CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers

CyberOps Associate v1.0 – Modules 5 – 10: Network Fundamentals Group Exam Answers

1. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?

private

public

network

wireless

2. Which two parts are components of an IPv4 address? (Choose two.)

logical portion

host portion

broadcast portion

subnet portion

network portion

physical portion

3. Match each IPv4 address to the appropriate address category. (Not all options are used.)

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p3

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p3

host address:

192.168.100.161/25

203.0.113.100/24

network address:

10.10.10.128/25

172.110.12.64/28

broadcast address:

192.168.1.191/26

10.0.0.159/27

4. What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?

2001:4200:5900:0:1:0:0:a000

2001:0420:0059:0000:0001:0000:000a

2001:0420:0059:0000:0001:000a

2001:0420:0059:0000:0001:0000:0000:000a*

2001:420:59:0:1:0:0:a

2001:4200:5900:0000:1000:0000:0000:a000

Explanation: To decompress an IPv6 address, the two rules of compression must be reversed. Any 16-bit hextet that has less than four hex characters is missing the leading zeros that were removed. An IPv6 address should have a total of 8 groups of 16-bit hextets, a (::) can be replaced with consecutive zeros that were removed.


5. A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?

route print

ipconfig /all

netstat -r

arp -a*

Explanation: ARP is a protocol used with IPv4 to map a MAC address to an associated specific IP address. The command arp -a will display the MAC address table on a Windows PC.


6. A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?

the network domain of the destination host

the MAC address of the destination host

the IP address of the default gateway

the MAC address of the default gateway*

Explanation: A frame is encapsulated with source and destination MAC addresses. The source device will not know the MAC address of the remote host. An ARP request will be sent by the source and will be responded to by the router. The router will respond with the MAC address of its interface, the one which is connected to the same network as the source.


7. What addresses are mapped by ARP?

destination IPv4 address to the source MAC address

destination MAC address to a destination IPv4 address*

destination MAC address to the source IPv4 address

destination IPv4 address to the destination host name

8. What type of information is contained in an ARP table?

domain name to IP address mappings

switch ports associated with destination MAC addresses

routes to reach destination networks

IP address to MAC address mappings*

9. Match the characteristic to the protocol category. (Not all options are used.)

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p9

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p9


TCP:

3-wayhandshake

window size

UDP:

connectionless

best for VoIP

Both UDP and TCP:

Port number

checksum

Explanation: TCP uses 3-way handshaking as part of being able to provide reliable communication and window size to provide data flow control. UDP is a connectionless protocol that is great for video conferencing. Both TCP and UDP have port numbers to distinguish between applications and application windows and a checksum field for error detection.

10. What type of information is contained in a DNS MX record?

the IP address of an authoritative name server

the FQDN of the alias used to identify a service

the domain name mapped to mail exchange servers*

the IP address for an FQDN entry

Explanation: MX, or mail exchange messages, are used to map a domain name to several mail exchange servers that all belong to the same domain.


11. Match the application protocols to the correct transport protocols.

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p11

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p11

TCP: FTP, HTTP, SMTP.

UDP: TFTP, DHCP.

12. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?

1000 segments

100 segments

1 segment

10 segments*

Explanation: With a window of 1000 bytes, the destination host accepts segments until all 1000 bytes of data have been received. Then the destination host sends an acknowledgment.


13. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?

port unreachable

network unreachable

protocol unreachable

host unreachable*

14. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

beyond scope of the source address*

communication with the destination administratively prohibited

address unreachable

no route to destination

15. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?

host unreachable

port unreachable

network unreachable

protocol unreachable*

Explanation: When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. The message will include a code that indicates why the packet could not be delivered. These are some of the Destination Unreachable codes for ICMPv4:

0 : net unreachable
1 : host unreachable
2 : protocol unreachable
3 : port unreachable


16. What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?

the ICMPv6 Router Solicitation

the DHCPv6 Advertise message

the DHCPv6 Reply message

the ICMPv6 Router Advertisement*

Explanation: Before an IPv6 enabled interface will use stateful DHCPv6 to obtain an IPv6 address, the interface must receive an ICMPv6 Router Advertisement with the managed configuration flag (M flag) set to 1.


17. What is the purpose of ICMP messages?

to inform routers about network topology changes

to ensure the delivery of an IP packet

to provide feedback of IP packet transmissions*

to monitor the process of a domain name to IP address resolution

18. Match the HTTP status code group to the type of message generated by the HTTP server.

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p18

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p18

 

client error: ~~> 4xx

redirection: ~~> 3xx

success: ~~> 2xx

informational: ~~> 1xx

server error: ~~> 5xx

19. What network service uses the WHOIS protocol?

HTTPS

DNS*

SMTP

FTP

Explanation: WHOIS is a TCP-based protocol that is used to identify the owners of internet domains through the DNS system.


20. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

It sends a DHCPNAK and begins the DHCP process over again.

It accepts both DHCPOFFER messages and sends a DHCPACK.

It discards both offers and sends a new DHCPDISCOVER.

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.*

Explanation: If there are multiple DHCP servers in a network, it is possible for a client to receive more than one DHCPOFFER. In this scenario, the client will only send one DHCPREQUEST, which includes the server from which the client is accepting the offer.


21. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

inside global*

inside local

outside global

outside local

22. Match each characteristic to the appropriate email protocol. (Not all options are used.)

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p22

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p22

POP:

does not require a centralized backup solution.

mail is deleted as it is downloaded.

desirable for an ISP or large business.

IMAP:

download copies of messages to be the client.

original messages must be manually deleted.

requires a larger a mount of disk space.

23. What is done to an IP packet before it is transmitted over the physical medium?

It is tagged with information guaranteeing reliable delivery.

It is segmented into smaller individual pieces.

It is encapsulated in a Layer 2 frame.*

It is encapsulated into a TCP segment.

Explanation: When messages are sent on a network, the encapsulation process works from the top of the OSI or TCP/IP model to the bottom. At each layer of the model, the upper layer information is encapsulated into the data field of the next protocol. For example, before an IP packet can be sent, it is encapsulated in a data link frame at Layer 2 so that it can be sent over the physical medium.


24. Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?

segment*

packet

frame

bits

25. Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?

peer-to-peer

client/server*

master-slave

point-to-point

Explanation: In the client/server network model, a network device assumes the role of server in order to provide a particular service such as file transfer and storage. In the client/server network model, a dedicated server does not have to be used, but if one is present, the network model being used is the client/server model. In contrast, a peer-to-peer network does not have a dedicated server.


26. Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?

anycast

broadcast

unicast

multicast*

Explanation: An anycast is used with IPv6 transmissions. A unicast is a transmission to a single host destination. A broadcast is a transmission sent to all hosts on a destination network.


27. Refer to the exhibit.

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p27

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p27

PC1 attempts to connect to File_server1 and sends an ARP request to obtain a destination MAC address. Which MAC address will PC1 receive in the ARP reply?

the MAC address of the GO/O interface on R2

the MAC address of S2

the MAC address of S1

the MAC address of File_server1

the MAC address of the GO/O interface on R1*

Explanation: PC1 must have a MAC address to use as a destination Layer 2 address. PC1 will send an ARP request as a broadcast and R1 will send back an ARP reply with its G0/0 interface MAC address. PC1 can then forward the packet to the MAC address of the default gateway, R1.


28. What is the result of an ARP poisoning attack?

Network clients are infected with a virus.

Network clients experience a denial of service.

Client memory buffers are overwhelmed.

Client information is stolen.*

Explanation: ARP poisoning is a technique used by an attacker to reply to an ARP request for an IPv4 address belonging to another device, such as the default gateway. The attacker, who is effectively doing an MITM attack, pretends to be the default gateway and sends an ARP reply to the transmitter of the ARP request. The receiver of the ARP reply will add the wrong MAC address to the ARP table and will send the packets to the attacker. Therefore, all traffic to the default gateway will funnel through the attacker device.


29. What is the function of the HTTP GET message?

to upload content to a web server from a web client

to retrieve client email from an email server using TCP port 110

to request an HTML page from a web server*

to send error information from a web server to a web client

30. Which protocol is a client/server file sharing protocol and also a request/response protocol?

FTP

UDP

TCP

SMB*

Explanation:

The Server Message Block (SMB) is a client/server file sharing protocol that describes the structure of shared network resources such as directories, files, printers, and serial ports. SMB is also a request/response protocol.

31. How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?

A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.*

A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.

A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.

A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.

32. What is a description of a DNS zone transfer?

transferring blocks of DNS data from a DNS server to another server*

the action taken when a DNS server sends a query on behalf of a DNS resolver

forwarding a request from a DNS server in a subdomain to an authoritative source

finding an address match and transferring the numbered address from a DNS server to the original requesting client

Explanation: When a server requires data for a zone, it will request a transfer of that data from an authoritative server for that zone. The process of transferring blocks of DNS data between servers is known as a zone transfer.

33. What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)

128 bytes

64 bytes

1024 bytes

56 bytes

1518 bytes*

34. Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?

DNS

IP

HTTP

DHCP*

35. Which statement describes a feature of the IP protocol?

IP relies on Layer 2 protocols for transmission error control.

MAC addresses are used during the IP packet encapsulation.

IP relies on upper layer services to handle situations of missing or out-of-order packets.*

IP encapsulation is modified based on network media.

Explanation: IP protocol is a connection-less protocol, considered unreliable in terms of end-to-end delivery. It does not provide error control in the cases where receiving packets are out-of-order or in cases of missing packets. It relies on upper layer services, such as TCP, to resolve these issues.

36. What is a basic characteristic of the IP protocol?

connectionless*

media dependent

user data segmentation

reliable end-to-end delivery

37. Which statement describes the ping and tracert commands?

Both ping and tracert can show results in a graphical display.

Ping shows whether the transmission is successful; tracert does not.

Tracert shows each hop, while ping shows a destination reply only.*

Tracert uses IP addresses; ping does not.

38. A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?

cloud computing

video conferencing

online collaboration

bring your own device*

39. Match each description to its corresponding term. (Not all options are used.)

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p39

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p39

 

message encoding : the process of converting information from one format into another acceptable for transmission

message sizing : the process of breaking up a long message into individual pieces before being sent over the network

message encapsulation : the process of placing one message format inside another message format

(Empty) : the process of determining when to begin sending messages on a network

(Empty) : the process of unpacking one message format from another message format

40. Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?

router advertisement messages received from the link router*

router solicitation messages received from the link router

neighbor advertisement messages received from link neighbors

neighbor solicitation messages sent to link neighbors

41. Refer to the exhibit.

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p41

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p41

This PC is unable to communicate with the host at 172.16.0.100. What information can be gathered from the displayed output?

The target host is turned off.

The communication fails after the default gateway.*

172.16.0.100 is only a single hop away.

This PC has the wrong subnet configured on its NIC

Explanation: The tracert command shows the path a packet takes through the network to the destination. In this example, only a response from the first router in the path is received, and all other responses time out. The first router is the default gateway for this host, and because a response is received from the router, it can be assumed that this host is on the same subnet as the router.

42. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1. What does this code represent?

network unreachable

port unreachable

protocol unreachable

host unreachable*

43. What are three responsibilities of the transport layer? (Choose three.)

identifying the applications and services on the client and server that should handle transmitted data*

conducting error detection of the contents in frames

meeting the reliability requirements of applications, if any*

directing packets towards the destination network

formatting data into a compatible form for receipt by the destination devices

multiplexing multiple communication streams from many users or applications on the same network*

Explanation:

The transport layer has several responsibilities. Some of the primary responsibilities include the following:
Tracking the individual communication streams between applications on the source and destination hosts
Segmenting data at the source and reassembling the data at the destination
Identifying the proper application for each communication stream through the use of port numbers
Multiplexing the communications of multiple users or applications over a single network
Managing the reliability requirements of applications

44. How does network scanning help assess operations security?

It can detect open TCP ports on network systems.*

It can detect weak or blank passwords.

It can simulate attacks from malicious sources.

It can log abnormal activity.

Explanation: Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack.


45. Refer to the exhibit.

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p45

CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p45

A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?

66

1514

6666

48598*

46. Which two operations are provided by TCP but not by UDP? (Choose two.)

retransmitting any unacknowledged data*

acknowledging received data*

reconstructing data in the order received

identifying the applications

tracking individual conversations

Explanation:

Numbering and tracking data segments, acknowledging received data, and retransmitting any unacknowledged data are reliability operations to ensure that all of the data arrives at the destination. UDP does not provide reliability. Both TCP and UDP identify the applications and track individual conversations. UDP does not number data segments and reconstructs data in the order that it is received.

47. A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet?

when the router receives an ICMP Time Exceeded message

when the RTT value reaches zero

when the values of both the Echo Request and Echo Reply messages reach zero

when the host responds with an ICMP Echo Reply message

when the value in the TTL field reaches zero*

48. A network administrator is testing network connectivity by issuing the ping command on a router. Which symbol will be displayed to indicate that a time expired during the wait for an ICMP echo reply message?

U

.

!

$

49. A technician is configuring email on a mobile device. The user wants to be able to keep the original email on the server, organize it into folders, and synchronize the folders between the mobile device and the server. Which email protocol should the technician use?

SMTP

MIME

POP3

IMAP*

50. At which OSI layer is a source MAC address added to a PDU during the encapsulation process?

application layer

presentation layer

data link layer*

transport layer

51. Which value, that is contained in an IPv4 header field, is decremented by each router that receives a packet?

Time-to-Live*

Fragment Offset

Header Length

Differentiated Services

52. What are three responsibilities of the transport layer? (Choose three.)

identifying the applications and services on the client and server that should handle transmitted data*

conducting error detection of the contents in frames

meeting the reliability requirements of applications, if any*

directing packets towards the destination network

formatting data into a compatible form for receipt by the destination devices

multiplexing multiple communication streams from many users or applications on the same network*

Explanation:

The transport layer has several responsibilities. Some of the primary responsibilities include the following:
Tracking the individual communication streams between applications on the source and destination hosts
Segmenting data at the source and reassembling the data at the destination
Identifying the proper application for each communication stream through the use of port numbers
Multiplexing the communications of multiple users or applications over a single network
Managing the reliability requirements of applications

53. Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)​

route redirection*

neighbor solicitation

router solicitation

router advertisement

protocol unreachable*

Explanation: The ICMP messages common to both ICMPv4 and ICMPv6 include: host confirmation, destination (net, host, protocol, port) or service unreachable, time exceeded, and route redirection. Router solicitation, neighbor solicitation, and router advertisement are new protocols implemented in ICMPv6.


54. What mechanism is used by a router to prevent a received IPv4 packet from traveling endlessly on a network?

It checks the value of the TTL field and if it is 100, it discards the packet and sends a Destination Unreachable message to the source host.

It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.*

It checks the value of the TTL field and if it is 0, it discards the packet and sends a Destination Unreachable message to the source host.

It increments the value of the TTL field by 1 and if the result is 100, it discards the packet and sends a Parameter Problem message to the source host.

55. A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the host identifier of the device?

2001:0db8:cafe:4500:1000:00d8:0058:00ab

00ab

2001:0db8:cafe:4500

1000:00d8:0058:00ab*

56. What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)

DHCP*

PPP

FTP*

DNS*

NAT

ARP

 

Explanation:

DNS, DHCP, and FTP are all application layer protocols in the TCP/IP protocol suite. ARP and PPP are network access layer protocols, and NAT is an internet layer protocol in the TCP/IP protocol suite.

57. A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?

The computer has an invalid IP address.

The cable is not connected properly to the NIC.

The computer has an incorrect subnet mask.

The computer has an invalid default gateway address.*

Explanation:

The default gateway is the address of the device a host uses to access the Internet or another network. If the default gateway is missing or incorrect, that host will not be able to communicate outside the local network. Because the host can access other hosts on the local network, the network cable and the other parts of the IP configuration are working.

58. Which two commands can be used on a Windows host to display the routing table? (Choose two.)

netstat -r*

show ip route

netstat -s

route print*

tracert

Explanation:

On a Windows host, the route print or netstat -r commands can be used to display the host routing table. Both commands generate the same output. On a router, the show ip route command is used to display the routing table. The netstat -s command is used to display per-protocol statistics. The tracert command is used to display the path that a packet travels to its destination.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x