CompTIA N10-009 Network+ Exam Dumps and Practice Test Questions Set 6 Q76-90

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 76

Which type of attack involves intercepting and altering communication between two parties without their knowledge?

A) Phishing
B) Man-in-the-Middle
C) Denial-of-Service
D) Replay

Answer: B) Man-in-the-Middle

Explanation:

A Man-in-the-Middle attack occurs when an attacker secretly intercepts, monitors, and potentially alters communication between two parties without their knowledge. This type of attack is particularly dangerous because both participants believe they are communicating directly and securely, while the attacker can capture sensitive data, inject malicious commands, or manipulate information. Man-in-the-Middle attacks can target a wide range of protocols, including web traffic, email communications, VPN connections, and wireless networks. They often exploit vulnerabilities in unencrypted connections or weak authentication methods, making secure protocols such as HTTPS, TLS, and VPNs crucial for mitigation.

Phishing attacks are designed to trick users into providing sensitive information through deceptive emails, websites, or messages. Phishing does not involve direct interception of ongoing communications, but rather relies on social engineering to obtain credentials or sensitive data. Denial-of-Service attacks flood a target with traffic to render services unavailable, focusing on availability rather than interception or data manipulation. Replay attacks capture and retransmit valid data to trick systems into executing unauthorized operations, but they do not involve real-time interception and alteration of ongoing communications like a Man-in-the-Middle attack does.

Man-in-the-Middle attacks can occur in multiple forms. In passive attacks, the attacker only eavesdrops, capturing sensitive information such as login credentials, financial transactions, or confidential messages without altering them. In active attacks, the attacker injects or modifies data, potentially redirecting funds, altering communications, or inserting malicious scripts. Wireless networks, particularly public Wi-Fi, are highly susceptible to these attacks because attackers can position themselves between clients and access points, capturing traffic and performing packet manipulation.

Mitigation techniques include the use of encryption protocols such as TLS for web traffic, VPNs for secure remote access, and mutual authentication mechanisms to verify the identities of communicating parties. Strong cryptographic algorithms, certificate verification, and secure key exchange prevent attackers from decrypting and manipulating traffic. Network monitoring, intrusion detection systems, and anomaly detection can also help identify suspicious activity indicative of ongoing Man-in-the-Middle attacks.

The correct answer is Man-in-the-Middle because it uniquely combines interception, potential data alteration, and deception, making it one of the most sophisticated and impactful forms of network attack. Understanding its mechanisms, detection strategies, and prevention measures is critical for maintaining the integrity, confidentiality, and trustworthiness of communications across modern networks. In enterprise environments, securing communications against this type of attack is a top priority, particularly for sensitive applications such as financial systems, healthcare data, or corporate email. Proper use of encryption, authentication, and vigilant monitoring forms the cornerstone of defense against Man-in-the-Middle attacks.

Question 77

Which type of switch configuration separates a network into multiple logical broadcast domains?

A) Layer 1 Switch
B) Layer 2 Switch
C) VLAN
D) Trunk Port

Answer: C) VLAN

Explanation:

A Virtual Local Area Network, or VLAN, is a logical partition of a network that separates devices into multiple broadcast domains, even if they are physically connected to the same switch. VLANs reduce unnecessary broadcast traffic, enhance network security by isolating sensitive departments or groups, and improve performance by limiting the scope of broadcast messages. Each VLAN functions as an independent Layer 2 domain, requiring a Layer 3 device such as a router to route traffic between VLANs. VLANs are widely used in enterprise environments to logically separate different functional areas such as finance, human resources, and IT, while maintaining physical infrastructure efficiency.

Layer 1 switches operate at the physical layer and do not perform any logical segmentation or forwarding beyond electrical signal repetition. They cannot separate broadcast domains, meaning that all devices connected to a Layer 1 switch are part of the same collision and broadcast domains. Layer 2 switches operate at the data link layer and forward frames based on MAC addresses. While they can segment collision domains per port, all ports on a standard Layer 2 switch belong to a single broadcast domain unless VLANs are configured.

Trunk ports are used to carry traffic for multiple VLANs between switches or to Layer 3 devices. They do not themselves create broadcast domains but allow VLAN traffic to traverse multiple switches while maintaining VLAN separation. Trunking is a mechanism to support multiple VLANs, but it is not the solution for creating logical separation.

The correct answer is VLAN because it provides logical broadcast domain separation, allowing network administrators to segment traffic without requiring additional physical switches. VLANs enhance security, reduce congestion, and allow scalable network designs. By implementing VLANs, organizations can logically group devices by function, department, or security level, while maintaining centralized management and efficient use of network resources. VLANs can also support quality of service policies, traffic shaping, and security controls specific to particular segments, making them indispensable in modern network architecture.

Question 78

Which protocol dynamically assigns IP addresses to hosts on a network?

A) DNS
B) DHCP
C) NAT
D) ICMP

Answer: B) DHCP

Explanation:

Dynamic Host Configuration Protocol, or DHCP, is a network protocol used to dynamically assign IP addresses, subnet masks, default gateways, and other configuration information to hosts on a network. DHCP automates the process of IP address allocation, reducing administrative overhead and preventing address conflicts. When a host joins a network, it broadcasts a DHCP discovery request. A DHCP server responds with an offer, and the host requests the lease. The server then assigns an IP address along with configuration parameters for a limited lease period, which can be renewed as needed. This process ensures efficient use of IP addresses and simplifies network management, particularly in large-scale environments where manual configuration would be error-prone and time-consuming.

DNS translates hostnames into IP addresses but does not assign addresses to devices. NAT translates private IP addresses to public addresses for internet communication but does not dynamically allocate IP addresses to hosts. ICMP is used for diagnostics and error reporting, such as ping and traceroute, and does not provide configuration or address allocation.

The correct answer is DHCP because it enables automated IP assignment and network configuration, supporting dynamic environments where devices frequently connect and disconnect. DHCP reduces the risk of misconfiguration, improves scalability, and simplifies administrative tasks. It is widely deployed in both enterprise and home networks and is essential for efficient IP address management and consistent network connectivity.

Question 79

Which network topology connects all devices in a closed loop and sends traffic in one direction?

A) Star
B) Ring
C) Mesh
D) Bus

Answer: B) Ring

Explanation:

A ring topology connects devices in a closed loop, where each device is connected to two neighbors, and data travels in a unidirectional or bidirectional path around the ring. Ring topologies are used in networks such as FDDI or Token Ring, where a token-passing protocol controls access to the network. Only the device with the token can transmit, preventing collisions and ensuring orderly communication. Ring topologies can provide predictable performance because each device receives an equal opportunity to transmit, and traffic flows sequentially. Fault tolerance can be achieved by implementing a secondary counter-rotating ring or redundant links to maintain connectivity if a single segment fails.

Star topology connects all devices to a central hub or switch. It is simple to implement and troubleshoot, but it relies on the central device for connectivity. Mesh topology provides multiple paths between devices, enhancing redundancy and reliability but increasing complexity. Bus topology uses a single shared medium, and collisions must be managed using protocols like CSMA/CD.

The correct answer is ring because it connects devices in a loop and uses token passing to regulate traffic in a single direction. This topology provides predictable performance, collision avoidance, and is particularly suitable for legacy networks or specialized industrial applications where deterministic communication is required.

Question 80

Which protocol is used to remotely manage network devices over a secure encrypted connection?

A) Telnet
B) SSH
C) FTP
D) TFTP

Answer: B) SSH

Explanation:

SSH, or Secure Shell, is a protocol used to remotely manage network devices over a secure, encrypted connection. SSH provides authentication and encryption, ensuring that commands, passwords, and data transmitted between the client and device are protected from eavesdropping or tampering. It is widely used by network administrators to configure routers, switches, firewalls, and servers securely over IP networks. SSH supports both password-based and key-based authentication, allowing for strong security practices and automation. Unlike Telnet, which transmits data in plaintext and is vulnerable to interception, SSH ensures confidentiality, integrity, and protection against replay attacks. SSH also provides features like secure file transfer (SCP, SFTP) and tunneling for forwarding network traffic securely.

Telnet allows remote management but lacks encryption, making it unsuitable for secure environments. FTP and TFTP are used for file transfers and do not provide a secure remote management interface.

The correct answer is SSH because it combines remote access, management capabilities, and strong encryption, protecting credentials and data during administrative tasks. SSH is essential for secure network operations, especially in environments where sensitive configurations or critical infrastructure are managed remotely.

Question 81

Which type of attack involves overwhelming a target system with excessive traffic to make services unavailable?

A) Phishing
B) Denial-of-Service
C) SQL Injection
D) Cross-site Scripting

Answer: B) Denial-of-Service

Explanation:

A Denial-of-Service (DoS) attack is a type of network attack where the attacker intentionally floods a target system, server, or network with excessive traffic, rendering services unavailable to legitimate users. The attack targets the availability aspect of the CIA triad, focusing on disrupting operations rather than stealing or altering data. DoS attacks can consume network bandwidth, exhaust system resources, or exploit application vulnerabilities to crash services. They are executed using various techniques, including sending malformed packets, overloading servers with repeated requests, or exploiting weaknesses in protocol implementations. The consequences of a successful DoS attack can range from minor service degradation to complete service outage, leading to financial loss, reputational damage, and potential regulatory penalties. In enterprise networks, DoS attacks often affect websites, email servers, VPNs, and other critical infrastructure.

Phishing attacks rely on social engineering to trick users into revealing sensitive information, such as usernames, passwords, or financial details. Phishing targets the confidentiality of information rather than the availability of services. SQL Injection attacks exploit vulnerabilities in web applications that interact with databases by inserting malicious SQL commands to access or manipulate data. While SQL injection can compromise integrity and confidentiality, it does not inherently flood or disable services. Cross-site Scripting (XSS) attacks inject malicious scripts into web pages to target users, steal credentials, or manipulate content. XSS impacts the client side and does not typically disrupt the overall availability of the server or network services.

Denial-of-Service attacks can be categorized as volumetric, protocol, or application-layer attacks. Volumetric attacks consume bandwidth by sending a high volume of traffic, such as ICMP floods, UDP floods, or amplification attacks. Protocol attacks exploit weaknesses in network protocols, such as TCP SYN floods, to overwhelm resources on firewalls, routers, or servers. Application-layer attacks target specific functions within applications, such as HTTP request floods, which can exhaust resources and prevent legitimate requests from being processed. Distributed Denial-of-Service (DDoS) attacks amplify the impact by using multiple compromised systems, known as botnets, to generate massive traffic volumes toward a target, making mitigation more complex.

Mitigating DoS attacks involves a combination of network design, filtering, monitoring, and specialized services. Network architectures may include redundant links, load balancers, and high-capacity bandwidth to absorb traffic surges. Firewalls and intrusion prevention systems can detect and block suspicious traffic patterns. Anti-DDoS services offered by cloud providers can filter malicious traffic before it reaches critical infrastructure. Rate limiting, traffic shaping, and anomaly detection can further reduce the effectiveness of DoS attacks. Early detection and response are crucial to minimize downtime and operational impact.

The correct answer is Denial-of-Service because it specifically targets the availability of network resources by overwhelming systems with excessive traffic, making them inaccessible to legitimate users. Understanding the different types of DoS attacks, their mechanisms, and mitigation strategies is critical for maintaining network resiliency, ensuring business continuity, and protecting enterprise applications and services. Denial-of-Service attacks remain a prevalent threat due to their relative ease of execution and potential for significant disruption, requiring comprehensive planning, monitoring, and layered defense strategies in modern networks. Organizations implement monitoring, traffic analysis, and automated response mechanisms to detect abnormal traffic patterns and mitigate potential attacks. Redundant systems, failover mechanisms, and cloud-based scrubbing centers help maintain service availability even under attack. Security teams must also regularly update firewalls, intrusion detection systems, and anti-DDoS solutions to adapt to evolving attack techniques. Education and awareness among employees reduces the likelihood of indirect attacks that could aid in launching DoS attacks, such as malware infections or botnet recruitment. Network administrators and security professionals must simulate DoS scenarios, test response plans, and maintain rapid incident response procedures to minimize downtime and maintain trust with customers and stakeholders.

Question 82

Which protocol is used to encrypt and secure email communication between clients and servers?

A) SMTP
B) IMAP
C) S/MIME
D) FTP

Answer: C) S/MIME

Explanation:

S/MIME, or Secure/Multipurpose Internet Mail Extensions, is a protocol designed to provide encryption, integrity, and authentication for email communications. It allows users to send emails that are encrypted to protect confidentiality, digitally signed to verify the sender’s identity, and tamper-evident to ensure message integrity. S/MIME uses asymmetric cryptography, including public and private key pairs, to encrypt and decrypt messages, ensuring that only the intended recipient can read the contents. Digital signatures authenticate the sender and prevent spoofing, while cryptographic hashing ensures the message has not been altered in transit. S/MIME is widely used in enterprise environments and by government agencies to secure sensitive communications.

SMTP is the standard protocol for sending email, but it does not provide encryption or authentication by itself. IMAP is used to retrieve messages from a mail server and supports folder management, but it does not inherently encrypt or sign emails. FTP is used for file transfers and is unrelated to email security.

S/MIME operates seamlessly with existing email clients, allowing users to send and receive secure messages without changing their workflow. It integrates with certificate authorities (CAs) to validate digital certificates and ensure trust between communicating parties. Certificates can be issued to individuals, organizations, or devices to verify identity and enhance security. Proper key management, including secure storage of private keys and certificate revocation mechanisms, is essential to maintain the integrity of S/MIME-based communications.

The correct answer is S/MIME because it provides encryption, authentication, and integrity for email communications, making it essential for securing sensitive messages, ensuring compliance with privacy regulations, and protecting against interception or spoofing. Enterprises implement S/MIME to safeguard intellectual property, financial information, legal communications, and personal data transmitted over email, thereby maintaining trust and confidentiality.

Question 83

Which wireless security standard uses AES encryption and is considered highly secure for modern Wi-Fi networks?

A) WEP
B) WPA
C) WPA2
D) WPA3

Answer: C) WPA2

Explanation:

WPA2, or Wi-Fi Protected Access 2, is a wireless security standard that uses Advanced Encryption Standard (AES) for encrypting data transmitted over Wi-Fi networks. AES provides strong encryption, making WPA2 highly secure and resistant to common attacks such as key cracking or eavesdropping. WPA2 replaced WPA, which relied on TKIP encryption and was vulnerable to certain attacks. WPA2 is widely deployed in enterprise and home networks, ensuring the confidentiality and integrity of wireless communications. It supports both personal (pre-shared key) and enterprise (802.1X authentication with RADIUS) modes, providing flexibility for small networks and large organizations. WPA2 also includes mechanisms for replay protection and per-packet key rotation, further enhancing security.

WEP is an outdated standard with significant vulnerabilities, including weak key management and easily crackable encryption. WPA was an intermediate improvement over WEP but relied on TKIP, which is less secure than AES. WPA3 is the latest standard, providing additional protections such as forward secrecy and enhanced password-based authentication, but WPA2 remains the most widely supported AES-based security protocol.

The correct answer is WPA2 because it implements AES encryption, ensuring strong security for modern Wi-Fi networks. WPA2 is essential for protecting sensitive communications, preventing unauthorized access, and maintaining the confidentiality of wireless data. Organizations and individuals continue to rely on WPA2 as the minimum standard for Wi-Fi security.

Question 84

Which protocol is used to securely transfer files over a network using encryption?

A) FTP
B) TFTP
C) SFTP
D) HTTP

Answer: C) SFTP

Explanation:

SFTP, or Secure File Transfer Protocol, provides secure file transfer over a network by encrypting both the data and authentication credentials. SFTP operates over the SSH protocol, ensuring confidentiality, integrity, and authentication. Unlike FTP, which transmits credentials and data in plaintext, SFTP protects files from interception and tampering, making it suitable for transferring sensitive information across untrusted networks. SFTP supports multiple operations, including file uploads, downloads, directory listings, and permission management, all securely encrypted. It is widely used by enterprises for secure backups, configuration file transfers, and remote management of critical data.

File Transfer Protocol (FTP) is a widely used standard for transferring files over a network, but it has significant security limitations. FTP operates by establishing two separate channels between the client and the server: a control channel for commands and responses, and a data channel for transferring files. While it is efficient and supports features like directory navigation, file upload, download, and resume functionality, FTP transmits both data and authentication credentials in plaintext by default. This means that usernames, passwords, and file contents can be intercepted by attackers who have access to the network, such as on unsecured Wi-Fi or compromised routers. Because of this inherent lack of encryption, FTP is highly vulnerable to eavesdropping, man-in-the-middle attacks, and credential compromise. To mitigate these risks, secure alternatives such as FTPS (FTP over SSL/TLS) or SFTP (SSH File Transfer Protocol) are often recommended, as they provide encryption and authentication mechanisms to protect both credentials and transferred data.

Trivial File Transfer Protocol (TFTP) is a simpler, lightweight protocol primarily designed for basic file transfer tasks, such as booting devices, updating firmware, or transferring configuration files in controlled environments. Unlike FTP, TFTP does not require authentication, nor does it provide any form of encryption. While this simplicity reduces overhead and makes it easier to implement on devices with limited resources, it also introduces significant security risks. Without authentication, anyone with network access can request or upload files to a TFTP server, and without encryption, all transferred data can be easily intercepted. As a result, TFTP is suitable only for secure, isolated networks where access can be tightly controlled, such as internal device provisioning or administrative tasks, and it should not be used for transferring sensitive information over untrusted networks.

Hypertext Transfer Protocol (HTTP), by contrast, is primarily a web protocol used to transmit web pages, scripts, and other content from servers to clients over the Internet. HTTP is not designed for secure file transfer and does not provide native mechanisms for authentication or encryption of transferred files. Data sent over HTTP travels in plaintext, similar to FTP, and can be intercepted or modified by attackers during transmission. While HTTP can technically carry files as part of web content or form uploads, it lacks the robust file management features of FTP or TFTP and does not provide the integrity or confidentiality protections required for secure file exchange. Secure file transfer over the web typically relies on HTTPS, which is HTTP over SSL/TLS, providing encryption and authentication to protect data in transit.

FTP, TFTP, and HTTP each serve different purposes but share critical security limitations in their default forms. FTP provides robust file management features, but transmits data and credentials unencrypted, making it vulnerable to interception. TFTP is extremely lightweight and simple, but lacks both authentication and encryption, restricting its safe use to controlled environments. HTTP is designed for web content delivery and does not inherently support secure file transfer, requiring HTTPS for confidentiality and integrity. Understanding these differences is essential for selecting the appropriate protocol based on the security requirements, network environment, and type of data being transferred.

The correct answer is SFTP because it encrypts file transfers, authenticates users, and maintains data integrity, making it essential for secure network operations and compliance with data protection regulations. Organizations use SFTP for the secure exchange of financial data, sensitive documents, and configuration files.

Question 85

Which protocol resolves MAC addresses to IP addresses within a local network?

A) DNS
B) ARP
C) RARP
D) ICMP

Answer: B) ARP

Explanation:

ARP, or Address Resolution Protocol, resolves MAC addresses to IP addresses within a local network. When a device needs to send a packet to another host on the same subnet, it uses ARP to discover the destination MAC address corresponding to the IP address. ARP broadcasts a request asking “Who has this IP?” and the device with that IP responds with its MAC address. ARP is fundamental to IPv4 networking, enabling devices to communicate at Layer 2 by mapping logical IP addresses to physical hardware addresses.

DNS resolves hostnames to IP addresses, not MAC addresses. RARP resolves IP addresses from MAC addresses, but is rarely used today. ICMP is used for diagnostics and error messaging, but does not perform address resolution.

The correct answer is ARP because it is essential for translating IP addresses into MAC addresses for local delivery, enabling Ethernet and other Layer 2 communications to function efficiently. ARP also plays a role in troubleshooting network connectivity and understanding local network behavior.

Question 86

Which type of network attack captures and retransmits valid data to trick a system into performing unauthorized actions?

A) Replay Attack
B) Man-in-the-Middle
C) Denial-of-Service
D) Phishing

Answer:  A) Replay Attack

Explanation:

A replay attack is a network security threat in which an attacker captures valid data transmissions, such as authentication credentials, messages, or transaction information, and retransmits them at a later time to trick a system into executing unauthorized actions. The primary goal of a replay attack is to gain unauthorized access, impersonate legitimate users, or manipulate transactions without altering the original content. Replay attacks exploit the fact that many authentication and communication protocols assume that each transmitted message is unique and valid only at the moment of transmission. If the system cannot distinguish between an original message and a replayed copy, the attacker can exploit this vulnerability to gain access or manipulate services.

Replay attacks are particularly common in networks that do not use timestamps, sequence numbers, or cryptographic nonces in their protocols. For example, an attacker may capture a valid login request from a user and retransmit it to gain unauthorized access to a system. Similarly, in financial systems, an attacker could intercept a legitimate transaction and replay it to duplicate a payment or transfer funds illicitly. The effectiveness of a replay attack depends on the attacker’s ability to intercept messages and the system’s lack of protection against reused transmissions.

Man-in-the-Middle attacks involve real-time interception and potential modification of communication between two parties. While similar in that the attacker gains access to network traffic, Man-in-the-Middle attacks differ because the attacker can actively alter or inject messages rather than simply replay valid data. Denial-of-Service attacks aim to disrupt availability by overwhelming systems with traffic, focusing on preventing legitimate users from accessing services rather than capturing and retransmitting data. Phishing attacks rely on social engineering techniques to trick users into providing sensitive information, which is fundamentally different from replay attacks that exploit protocol weaknesses.

Mitigation techniques for replay attacks include the use of timestamps, sequence numbers, nonces, and cryptographic protocols such as TLS or IPsec that provide replay protection. Timestamps ensure that messages are only valid within a short, defined time window, preventing old messages from being accepted. Sequence numbers allow systems to track the order of messages and reject duplicates. Nonces, which are random numbers used only once per transaction, provide an additional layer of protection by making each authentication attempt unique. Encrypted communication channels prevent attackers from intercepting messages in the first place, while digital signatures or message authentication codes verify the integrity and authenticity of transmitted data.

Replay attacks are a significant threat in financial systems, secure authentication protocols, and distributed applications where sensitive data is transmitted over untrusted networks. Their impact can range from unauthorized access and data manipulation to financial loss and reputational damage. By implementing secure protocols, proper time synchronization, and robust message validation mechanisms, organizations can prevent replay attacks and ensure that communications remain both authentic and resistant to exploitation. Understanding the mechanisms, consequences, and prevention strategies of replay attacks is critical for network administrators, security professionals, and developers who design secure systems. Comprehensive testing of authentication protocols, encryption methods, and sequence validation is essential to detect potential vulnerabilities that could be exploited by replay attacks. Replay protection is especially vital for IoT devices, cloud services, and mobile applications, where communication may traverse multiple networks and be exposed to interception.

The correct answer is a replay attack because it specifically involves capturing valid messages and retransmitting them to trick systems into unauthorized actions. Effective defense requires a combination of encryption, message validation, and protocol-level protections to ensure data integrity, prevent unauthorized reuse, and maintain trust in network communications. Organizations must prioritize training, monitoring, and regular audits to ensure that systems remain resilient against replay attacks and similar threats, supporting secure and reliable network operations across enterprise environments.

Question 87

Which protocol provides secure remote access to network devices over an encrypted session and supports key-based authentication?

A) Telnet
B) SSH
C) FTP
D) HTTP

Answer: B) SSH

Explanation:

SSH, or Secure Shell, is a network protocol that provides secure remote access to network devices and servers over an encrypted session. It replaces insecure protocols such as Telnet by encrypting all transmitted data, including passwords and commands, ensuring confidentiality and integrity. SSH operates over TCP, typically on port 22, and supports authentication using passwords, public/private key pairs, or both. Key-based authentication enhances security by allowing clients to authenticate with a cryptographic key instead of a password, reducing the risk of credential theft or brute-force attacks. SSH is widely used by network administrators, system administrators, and DevOps teams to configure routers, switches, firewalls, servers, and cloud instances securely.

Telnet provides remote access to devices but transmits data in plaintext, making it vulnerable to eavesdropping, man-in-the-middle attacks, and credential theft. FTP is used for file transfers and does not provide secure remote command execution. HTTP is a web protocol that transmits content and requests over plaintext unless combined with TLS to form HTTPS. None of these alternatives provides the combined remote access and encryption features that SSH offers.

SSH provides additional security features, such as encrypted tunnels, port forwarding, secure file transfer (SFTP), and secure copy (SCP). Encrypted tunnels allow administrators to forward traffic securely between devices, while SFTP and SCP provide secure methods for uploading, downloading, and managing files over the network. SSH also includes features for strong session integrity, protecting against message tampering and replay attacks. Public key authentication ensures that only clients with a valid private key can establish a session with the server, reducing reliance on passwords and minimizing the risk of brute-force attacks.

SSH has become the standard protocol for secure network management due to its robustness, encryption, and flexibility. It supports both interactive terminal sessions and automated operations, allowing administrators to deploy scripts, manage configuration files, and perform maintenance tasks remotely. Many enterprise network devices and cloud services include SSH support out of the box, ensuring compatibility and secure communication across diverse environments. SSH also supports logging and auditing, allowing organizations to track administrative access, detect unauthorized attempts, and comply with regulatory requirements.

The correct answer is SSH because it provides encrypted remote access, key-based authentication, secure file transfers, and robust session management. By replacing insecure protocols such as Telnet, SSH ensures that network operations can be conducted safely even over untrusted networks. Effective SSH deployment includes strong key management, disabling password authentication when possible, regularly rotating keys, and enforcing access controls based on user roles. Training administrators on best practices for SSH use, such as protecting private keys and monitoring SSH logs, further enhances security.

SSH is essential for maintaining secure network operations, supporting remote administration, automation, and secure file transfers. Its encryption protects against eavesdropping and data manipulation, while key-based authentication ensures only authorized users can access devices. Organizations rely on SSH to maintain the integrity, confidentiality, and availability of network infrastructure. By implementing SSH correctly, enterprises mitigate risks associated with insecure protocols, strengthen compliance with security policies, and ensure operational resilience. Secure deployment of SSH, combined with proper monitoring and auditing, provides a foundation for trusted and reliable management of critical network infrastructure.

Question 88

Which type of attack manipulates the ARP cache to redirect traffic on a local network to the attacker’s machine?

A) ARP Spoofing
B) DNS Poisoning
C) MAC Flooding
D) IP Spoofing

Answer:  A) ARP Spoofing

Explanation:

ARP spoofing, also called ARP poisoning, is a network attack where an attacker sends falsified Address Resolution Protocol (ARP) messages to associate their MAC address with the IP address of another device, usually the default gateway, on a local area network. This enables the attacker to intercept, modify, or redirect network traffic intended for other devices. ARP spoofing exploits the trust-based ARP mechanism used in IPv4 networks, where devices dynamically map IP addresses to MAC addresses to facilitate local network communication. Since ARP does not authenticate messages, attackers can send malicious ARP replies, tricking hosts into updating their ARP cache with incorrect information.

DNS poisoning manipulates DNS entries to redirect domain name lookups to malicious IP addresses, affecting resolution outside the local ARP context. MAC flooding overwhelms the switch’s MAC address table with numerous fake addresses, forcing the switch to broadcast traffic to all ports, which is different from selectively redirecting traffic via ARP manipulation. IP spoofing involves falsifying the source IP address in packets, often for DoS attacks or to bypass IP-based access controls, but does not target local ARP caches for interception.

ARP spoofing can be passive, where the attacker silently monitors network traffic, capturing sensitive data like passwords or session tokens, or active, where the attacker modifies traffic, injects malicious payloads, or launches man-in-the-middle attacks. Common targets include gateways, servers, and client machines on corporate LANs. Mitigation techniques involve implementing dynamic ARP inspection, static ARP entries for critical systems, port security, VLAN segmentation, and monitoring ARP traffic for anomalies. Encryption protocols such as HTTPS, SSH, or VPNs can also protect sensitive data from being exposed even if ARP spoofing occurs.

The correct answer is ARP spoofing because it specifically manipulates the ARP cache to redirect traffic locally, allowing the attacker to eavesdrop, tamper with communications, or impersonate other hosts. Understanding ARP spoofing mechanisms, detection methods, and mitigation strategies is essential for securing local networks, especially in environments where sensitive data or critical services operate. Administrators can combine monitoring tools, access controls, and encryption to ensure that ARP spoofing attacks do not compromise confidentiality, integrity, or availability.

Question 89

Which WAN technology uses packet-switched connections and was widely deployed before broadband internet became common?

A) Frame Relay
B) MPLS
C) DSL
D) Ethernet

Answer:  A) Frame Relay

Explanation:

Frame Relay is a wide area network (WAN) technology that uses packet-switched virtual circuits to transmit data between locations. It was widely deployed in the 1990s and early 2000s before the widespread adoption of broadband internet, providing an efficient and cost-effective way for enterprises to connect multiple sites. Frame Relay operates at the data link layer and uses virtual circuits, called permanent virtual circuits (PVCs), to establish logical paths between devices. It allows multiple sites to share bandwidth over a single physical link, improving network efficiency and reducing costs compared to dedicated leased lines. Frame Relay supports variable-length packets, error detection using cyclic redundancy checks, and multiple logical connections over a single interface, making it suitable for connecting branch offices, data centers, and corporate networks.

MPLS is a modern WAN technology that uses labels to forward packets efficiently and supports advanced traffic engineering, quality of service, and VPNs, but it emerged after Frame Relay and is not considered a legacy WAN protocol. DSL is a broadband technology that delivers high-speed internet over telephone lines and is not a packet-switched enterprise WAN solution. Ethernet is a LAN technology that can be extended to WAN environments but does not inherently provide the logical virtual circuits or WAN optimizations that Frame Relay offers.

Frame Relay was popular because it allowed enterprises to scale connectivity according to their needs, with configurable PVCs for different bandwidth requirements. It relied on service providers to manage physical infrastructure while providing predictable connectivity at a lower cost than traditional point-to-point leased lines. However, Frame Relay had limitations, such as minimal error correction, susceptibility to congestion, and a reliance on network providers for traffic management. It was eventually replaced by more advanced technologies like MPLS, broadband VPNs, and Ethernet WAN services, which provide better performance, security, and flexibility.

The correct answer is Frame Relay because it specifically uses packet-switched virtual circuits for WAN connectivity and was widely deployed before modern broadband technologies became prevalent. Understanding Frame Relay helps network professionals appreciate the evolution of WAN technologies, legacy network management, and the transition from circuit-oriented to packet-oriented WAN services. Frame Relay’s principles, such as logical separation of traffic using PVCs, error detection mechanisms, and virtual circuit management, provide foundational knowledge for understanding MPLS, VPNs, and other modern WAN solutions. Despite its obsolescence in most networks today, Frame Relay remains relevant for legacy support, historical network design understanding, and troubleshooting in hybrid environments where old infrastructure may still coexist with newer technologies. Enterprises often encounter Frame Relay in transitional networks, necessitating familiarity with configuration, bandwidth allocation, and migration strategies to more advanced WAN solutions.

Question 90

Which protocol resolves human-readable domain names to IP addresses for devices on the internet?

A) DHCP
B) DNS
C) ARP
D) ICMP

Answer: B) DNS

Explanation:

The Domain Name System (DNS) is a hierarchical and distributed naming system that translates human-readable domain names into IP addresses, enabling devices to locate resources on the Internet. When a user types a URL into a browser, the system queries DNS servers to obtain the corresponding IP address, allowing the client device to initiate communication with the server. DNS operates using a client-server model with recursive and authoritative resolution processes. Recursive resolvers receive queries from clients and either respond with cached results or query authoritative servers. Authoritative servers store the definitive mapping of domain names to IP addresses, including records for hosts, mail servers, and service endpoints.

DHCP dynamically assigns IP addresses to devices on a network, but does not resolve domain names. ARP maps IP addresses to MAC addresses for local network delivery, operating at Layer 2 rather than translating domain names. ICMP is used for network diagnostics, such as ping and traceroute, but does not provide name resolution.

DNS enhances usability by allowing users to remember meaningful names instead of numeric addresses. It supports various record types, including A (IPv4 addresses), AAAA (IPv6 addresses), MX (mail exchange), and CNAME (canonical names). DNS also supports caching to improve resolution speed, redundancy to ensure availability, and security mechanisms like DNSSEC to prevent tampering. Attacks such as DNS spoofing or cache poisoning target the reliability of DNS resolution, potentially redirecting users to malicious servers.

The correct answer is DNS because it provides the critical function of mapping domain names to IP addresses, enabling seamless navigation of the internet, communication between services, and reliable access to network resources. DNS is foundational for modern networking, supporting web browsing, email delivery, cloud services, and virtually all internet applications. Proper configuration, monitoring, and security measures are essential to maintain the integrity, availability, and reliability of DNS infrastructure. Enterprises and service providers deploy redundant DNS servers, monitoring tools, and secure resolution policies to prevent service disruptions and protect against malicious attacks. Understanding DNS operation, resolution mechanisms, and security considerations is critical for network administrators, security teams, and IT professionals to ensure robust and resilient network connectivity.