CyberOps Associate v1.0 – Modules 5 – 10: Network Fundamentals Group Exam Answers
1. When a wireless network in a small office is being set up, which type of IP addressing is typically used on the networked devices?
private
public
network
wireless
2. Which two parts are components of an IPv4 address? (Choose two.)
logical portion
host portion
broadcast portion
subnet portion
network portion
physical portion
3. Match each IPv4 address to the appropriate address category. (Not all options are used.)
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p3
host address:
192.168.100.161/25
203.0.113.100/24
network address:
10.10.10.128/25
172.110.12.64/28
broadcast address:
192.168.1.191/26
10.0.0.159/27
4. What is the full decompressed form of the IPv6 address 2001:420:59:0:1::a/64?
2001:4200:5900:0:1:0:0:a000
2001:0420:0059:0000:0001:0000:000a
2001:0420:0059:0000:0001:000a
2001:0420:0059:0000:0001:0000:0000:000a*
2001:420:59:0:1:0:0:a
2001:4200:5900:0000:1000:0000:0000:a000
Explanation: To decompress an IPv6 address, the two rules of compression must be reversed. Any 16-bit hextet that has less than four hex characters is missing the leading zeros that were removed. An IPv6 address should have a total of 8 groups of 16-bit hextets, a (::) can be replaced with consecutive zeros that were removed.
5. A cybersecurity analyst believes an attacker is spoofing the MAC address of the default gateway to perform a man-in-the-middle attack. Which command should the analyst use to view the MAC address a host is using to reach the default gateway?
route print
ipconfig /all
netstat -r
arp -a*
Explanation: ARP is a protocol used with IPv4 to map a MAC address to an associated specific IP address. The command arp -a will display the MAC address table on a Windows PC.
6. A user sends an HTTP request to a web server on a remote network. During encapsulation for this request, what information is added to the address field of a frame to indicate the destination?
the network domain of the destination host
the MAC address of the destination host
the IP address of the default gateway
the MAC address of the default gateway*
Explanation: A frame is encapsulated with source and destination MAC addresses. The source device will not know the MAC address of the remote host. An ARP request will be sent by the source and will be responded to by the router. The router will respond with the MAC address of its interface, the one which is connected to the same network as the source.
7. What addresses are mapped by ARP?
destination IPv4 address to the source MAC address
destination MAC address to a destination IPv4 address*
destination MAC address to the source IPv4 address
destination IPv4 address to the destination host name
8. What type of information is contained in an ARP table?
domain name to IP address mappings
switch ports associated with destination MAC addresses
routes to reach destination networks
IP address to MAC address mappings*
9. Match the characteristic to the protocol category. (Not all options are used.)
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p9
TCP:
3-wayhandshake
window size
UDP:
connectionless
best for VoIP
Both UDP and TCP:
Port number
checksum
Explanation: TCP uses 3-way handshaking as part of being able to provide reliable communication and window size to provide data flow control. UDP is a connectionless protocol that is great for video conferencing. Both TCP and UDP have port numbers to distinguish between applications and application windows and a checksum field for error detection.
10. What type of information is contained in a DNS MX record?
the IP address of an authoritative name server
the FQDN of the alias used to identify a service
the domain name mapped to mail exchange servers*
the IP address for an FQDN entry
Explanation: MX, or mail exchange messages, are used to map a domain name to several mail exchange servers that all belong to the same domain.
11. Match the application protocols to the correct transport protocols.
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p11
TCP: FTP, HTTP, SMTP.
UDP: TFTP, DHCP.
12. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the server send before it requires an acknowledgment from the PC?
1000 segments
100 segments
1 segment
10 segments*
Explanation: With a window of 1000 bytes, the destination host accepts segments until all 1000 bytes of data have been received. Then the destination host sends an acknowledgment.
13. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1 . What does this code represent?
port unreachable
network unreachable
protocol unreachable
host unreachable*
14. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?
beyond scope of the source address*
communication with the destination administratively prohibited
address unreachable
no route to destination
15. A user issues a ping 2001:db8:FACE:39::10 command and receives a response that includes a code of 2 . What does this code represent?
host unreachable
port unreachable
network unreachable
protocol unreachable*
Explanation: When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. The message will include a code that indicates why the packet could not be delivered. These are some of the Destination Unreachable codes for ICMPv4:
0 : net unreachable
1 : host unreachable
2 : protocol unreachable
3 : port unreachable
16. What message informs IPv6 enabled interfaces to use stateful DHCPv6 for obtaining an IPv6 address?
the ICMPv6 Router Solicitation
the DHCPv6 Advertise message
the DHCPv6 Reply message
the ICMPv6 Router Advertisement*
Explanation: Before an IPv6 enabled interface will use stateful DHCPv6 to obtain an IPv6 address, the interface must receive an ICMPv6 Router Advertisement with the managed configuration flag (M flag) set to 1.
17. What is the purpose of ICMP messages?
to inform routers about network topology changes
to ensure the delivery of an IP packet
to provide feedback of IP packet transmissions*
to monitor the process of a domain name to IP address resolution
18. Match the HTTP status code group to the type of message generated by the HTTP server.
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p18
client error: ~~> 4xx
redirection: ~~> 3xx
success: ~~> 2xx
informational: ~~> 1xx
server error: ~~> 5xx
19. What network service uses the WHOIS protocol?
HTTPS
DNS*
SMTP
FTP
Explanation: WHOIS is a TCP-based protocol that is used to identify the owners of internet domains through the DNS system.
20. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?
It sends a DHCPNAK and begins the DHCP process over again.
It accepts both DHCPOFFER messages and sends a DHCPACK.
It discards both offers and sends a new DHCPDISCOVER.
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.*
Explanation: If there are multiple DHCP servers in a network, it is possible for a client to receive more than one DHCPOFFER. In this scenario, the client will only send one DHCPREQUEST, which includes the server from which the client is accepting the offer.
21. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?
inside global*
inside local
outside global
outside local
22. Match each characteristic to the appropriate email protocol. (Not all options are used.)
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p22
POP:
does not require a centralized backup solution.
mail is deleted as it is downloaded.
desirable for an ISP or large business.
IMAP:
download copies of messages to be the client.
original messages must be manually deleted.
requires a larger a mount of disk space.
23. What is done to an IP packet before it is transmitted over the physical medium?
It is tagged with information guaranteeing reliable delivery.
It is segmented into smaller individual pieces.
It is encapsulated in a Layer 2 frame.*
It is encapsulated into a TCP segment.
Explanation: When messages are sent on a network, the encapsulation process works from the top of the OSI or TCP/IP model to the bottom. At each layer of the model, the upper layer information is encapsulated into the data field of the next protocol. For example, before an IP packet can be sent, it is encapsulated in a data link frame at Layer 2 so that it can be sent over the physical medium.
24. Which PDU is processed when a host computer is de-encapsulating a message at the transport layer of the TCP/IP model?
segment*
packet
frame
bits
25. Which networking model is being used when an author uploads one chapter document to a file server of a book publisher?
peer-to-peer
client/server*
master-slave
point-to-point
Explanation: In the client/server network model, a network device assumes the role of server in order to provide a particular service such as file transfer and storage. In the client/server network model, a dedicated server does not have to be used, but if one is present, the network model being used is the client/server model. In contrast, a peer-to-peer network does not have a dedicated server.
26. Which type of transmission is used to transmit a single video stream such as a web-based video conference to a select number of users?
anycast
broadcast
unicast
multicast*
Explanation: An anycast is used with IPv6 transmissions. A unicast is a transmission to a single host destination. A broadcast is a transmission sent to all hosts on a destination network.
27. Refer to the exhibit.
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p27
PC1 attempts to connect to File_server1 and sends an ARP request to obtain a destination MAC address. Which MAC address will PC1 receive in the ARP reply?
the MAC address of the GO/O interface on R2
the MAC address of S2
the MAC address of S1
the MAC address of File_server1
the MAC address of the GO/O interface on R1*
Explanation: PC1 must have a MAC address to use as a destination Layer 2 address. PC1 will send an ARP request as a broadcast and R1 will send back an ARP reply with its G0/0 interface MAC address. PC1 can then forward the packet to the MAC address of the default gateway, R1.
28. What is the result of an ARP poisoning attack?
Network clients are infected with a virus.
Network clients experience a denial of service.
Client memory buffers are overwhelmed.
Client information is stolen.*
Explanation: ARP poisoning is a technique used by an attacker to reply to an ARP request for an IPv4 address belonging to another device, such as the default gateway. The attacker, who is effectively doing an MITM attack, pretends to be the default gateway and sends an ARP reply to the transmitter of the ARP request. The receiver of the ARP reply will add the wrong MAC address to the ARP table and will send the packets to the attacker. Therefore, all traffic to the default gateway will funnel through the attacker device.
29. What is the function of the HTTP GET message?
to upload content to a web server from a web client
to retrieve client email from an email server using TCP port 110
to request an HTML page from a web server*
to send error information from a web server to a web client
30. Which protocol is a client/server file sharing protocol and also a request/response protocol?
FTP
UDP
TCP
SMB*
Explanation:
The Server Message Block (SMB) is a client/server file sharing protocol that describes the structure of shared network resources such as directories, files, printers, and serial ports. SMB is also a request/response protocol.
31. How is a DHCPDISCOVER transmitted on a network to reach a DHCP server?
A DHCPDISCOVER message is sent with the broadcast IP address as the destination address.*
A DHCPDISCOVER message is sent with a multicast IP address that all DHCP servers listen to as the destination address.
A DHCPDISCOVER message is sent with the IP address of the default gateway as the destination address.
A DHCPDISCOVER message is sent with the IP address of the DHCP server as the destination address.
32. What is a description of a DNS zone transfer?
transferring blocks of DNS data from a DNS server to another server*
the action taken when a DNS server sends a query on behalf of a DNS resolver
forwarding a request from a DNS server in a subdomain to an authoritative source
finding an address match and transferring the numbered address from a DNS server to the original requesting client
Explanation: When a server requires data for a zone, it will request a transfer of that data from an authoritative server for that zone. The process of transferring blocks of DNS data between servers is known as a zone transfer.
33. What are the two sizes (minimum and maximum) of an Ethernet frame? (Choose two.)
128 bytes
64 bytes
1024 bytes
56 bytes
1518 bytes*
34. Which process failed if a computer cannot access the internet and received an IP address of 169.254.142.5?
DNS
IP
HTTP
DHCP*
35. Which statement describes a feature of the IP protocol?
IP relies on Layer 2 protocols for transmission error control.
MAC addresses are used during the IP packet encapsulation.
IP relies on upper layer services to handle situations of missing or out-of-order packets.*
IP encapsulation is modified based on network media.
Explanation: IP protocol is a connection-less protocol, considered unreliable in terms of end-to-end delivery. It does not provide error control in the cases where receiving packets are out-of-order or in cases of missing packets. It relies on upper layer services, such as TCP, to resolve these issues.
36. What is a basic characteristic of the IP protocol?
connectionless*
media dependent
user data segmentation
reliable end-to-end delivery
37. Which statement describes the ping and tracert commands?
Both ping and tracert can show results in a graphical display.
Ping shows whether the transmission is successful; tracert does not.
Tracert shows each hop, while ping shows a destination reply only.*
Tracert uses IP addresses; ping does not.
38. A large corporation has modified its network to allow users to access network resources from their personal laptops and smart phones. Which networking trend does this describe?
cloud computing
video conferencing
online collaboration
bring your own device*
39. Match each description to its corresponding term. (Not all options are used.)
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p39
message encoding : the process of converting information from one format into another acceptable for transmission
message sizing : the process of breaking up a long message into individual pieces before being sent over the network
message encapsulation : the process of placing one message format inside another message format
(Empty) : the process of determining when to begin sending messages on a network
(Empty) : the process of unpacking one message format from another message format
40. Which method would an IPv6-enabled host using SLAAC employ to learn the address of the default gateway?
router advertisement messages received from the link router*
router solicitation messages received from the link router
neighbor advertisement messages received from link neighbors
neighbor solicitation messages sent to link neighbors
41. Refer to the exhibit.
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p41
This PC is unable to communicate with the host at 172.16.0.100. What information can be gathered from the displayed output?
The target host is turned off.
The communication fails after the default gateway.*
172.16.0.100 is only a single hop away.
This PC has the wrong subnet configured on its NIC
Explanation: The tracert command shows the path a packet takes through the network to the destination. In this example, only a response from the first router in the path is received, and all other responses time out. The first router is the default gateway for this host, and because a response is received from the router, it can be assumed that this host is on the same subnet as the router.
42. A user issues a ping 192.168.250.103 command and receives a response that includes a code of 1. What does this code represent?
network unreachable
port unreachable
protocol unreachable
host unreachable*
43. What are three responsibilities of the transport layer? (Choose three.)
identifying the applications and services on the client and server that should handle transmitted data*
conducting error detection of the contents in frames
meeting the reliability requirements of applications, if any*
directing packets towards the destination network
formatting data into a compatible form for receipt by the destination devices
multiplexing multiple communication streams from many users or applications on the same network*
Explanation:
The transport layer has several responsibilities. Some of the primary responsibilities include the following:
Tracking the individual communication streams between applications on the source and destination hosts
Segmenting data at the source and reassembling the data at the destination
Identifying the proper application for each communication stream through the use of port numbers
Multiplexing the communications of multiple users or applications over a single network
Managing the reliability requirements of applications
44. How does network scanning help assess operations security?
It can detect open TCP ports on network systems.*
It can detect weak or blank passwords.
It can simulate attacks from malicious sources.
It can log abnormal activity.
Explanation: Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack.
45. Refer to the exhibit.
CyberOps Associate v1.0 – Modules 5 – 10 Exam Answers p45
A network security analyst is examining captured data using Wireshark. The captured frames indicate that a host is downloading malware from a server. Which source port is used by the host to request the download?
66
1514
6666
48598*
46. Which two operations are provided by TCP but not by UDP? (Choose two.)
retransmitting any unacknowledged data*
acknowledging received data*
reconstructing data in the order received
identifying the applications
tracking individual conversations
Explanation:
Numbering and tracking data segments, acknowledging received data, and retransmitting any unacknowledged data are reliability operations to ensure that all of the data arrives at the destination. UDP does not provide reliability. Both TCP and UDP identify the applications and track individual conversations. UDP does not number data segments and reconstructs data in the order that it is received.
47. A user is executing a tracert to a remote device. At what point would a router, which is in the path to the destination device, stop forwarding the packet?
when the router receives an ICMP Time Exceeded message
when the RTT value reaches zero
when the values of both the Echo Request and Echo Reply messages reach zero
when the host responds with an ICMP Echo Reply message
when the value in the TTL field reaches zero*
48. A network administrator is testing network connectivity by issuing the ping command on a router. Which symbol will be displayed to indicate that a time expired during the wait for an ICMP echo reply message?
U
.
!
$
49. A technician is configuring email on a mobile device. The user wants to be able to keep the original email on the server, organize it into folders, and synchronize the folders between the mobile device and the server. Which email protocol should the technician use?
SMTP
MIME
POP3
IMAP*
50. At which OSI layer is a source MAC address added to a PDU during the encapsulation process?
application layer
presentation layer
data link layer*
transport layer
51. Which value, that is contained in an IPv4 header field, is decremented by each router that receives a packet?
Time-to-Live*
Fragment Offset
Header Length
Differentiated Services
52. What are three responsibilities of the transport layer? (Choose three.)
identifying the applications and services on the client and server that should handle transmitted data*
conducting error detection of the contents in frames
meeting the reliability requirements of applications, if any*
directing packets towards the destination network
formatting data into a compatible form for receipt by the destination devices
multiplexing multiple communication streams from many users or applications on the same network*
Explanation:
The transport layer has several responsibilities. Some of the primary responsibilities include the following:
Tracking the individual communication streams between applications on the source and destination hosts
Segmenting data at the source and reassembling the data at the destination
Identifying the proper application for each communication stream through the use of port numbers
Multiplexing the communications of multiple users or applications over a single network
Managing the reliability requirements of applications
53. Which two ICMP messages are used by both IPv4 and IPv6 protocols? (Choose two.)
route redirection*
neighbor solicitation
router solicitation
router advertisement
protocol unreachable*
Explanation: The ICMP messages common to both ICMPv4 and ICMPv6 include: host confirmation, destination (net, host, protocol, port) or service unreachable, time exceeded, and route redirection. Router solicitation, neighbor solicitation, and router advertisement are new protocols implemented in ICMPv6.
54. What mechanism is used by a router to prevent a received IPv4 packet from traveling endlessly on a network?
It checks the value of the TTL field and if it is 100, it discards the packet and sends a Destination Unreachable message to the source host.
It decrements the value of the TTL field by 1 and if the result is 0, it discards the packet and sends a Time Exceeded message to the source host.*
It checks the value of the TTL field and if it is 0, it discards the packet and sends a Destination Unreachable message to the source host.
It increments the value of the TTL field by 1 and if the result is 100, it discards the packet and sends a Parameter Problem message to the source host.
55. A device has been assigned the IPv6 address of 2001:0db8:cafe:4500:1000:00d8:0058:00ab/64. Which is the host identifier of the device?
2001:0db8:cafe:4500:1000:00d8:0058:00ab
00ab
2001:0db8:cafe:4500
1000:00d8:0058:00ab*
56. What three application layer protocols are part of the TCP/IP protocol suite? (Choose three.)
DHCP*
PPP
FTP*
DNS*
NAT
ARP
Explanation:
DNS, DHCP, and FTP are all application layer protocols in the TCP/IP protocol suite. ARP and PPP are network access layer protocols, and NAT is an internet layer protocol in the TCP/IP protocol suite.
57. A computer can access devices on the same network but cannot access devices on other networks. What is the probable cause of this problem?
The computer has an invalid IP address.
The cable is not connected properly to the NIC.
The computer has an incorrect subnet mask.
The computer has an invalid default gateway address.*
Explanation:
The default gateway is the address of the device a host uses to access the Internet or another network. If the default gateway is missing or incorrect, that host will not be able to communicate outside the local network. Because the host can access other hosts on the local network, the network cable and the other parts of the IP configuration are working.
58. Which two commands can be used on a Windows host to display the routing table? (Choose two.)
netstat -r*
show ip route
netstat -s
route print*
tracert
Explanation:
On a Windows host, the route print or netstat -r commands can be used to display the host routing table. Both commands generate the same output. On a router, the show ip route command is used to display the routing table. The netstat -s command is used to display per-protocol statistics. The tracert command is used to display the path that a packet travels to its destination.
Good!!!