP

Explanation: WHOIS is a TCP-based protocol that is used to identify the owners of internet domains through the DNS system.


20. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

  • It sends a DHCPNAK and begins the DHCP process over again.
  • It accepts both DHCPOFFER messages and sends a DHCPACK.
  • It discards both offers and sends a new DHCPDISCOVER.
  • It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

Explanation: If there are multiple DHCP servers in a network, it is possible for a client to receive more than one DHCPOFFER. In this scenario, the client will only send one DHCPREQUEST, which includes the server from which the client is accepting the offer.


21. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

  • inside global
  • inside local
  • outside global
  • outside local

Explanation: From the perspective of users behind NAT, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.

22. Match each characteristic to the appropriate email protocol. (Not all options are used.)
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 5
POP:

  • does not require a centralized backup solution.
  • mail is deleted as it is downloaded.
  • desirable for an ISP or large business.

IMAP:

  • download copies of messages to be the client.
  • original messages must be manually deleted.
  • requires a larger a mount of disk space.

Explanation: Both POP and IMAP are used to retrieve email messages. SMTP is the default protocol used to send email. However, POP does not store messages and automatically deletes them as they are downloaded. A large business or ISP would prefer this, not a small business. It is the responsibility of the client to store and organize messages. IMAP requires a centralized backup because it stores all messages until they are manually deleted. This means that more disk space must be allocated to IMAP.

23. What is done to an IP packet before it is transmitted over the physical medium?

  • It is tagged with information guaranteeing reliable delivery.
  • It is segmented into smaller individual pieces.
  • It is encapsulated in a Layer 2 frame.
  • It is encapsulated into a TCP segment.

Explanation: When messages are sent on a network, the encapsulation process works from the top of the OSI or TCP/IP model to the bottom. At each layer of the model, the upper layer information is encapsulated into the data field of the next protocol. For example, before an IP packet can be sent, it is encapsulated in a data link frame at Layer 2 so that it can be sent over the physical medium.


24. Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?

  • segment
  • packet
  • frame
  • bits

Explanation: At the transport layer, a host computer will de-encapsulate a segment to reassemble data to an acceptable format by the application layer protocol of the TCP/IP model.

25. Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?

  • peer-to-peer
  • client/server
  • master-slave
  • point-to-point

Explanation: In the client/server network model, a network device assumes the role of server in order to provide a particular service such as file transfer and storage. In the client/server network model, a dedicated server does not have to be used, but if one is present, the network model being used is the client/server model. In contrast, a peer-to-peer network does not have a dedicated server.


26. Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?

  • anycast
  • broadcast
  • unicast
  • multicast

Explanation: An anycast is used with IPv6 transmissions. A unicast is a transmission to a single host destination. A broadcast is a transmission sent to all hosts on a destination network.


27. Refer to the exhibit. PC1 attempts to connect to File_server1 and sends an ARP request to obtain a destination MAC address. Which MAC address will PC1 receive in the ARP reply?
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 6

  • the MAC address of the G0/0 interface on R2
  • the MAC address of S2
  • the MAC address of S1
  • the MAC address of File_server1
  • the MAC address of the G0/0 interface on R1

Explanation: PC1 must have a MAC address to use as a destination Layer 2 address. PC1 will send an ARP request as a broadcast and R1 will send back an ARP reply with its G0/0 interface MAC address. PC1 can then forward the packet to the MAC address of the default gateway, R1.


28. What is the result of an ARP poisoning attack?

  • Network clients are infected with a virus.
  • Network clients experience a denial of service.
  • Client memory buffers are overwhelmed.
  • Client information is stolen.

Explanation: ARP poisoning is a technique used by an attacker to reply to an ARP request for an IPv4 address belonging to another device, such as the default gateway. The attacker, who is effectively doing an MITM attack, pretends to be the default gateway and sends an ARP reply to the transmitter of the ARP request. The receiver of the ARP reply will add the wrong MAC address to the ARP table and will send the packets to the attacker. Therefore, all traffic to the default gateway will funnel through the attacker device.


29. What is the function of the HTTP GET message?

  • to upload content to a web server from a web client
  • to retrieve client email from an email server using TCP port 110
  • to request an HTML page from a web server
  • to send error information from a web server to a web client

Explanation: There are three common HTTP message types:

GET – used by clients to request data from the web server
POST – used by clients to upload data to a web server
PUT – used by clients to upload data to a web server

30. Which protocol is a client/server file sharing protocol and also a request/response protocol?

  • FTP
  • UDP
  • TCP
  • SMB

Explanation:The Server Message Block (SMB) is a client/server file sharing protocol that describes the structure of shared network resources such as directories, files, printers, and serial ports. SMB is also a request/response protocol.

31. How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?

  • A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.
  • A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.
  • A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.
  • A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.

Explanation: The DHCPDISCOVER message is sent by a DHCPv4 client and targets a broadcast IP along with the destination port 67. The DHCPv4 server or servers respond to the DHCPv4 clients by targeting port 68.

32. What is a description of a DNS zone transfer?

  • transferring blocks of DNS data from a DNS server to another server
  • the action taken when a DNS server sends a query on behalf of a DNS resolver
  • forwarding a request from a DNS server in a subdomain to an authoritative source
  • finding an address match and transferring the numbered address from a DNS server to the original requesting client

Explanation: When a server requires data for a zone, it will request a transfer of that data from an authoritative server for that zone. The process of transferring blocks of DNS data between servers is known as a zone transfer.


33. What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)

  • 128 bytes
  • 64 bytes
  • 1024 bytes
  • 56 bytes
  • 1518 bytes

Explanation: The minimum Ethernet frame is 64 bytes. The maximum Ethernet frame is 1518 bytes. A network technician must know the minimum and maximum frame size in order to recognize runt and jumbo frames.


34. Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?

  • DNS
  • IP
  • HTTP
  • DHCP

Explanation: When a Windows computer cannot communicate with an IPv4 DHCP server, the computer automatically assigns itself an IP address in the169.254.0.0/16 range. Linux and Apple computers do not automatically assign an IP address.​

35. Which statement describes a feature of the IP protocol?

  • IP relies on Layer 2 protocols for transmission error control.
  • MAC addresses are used during the IP packet encapsulation.
  • IP relies on upper layer services to handle situations of missing or out-of-order packets.
  • IP encapsulation is modified based on network media.

Explanation: IP protocol is a connection-less protocol, considered unreliable in terms of end-to-end delivery. It does not provide error control in the cases where receiving packets are out-of-order or in cases of missing packets. It relies on upper layer services, such as TCP, to resolve these issues.


36. What is a basic characteristic of the IP protocol?

  • connectionless
  • media dependent
  • user data segmentation
  • reliable end-to-end delivery

Explanation: Internet Protocol (IP) is a network layer protocol that does not require initial exchange of control information to establish an end-to-end connection before packets are forwarded. Thus, IP is connectionless and does not provide reliable end-to-end delivery by itself. IP is media independent. User data segmentation is a service provided at the transport layer.


37. Which statement describes the ping and tracert commands?

  • Both ping and tracert can show results in a graphical display.
  • Ping shows whether the transmission is successful; tracert does not.
  • Tracert shows each hop, while ping shows a destination reply only.
  • Tracert uses IP addresses; ping does not.

Explanation: The ping utility tests end-to-end connectivity between the two hosts. However, if the message does not reach the destination, there is no way to determine where the problem is located. On the other hand, the traceroute utility ( tracert in Windows) traces the route a message takes from its source to the destination. Traceroute displays each hop along the way and the time it takes for the message to get to that network and back.


38. A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?

  • cloud computing
  • video conferencing
  • online collaboration
  • bring your own device

Explanation: BYOD allows end users to use personal tools to access the corporate network. Allowing this trend can have major impacts on a network, such as security and compatibility with corporate software and devices.


39. Match each description to its corresponding term. (Not all options are used.)
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 7

  • message encoding : the process of converting information from one format into another acceptable for transmission
  • message sizing : the process of breaking up a long message into individual pieces before being sent over the network
  • message encapsulation : the process of placing one message format inside another message format
  • (Empty) : the process of determining when to begin sending messages on a network
  • (Empty) : the process of unpacking one message format from another message format

40. Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?

  • router advertisement messages received from the link router
  • router solicitation messages received from the link router
  • neighbor advertisement messages received from link neighbors
  • neighbor solicitation messages sent to link neighbors

Explanation: When using SLAAC, a host will learn from the router advertisement that is sent by the link router the address to use as a default gateway.

41. Refer to the exhibit. This PC is unable to communicate with the host at 172.16.0.100. What information can be gathered from the displayed output?
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 8

  • The target host is turned off.
  • The communication fails after the default gateway.
  • 172.16.0.100 is only a single hop away.
  • This PC has the wrong subnet configured on its NIC

Explanation: The tracert command shows the path a packet takes through the network to the destination. In this example, only a response from the first router in the path is received, and all other responses time out. The first router is the default gateway for this host, and because a response is received from the router, it can be assumed that this host is on the same subnet as the router.

42. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1. What does this code represent?

  • network unreachable
  • port unreachable
  • protocol unreachable
  • host unreachable

43. What are three responsibilities of the transport layer? (Choose three.)

  • identifying the applications and services on the client and server that should handle transmitted data
  • conducting error detection of the contents in frames
  • meeting the reliability requirements of applications, if any
  • directing packets towards the destination network
  • formatting data into a compatible form for receipt by the destination devices
  • multiplexing multiple communication streams from many users or applications on the same network

Explanation: The transport layer has several responsibilities. Some of the primary responsibilities include the following:
Tracking the individual communication streams between applications on the source and destination hosts
Segmenting data at the source and reassembling the data at the destination
Identifying the proper application for each communication stream through the use of port numbers
Multiplexing the communications of multiple users or applications over a single network
Managing the reliability requirements of applications

44. How does network scanning help assess operations security?

  • It can detect open TCP ports on network systems.
  • It can detect weak or blank passwords.
  • It can simulate attacks from malicious sources.
  • It can log abnormal activity.

Explanation: Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack.


45. Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 9

  • 66
  • 1514
  • 6666
  • 48598

Explanation: During the TCP three-way handshake process, the output shows that the host uses source port 48598 to initiate the connection and request the download.

46. Which two operations are provided by TCP but not by UDP? (Choose two.)

  • retransmitting any unacknowledged data
  • acknowledging received data
  • reconstructing data in the order received
  • identifying the applications
  • tracking individual conversations

Explanation: Numbering and tracking data segments, acknowledging received data, and retransmitting any unacknowledged data are reliability operations to ensure that all of the data arrives at the destination. UDP does not provide reliability. Both TCP and UDP identify the applications and track individual conversations. UDP does not number data segments and reconstructs data in the order that it is received.

47. A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet?

  • when the router receives an ICMP Time Exceeded message
  • when the RTT value reaches zero
  • when the values of both the Echo Request and Echo Reply messages reach zero
  • when the host responds with an ICMP Echo Reply message
  • when the value in the TTL field reaches zero

Explanation: When a router receives a traceroute packet, the value in the TTL field is decremented by 1. When the value in the field reaches zero, the receiving router will not forward the packet, and will send an ICMP Time Exceeded message back to the source.

48. A network administrator is testing network connectivity by issuing the ping command on a router. Which symbol will be displayed to indicate that a time expired during the wait for an ICMP echo reply message?

  • U
  • .
  • !
  • $

Explanation: When the ping command is issued on a router, the most common indicators are as follows:
! – indicates receipt of an ICMP echo reply message
. – indicates a time expired while waiting for an ICMP echo reply message
U – an ICMP message of unreachability was received

49. A technician is configuring email on a mobile device. The user wants to be able to keep the original email on the server, organize it into folders, and synchronize the folders between the mobile device and the server. Which email protocol should the technician use?

  • SMTP
  • MIME
  • POP3
  • IMAP

Explanation: The IMAP protocol allows email data to be synchronized between a client and server. Changes made in one location, such as marking an email as read, are automatically applied to the other location. POP3 is also an email protocol. However, the data is not synchronized between the client and the server. SMTP is used for sending email, and is typically used in conjunction with the POP3 protocol. MIME is an email standard that is used to define attachment types, and allows extra content like pictures and documents to be attached to email messages.

50. At which OSI layer is a source MAC address added to a PDU during the encapsulation process?

  • application layer
  • presentation layer
  • data link layer
  • transport layer

51. Which value, that is contained in an IPv4 header field, is decremented by each router that receives a packet?

  • Time-to-Live
  • Fragment Offset
  • Header Length
  • Differentiated Services

Explanation: When a router receives a packet, the router will decrement the Time-to-Live (TTL) field by one. When the field reaches zero, the receiving router will discard the packet and will send an ICMP Time Exceeded message to the sender.

52. What are three responsibilities of the transport layer? (Choose three.)

  • identifying the applications and services on the client and server that should handle transmitted data
  • conducting error detection of the contents in frames
  • meeting the reliability requirements of applications, if any
  • directing packets towards the destination network
  • formatting data into a compatible form for receipt by the destination devices
  • multiplexing multiple communication streams from many users or applications on the same network

Explanation: The transport layer has several responsibilities. Some of the primary responsibilities include the following:
Tracking the individual communication streams between applications on the source and destination hosts
Segmenting data at the source and reassembling the data at the destination
Identifying the proper application for each communication stream through the use of port numbers
Multiplexing the communications of multiple users or applications over a single network
Managing the reliability requirements of applications

53. Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)​

  • route redirection
  • neighbor solicitation
  • router solicitation
  • router advertisement
  • protocol unreachable

Explanation: The ICMP messages common to both ICMPv4 and ICMPv6 include: host confirmation, destination (net, host, protocol, port) or service unreachable, time exceeded, and route redirection. Router solicitation, neighbor solicitation, and router advertisement are new protocols implemented in ICMPv6.

54. What mechanism is used by a router to prevent a received IPv4 packet from traveling endlessly on a network?

  • It checks the value of the TTL field and if it is 100, it discards the packet and sends a Destination Unreachable message to the source host.
  • It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.
  • It checks the value of the TTL field and if it is 0, it discards the packet and sends a Destination Unreachable message to the source host.
  • It increments the value of the TTL field by 1 and if the result is 100, it discards the packet and sends a Parameter Problem message to the source host.

Explanation: To prevent an IPv4 packet to travel in the network endlessly, TCP/IP protocols use ICMPv4 protocol to provide feedback about issues. When a router receives a packet and decrements the TTL field in the IPv4 packet by 1 and if the result is zero, it discards the packet and sends a Time Exceeded message to the source host.

55. A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the host identifier of the device?

  • 2001:0db8:cafe:4500:1000:00d8:0058:00ab
  • 00ab
  • 2001:0db8:cafe:4500
  • 1000:00d8:0058:00ab

Explanation: The address has a prefix length of /64. Thus the first 64 bits represent the network portion, whereas the last 64 bits represent the host portion of the IPv6 address.

56. What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)

  • DHCP
  • PPP
  • FTP
  • DNS
  • NAT
  • ARP

Explanation: DNS, DHCP, and FTP are all application layer protocols in the TCP/IP protocol suite. ARP and PPP are network access layer protocols, and NAT is an internet layer protocol in the TCP/IP protocol suite.

57. A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?

  • The computer has an invalid IP address.
  • The cable is not connected properly to the NIC.
  • The computer has an incorrect subnet mask.
  • The computer has an invalid default gateway address.

Explanation: The default gateway is the address of the device a host uses to access the Internet or another network. If the default gateway is missing or incorrect, that host will not be able to communicate outside the local network. Because the host can access other hosts on the local network, the network cable and the other parts of the IP configuration are working.

58. Refer to the exhibit. PC1 issues an ARP request because it needs to send a packet to PC3. In this scenario, what will happen next?
Modules 5 - 10: Network Fundamentals Group Exam (Answers) 10

  • RT1 will send an ARP reply with its own Fa0/1 MAC address.
  • SW1 will send an ARP reply with its Fa0/1 MAC address.
  • RT1 will send an ARP reply with the PC3 MAC address.
  • RT1 will forward the ARP request to PC3.
  • RT1 will send an ARP reply with its own Fa0/0 MAC address.

Explanation: When a network device has to communicate with a device on another network, it broadcasts an ARP request asking for the default gateway MAC address. The default gateway (RT1) unicasts an ARP reply with the Fa0/0 MAC address.

59. A user who is unable to connect to the file server contacts the help desk. The helpdesk technician asks the user to ping the IP address of the default gateway that is configured on the workstation. What is the purpose for this ping command?

  • to resolve the domain name of the file server to its IP address
  • to request that gateway forward the connection request to the file server
  • to obtain a dynamic IP address from the server
  • to test that the host has the capability to reach hosts on other networks

Explanation: The ping command is used to test connectivity between hosts. The other options describe tasks not performed by ping . Pinging the default gateway will test whether the host has the capability to reach hosts on its own network and on other networks.

60. A user gets an IP address of 192.168.0.1 from the company network administrator. A friend of the user at a different company gets the same IP address on another PC. How can two PCs use the same IP address and still reach the Internet, send and receive email, and search the web?

  • ISPs use Domain Name Service to change a user IP address into a public IP address that can be used on the Internet.
  • Both users must be using the same Internet Service Provider.
  • Both users must be on the same network.
  • ISPs use Network Address Translation to change a user IP address into an address that can be used on the Internet.

Explanation: As user traffic from behind an ISP firewall reaches the gateway device, Network Address Translation changes private IP addresses into a public, routable IP address. Private user addresses remain hidden from the public Internet, and thus more than one user can have the same private IP address, regardless of ISP.

61. How many host addresses are available on the 192.168.10.128/26 network?

  • 30
  • 32
  • 60
  • 62
  • 64

Explanation: A /26 prefix gives 6 host bits, which provides a total of 64 addresses, because 2 6 = 64. Subtracting the network and broadcast addresses leaves 62 usable host addresses.

62. What are the three ranges of IP addresses that are reserved for internal private use? (Choose three.)

  • 64.100.0.0/14
  • 192.168.0.0/16
  • 192.31.7.0/24
  • 172.16.0.0/12
  • 10.0.0.0/8
  • 127.16.0.0/12

Explanation: The private IP address blocks that are used inside companies are as follows:10.0.0.0 /8 (any address that starts with 10 in the first octet)
172.16.0.0 /12 (any address that starts with 172.16 in the first two octets through 172.31.255.255)
192.168.0.0 /16 (any address that starts with 192.168 in the first two octets)

63. Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address 50:6a:03:96:71:22?

Modules 5 - 10: Network Fundamentals Group Exam (Answers) 11

  • PC-A
  • router DG
  • DSN server
  • router ISP
  • web server

The Wireshark capture is of a DNS query from PC-A to the DNS server. Because the DNS server is on a remote network, the PC will send the query to the default gateway router, router DG, using the MAC address of the router G0/0 interface on the router.

64. A host PC is attempting to lease an address through DHCP. What message is sent by the server to let the client know it is able to use the provided IP information?

  • DHCPDISCOVER
  • DHCPOFFER
  • DHCPREQUEST
  • DHCPACK
  • DHCPNACK

Explanation: When a host uses DHCP to automatically configure an IP address, the typically sends two messages: the DHCPDISCOVER message and the DHCPREQUEST message. These two messages are usually sent as broadcasts to ensure that all DHCP servers receive them. The servers respond to these messages using DHCPOFFER, DHCPACK, and DHCPNACK messages, depending on the circumstance.

65. An employee complains that a Windows PC cannot connect to the Internet. A network technician issues the ipconfig command on the PC and is shown an IP address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.)

  • The PC is configured to obtain an IP address automatically.
  • The default gateway address is not configured.
  • The DNS server address is misconfigured.
  • The enterprise network is misconfigured for dynamic routing.
  • The PC cannot contact a DHCP server.

Explanation: When a Windows PC is configured to obtain an IP address automatically, the PC will try to obtain an IP address from a DHCP server. When the PC cannot contact a DHCP server, Windows will automatically assign an address belonging to the 169.254.0.0/16 range.

66. What is a function of the tracert command that differs from the ping command when they are used on a workstation?

  • The tracert command is used to test the connectivity between two devices.
  • The tracert command reaches the destination faster.
  • The tracert command shows the information of routers in the path.
  • The tracert command sends one ICMP message to each hop in the path.

Explanation: The tracert command sends three pings to each hop (router) in the path toward the destination and displays the domain name and IP address of hops from their responses. Because tracert uses the ping command, the travel time is the same as a standalone ping command. The primary function of a standalone ping command is to test the connectivity between two hosts.

67. Which two functions or operations are performed by the MAC sublayer? (Choose two.)

  • It is responsible for Media Access Control.
  • It performs the function of NIC driver software.
  • It adds a header and trailer to form an OSI Layer 2 PDU.
  • It handles communication between upper and lower layers.
  • It adds control information to network protocol layer data.

Explanation: The MAC sublayer is the lower of the two data link sublayers and is closest to the physical layer. The two primary functions of the MAC sublayer are to encapsulate the data from the upper layer protocols and to control access to the media.

68. Which field in an IPv4 packet header will typically stay the same during its transmission?

  • Flag
  • Time-to-Live
  • Packet Length
  • Destination Address

Explanation: The value in the Destination Address field in an IPv4 header will stay the same during its transmission. The other options might change during its transmission.

69. Match each statement about FTP communications to the connection it describes. (Not all options are used.)

CyberOps Associate (Version 1.0) - Modules 5 - 10: Network Fundamentals Group Exam

CyberOps Associate (Version 1.0) – Modules 5 – 10: Network Fundamentals Group Exam

Explanation: Both connections that are required for FTP operations are established from the client to the FTP server. The client first opens a control connection via TCP port 21. The client then opens a data connection for the actual file transfer via TCP port 20.

70. What are the two sizes (minimum and expected maximum) of an Ethernet frame? (Choose two.)

  • 128 bytes
  • 1024 bytes
  • 1518 bytes
  • 64 bytes
  • 56 bytes

Explanation: The minimum Ethernet frame is 64 bytes. The maximum expected Ethernet frame is 1518 bytes. A network technician must know the minimum and expected maximum frame size in order to recognize runt and jumbo frames.

Subscribe
Notify of
guest

68 Comments
Inline Feedbacks
View all comments
Ali
Ali
10 months ago

Which part of the name of a document indicates the program that was used to edit it?

coolowp
coolowp
1 year ago

What are the two sizes (minimum and expected maximum) of an Ethernet frame? (Choose two.)

  • 128 bytes
  • 1024 bytes
  • 1518 bytes
  • 64 bytes
  • 56 bytes

The minimum Ethernet frame is 64 bytes. The maximum expected Ethernet frame is 1518 bytes. A network technician must know the minimum and expected maximum frame size in order to recognize runt and jumbo frames.

Thịnh
Thịnh
1 year ago

What addresses are mapped by ARP?

  • destination IPv4 address to the source MAC address
  • IPv4 address to the destination MAC address
  • destination MAC address to the source IPv4 address
  • destination IPv4 address to the destination host name
b05990a86c199147c808.jpg
mounder
mounder
1 year ago

What are the two sizes (minimum and expected maximum) of an Ethernet frame? (Choose two.)

1518
1024
64
128
56

nail
nail
2 years ago

Match each statement about FTP communications to the connection it describes. (Not all options are used.)

From client to server via   TCP port 20
From server to client via TCP port 21
from server to client via TCP port 20
used for actual file transfer
from client to server via TCP port 21
used for commands and replies

first connetcion established
?
?
?
second connection established
?
?
ı do not know the answer.

Esraa
Esraa
2 years ago

What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)

  • PPP
  • ARP
  • FTP
  • DHCP
  • DNS
  • NAT
someone
someone
3 years ago

Which field in an IPv4 packet header will typically stay the same during its transmission?

  • Flag
  • Destination Address
  • Packet Length
  • Time-to-Live
SIR
SIR
3 years ago

What is a function of the tracert command that differs from the ping command when they are used on a workstation?

  • The tracert command is used to test the connectivity between two devices.
  • The tracert command reaches the destination faster.
  • The tracert command shows the information of routers in the path.
  • The tracert command sends one ICMP message to each hop in the path.
SIR
SIR
3 years ago

Which two functions or operations are performed by the MAC sublayer?

  • It handles communication between upper and lower layers.
  • It performs the function of NIC driver software.
  • It is responsible for Media Access Control.
  • It adds control information to network protocol layer data.
  • It adds a header and trailer to form an OSI Layer 2 PDU.
3r1v4s
3r1v4s
3 years ago

A host PC is attempting to lease an address through DHCP. What message is sent by the server to let the client know it is able to use the provided IP information?

  • DHCPDISCOVER
  • DHCPOFFER
  • DHCPREQUEST
  • DHCPACK
  • DHCPNACK
3r1v4s
3r1v4s
3 years ago

An employee complains that a Windows PC cannot connect to the Internet. A network technician issues the ipconfig command on the PC and is shown an IP address of 169.254.10.3. Which two conclusions can be drawn? (Choose two.)

  • The PC is configured to obtain an IP address automatically.
  • The default gateway address is not configured.
  • The DNS server address is misconfigured.
  • The enterprise network is misconfigured for dynamic routing.
  • The PC cannot contact a DHCP server.
Lvn
Lvn
3 years ago

//:0

Refer to the exhibit. A cybersecurity analyst is viewing captured packets forwarded on switch S1. Which device has the MAC address 50:6a:03:96:71:22?

  • web server
  • DSN server
  • PC-A
  • router ISP
  • router DG
3r1v4s
3r1v4s
3 years ago
Reply to  Lvn

comment image

francis
francis
3 years ago

Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?

router advertisement messages recieved from the link router

francis
francis
3 years ago

How many host addresses are available on the 192.168.10.128/26 network?

  • 30
  • 32
  • 60
  • 62
  • 64
francis
francis
3 years ago

A user who is unable to connect to the file server contacts the help desk. The helpdesk technician asks the user to ping the IP address of the default gateway that is configured on the workstation. What is the purpose for this ping command?

  • to resolve the domain name of the file server to its IP address
  • to request that gateway forward the connection request to the file server
  • to obtain a dynamic IP address from the server
  • to test that the host has the capability to reach hosts on other networks
francis
francis
3 years ago

How many host addresses are available on the 192.168.10.128/26 network?

  • 30
  • 32
  • 60
  • 62
  • 64
Seth
Seth
3 years ago
Reply to  francis

The answer is 62, not 64.

neoalz
neoalz
1 year ago
Reply to  francis

it has 64 addresses, but 2 are used for gateway and broadcast so there are 62 available

francis
francis
3 years ago

What are the three ranges of IP addresses that are reserved for internal private use? (Choose three.)

  • 64.100.0.0/14
  • 192.168.0.0/16
  • 192.31.7.0/24
  • 172.16.0.0/12
  • 10.0.0.0/8
  • 127.16.0.0/12
francis
francis
3 years ago

A user gets an IP address of 192.168.0.1 from the company network administrator. A friend of the user at a different company gets the same IP address on another PC. How can two PCs use the same IP address and still reach the Internet, send and receive email, and search the web?

  • Both users must be on the same network.
  • ISPs use Network Address Translation to change a user IP address into an address that can be used on the Internet.
  • ISPs use Domain Name Service to change a user IP address into a public IP address that can be used on the Internet.
  • Both users must be using the same Internet Service Provider.
Greg
Greg
3 years ago

Q27 and Q56 are the same

francis
francis
3 years ago

What type of information is contained in an ARP table?

  •  domain name to IP address mappings
  •  routes to reach destination networks
  •  switch ports associated with destination MAC addresses
  • comment image  IP address to MAC address mappings
francis
francis
3 years ago

What is the function of the HTTP GET message?

  •  to send error information from a web server to a web client
  • comment image  to request an HTML page from a web server
  •  to upload content to a web server from a web client
  •  to retrieve client email from an email server using TCP port 110
francis
francis
3 years ago

A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?

  • The computer has an invalid default gateway address.
  • The computer has an incorrect subnet mask.
  • The cable is not connected properly to the NIC.
  • The computer has an invalid IP address.
francis
francis
3 years ago

Which statement describes a feature of the IP protocol?

  • MAC addresses are used during the IP packet encapsulation.
  • IP relies on upper layer services to handle situations of missing or out-of-order packets.
  • IP encapsulation is modified based on network media.
  • IP relies on Layer 2 protocols for transmission error control.
francis
francis
3 years ago

Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)​

  • route redirection
  • neighbor solicitation
  • router solicitation
  • router advertisement
  • protocol unreachable
francis
francis
3 years ago

Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?

  • neighbor advertisement messages received from link neighbors
  • router solicitation messages received from the link router
  • router advertisement messages received from the link router
  • neighbor solicitation messages sent to link neighbors
francis
francis
3 years ago

What mechanism is used by a router to prevent a received IPv4 packet from traveling endlessly on a network?

  • It checks the value of the TTL field and if it is 100, it discards the packet and sends a Destination Unreachable message to the source host.
  • It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.
  • It checks the value of the TTL field and if it is 0, it discards the packet and sends a Destination Unreachable message to the source host.
  • It increments the value of the TTL field by 1 and if the result is 100, it discards the packet and sends a Parameter Problem message to the source host.
francis
francis
3 years ago

comment image Refer to the exhibit. A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?

  • 66
  • 1514
  • 6666
  • 48598
francis
francis
3 years ago

At which OSI layer is a source MAC address added to a PDU during the encapsulation process?

  • presentation layer
  • data link layer
  • application layer
  • transport layer
Kiro
Kiro
3 years ago

26- When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?

private
public
network
wireless

Greg
Greg
3 years ago
Reply to  Kiro

Hi Kiro, do you have the “CA_Module” PDFs for this course?

Kiro
Kiro
3 years ago
Reply to  Greg

Yes Greg, CA v1.0 Student PowerPoints. And it is consists of 28 modules.
How can I send it to you?

Greg
Greg
3 years ago
Reply to  Kiro

Hi Kiro, you can send it by email: [email protected]
Thank you!

Kiro
Kiro
3 years ago

25- Which two parts are components of an IPv4 address? (Choose two.)

logical portion
host portion
broadcast portion
subnet portion
network portion
physical portion

Kiro
Kiro
3 years ago

24- Match each IPv4 address to the appropriate address category. (Not all options are used.)

host address:
192.168.100.161/25
203.0.113.100/24

network address:
10.10.10.128/25
172.110.12.64/28

broadcast address:
192.168.1.191/26
10.0.0.159/27

Kiro
Kiro
3 years ago

23- What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?

2001:4200:5900:0:1:0:0:a000
2001:0420:0059:0000:0001:0000:000a
2001:0420:0059:0000:0001:000a
2001:0420:0059:0000:0001:0000:0000:000a
2001:420:59:0:1:0:0:a
2001:4200:5900:0000:1000:0000:0000:a000

Kiro
Kiro
3 years ago

22- A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?

route print
ipconfig /all
netstat -r
arp -a

Kiro
Kiro
3 years ago

21- A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?

the network domain of the destination host
the MAC address of the destination host
the IP address of the default gateway
the MAC address of the default gateway

Kiro
Kiro
3 years ago

20- What addresses are mapped by ARP?

destination IPv4 address to the source MAC address
destination MAC address to a destination IPv4 address
destination MAC address to the source IPv4 address
destination IPv4 address to the destination host name

Rekt
Rekt
1 year ago
Reply to  Kiro

error
the right answer is IPv4 address to a destination MAC addresss

Kiro
Kiro
3 years ago

19- What type of information is contained in an ARP table?

domain name to IP address mappings
switch ports associated with destination MAC addresses
routes to reach destination networks
IP address to MAC address mappings

Kiro
Kiro
3 years ago

18- Match the characteristic to the protocol category. (Not all options are used.)

TCP:
3-wayhandshake
window size

UDP:
connectionless
best for VoIP

Both UDP and TCP:
Port number
checksum

Kiro
Kiro
3 years ago

17- Which two operations are provided by TCP but not by UDP? (Choose two.)

retransmitting any unacknowledged data
tracking individual conversations
reconstructing data in the order received
acknowledging received data
identifying the applications

Kiro
Kiro
3 years ago

16- Match the application protocols to the correct transport protocols.

TCP: FTP, HTTP, SMTP.

UDP: TFTP, DHCP.

Kiro
Kiro
3 years ago

15- A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?

1000 segments
100 segments
1 segment
10 segments

Kiro
Kiro
3 years ago

14- A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?

port unreachable
network unreachable
protocol unreachable
host unreachable

Kiro
Kiro
3 years ago

13- A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

beyond scope of the source address
communication with the destination administratively prohibited
address unreachable
no route to destination

Kiro
Kiro
3 years ago

12- A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

host unreachable
port unreachable
network unreachable
protocol unreachable

Kiro
Kiro
3 years ago

11- What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?

the ICMPv6 Router Solicitation
the DHCPv6 Advertise message
the DHCPv6 Reply message
the ICMPv6 Router Advertisement

Kiro
Kiro
3 years ago

10- What is the purpose of ICMP messages?

to inform routers about network topology changes
to ensure the delivery of an IP packet
to provide feedback of IP packet transmissions
to monitor the process of a domain name to IP address resolution

Kiro
Kiro
3 years ago

9- Match the HTTP status code group to the type of message generated by the HTTP server.

client error:
4xx
redirection:
3xx
success:
2xx
informational:
1xx
server error:
5xx

Kiro
Kiro
3 years ago

8- What network service uses the WHOIS protocol?

HTTPS
DNS
SMTP
FTP

Kiro
Kiro
3 years ago

7- What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

It sends a DHCPNAK and begins the DHCP process over again.
It accepts both DHCPOFFER messages and sends a DHCPACK.
It discards both offers and sends a new DHCPDISCOVER.
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

Kiro
Kiro
3 years ago

6- Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

inside global
inside local
outside global
outside local

Kiro
Kiro
3 years ago

5- Match each characteristic to the appropriate email protocol. (Not all options are used.)

POP:
does not require a centralized backup solution.
mail is deleted as it is downloaded.
desirable for an ISP or large business.

IMAP:
download copies of messages to be the client.
original messages must be manually deleted.
requires a larger a mount of disk space.

68
0
Would love your thoughts, please comment.x
()
x