The symptoms described-intermittent connectivity and thousands of connection attempts from unrecognized devices-strongly suggest a denial of service (DoS) attack. This type of attack typically involves overwhelming a network service with excessive requests, in this case to the wireless access point (WAP), which prevents legitimate network traffic from being processed effectively. Options like wrong SSID, interference, and poor coverage do not explain the high volume of connection attempts and are less likely to cause such a specific connectivity disruption pattern.

The concept of Zero Trust is based on the principle of never trust, always verify. It means that every request for accessing network resources, regardless of where it originates from, must be authenticated and authorized before granting access12.
Zero Trust is different from SSO (single sign-on), which allows users to log in once and access multiple applications without re-authenticating3. SSO simplifies the user experience, but does not provide the same level of security as Zero Trust.
Zero Trust is also different from VPN (virtual private network), which creates a secure tunnel between a remote device and a network, encrypting the traffic and hiding the device's IP address4. VPN provides privacy and protection from external threats, but does not verify the identity and permissions of the device or user accessing the network.
Zero Trust is also different from role-based access control (RBAC), which assigns permissions to users or groups based on their roles and responsibilities5. RBAC helps to enforce the principle of least privilege, but does not verify the context and conditions of each access request.
Therefore, the best answer is B. Zero Trust, which requires authentication and authorization for each application access, regardless of the source or location of the request.
Reference:
1: What is Zero Trust? A model for more effective security | CSO Online
2: CompTIA Network+ N10-008 Certification Study Guide, page 472
3: [What is Single Sign-On (SSO)? - Definition from WhatIs.com]
4: [What is a VPN? | Virtual Private Networks Explained | Norton]
5: [What is Role-Based Access Control (RBAC)? - Definition from Techopedia]

Given that the longer cables within the infrastructure are working correctly but the newly installed patch cables are causing connectivity issues, the most likely cause is an incorrect pinout on the patch cables. If these cables were not properly crimped according to the T568A or T568B wiring standards, they could easily cause a failure in connectivity due to incorrect alignment of the transmitting and receiving pins. This is a common issue with DIY or newly crimped cables where mistakes in the wire arrangement can render the cables non-functional. The other listed issues, such as mixed cable types, plenum rating, or cable distance exceedance, would not typically result in a total loss of connectivity as described.

WPA2 and EAP are two authentication protocols that can be used to secure a basic wireless network. WPA2 stands for Wi-Fi Protected Access 2 and it is a security standard that provides strong encryption and authentication for wireless networks. WPA2 supports two modes: personal and enterprise. In personal mode, WPA2 uses a pre-shared key (PSK) that is shared among all wireless devices. In enterprise mode, WPA2 uses an authentication server, such as a RADIUS server, to verify the identity of each wireless device. EAP stands for Extensible Authentication Protocol and it is a framework that allows different methods of authentication to be used over wireless networks. EAP works with WPA2 enterprise mode to provide more flexibility and security for wireless authentication. EAP supports various methods, such as EAP-TLS, EAP-FAST, PEAP, and LEAP, that use certificates, passwords, or tokens to authenticate wireless devices.

Cameras can be used to identify users after an action has occurred by recording their faces, clothing, or other distinctive features. Cameras are often used as a deterrent and a forensic tool for security purposes. Access control vestibules, asset tags, and motion detectors are not effective in identifying users, but rather in controlling access, tracking assets, and detecting movement.
Collisions occur when two or more devices try to transmit signals on the same physical medium at the same time. This causes interference and data loss. Collisions can only happen at the physical layer of the OSI model, which is responsible for transmitting and receiving raw bits over a physical medium such as a cable or a wireless channel. The physical layer does not have any mechanism to prevent or resolve collisions. Therefore, higher layers of the OSI model, such as the data link layer, need to implement protocols to detect and recover from collisions, such as CSMA/CD for Ethernet networks.
Reference
Collision in computer networking
Data Link Layer | Layer 2 | The OSI-Model
A network engineer has added a new route on a border router and is trying to determine if traffic is using the new route. Which of the following commands should the engineer use?
ping
arp
tracert
route
The tracert command is a network diagnostic tool that traces the route of packets from the source host to the destination host. It displays the IP addresses and hostnames of the routers along the path, as well as the time taken for each hop. The tracert command can be used to determine if traffic is using the new route by comparing the output before and after adding the route. If the new route is effective, the tracert command should show a different or shorter path to the destination host.
Reference
Networking Commands For Troubleshooting Windows - GeeksforGeeks
Nine Switch Commands Every Cisco Network Engineer Needs to Know
A technician is configuring a wireless access point in a public space for guests to use. Which of the following should the technician configure so that only approved connections are allowed?
Geofencing
Captive portal
Secure SNMP
Private VLANs
A captive portal is a web page that requires users to authenticate or accept terms of service before they can access the internet through a wireless access point. A captive portal can be used to control who can use the wireless network, limit the bandwidth or time of usage, or display advertisements or information. A captive portal is a common feature of public wireless networks, such as those in hotels, airports, cafes, or libraries. A captive portal can prevent unauthorized or malicious users from accessing the network or consuming network resources.
Reference
Public Wireless Access Points Definition | Law Insider
Are Public Wi-Fi Networks Safe? What You Need To Know
A user cannot connect to the network, although others in the office are unaffected. The network technician sees that the link lights on the NIC are not on. The technician needs to check which switchport the user is connected to, but the cabling is not labeled. Which of the following is the best way for the technician to find where the computer is connected?
Look up the computer's IP address in the switch ARP table.
Use a cable tester to trace the cable.
Look up the computer's MAC address in the switch CAM table.
Use a tone generator to trace the cable.
A tone generator is a device that emits an audible signal on a wire. A tone probe is a device that detects the signal on the wire. By attaching the tone generator to one end of the cable and using the tone probe to scan the other end, the technician can identify which switchport the cable is connected to. This method does not require any knowledge of the computer's IP or MAC address, or access to the switch configuration. It is also faster and more reliable than physically tracing the cable or disconnecting the cable and looking for the link light to go out on the switch.
Reference
How to find what port im connected to on a switch from my PC?
Switch Port Monitoring Guide - Comparitech
Finding Out Which Network Switch Port My Computer is Connected
A network administrator is creating a VLAN that will only allow executives to connect to a data source. Which of the following is this scenario an example of?
Availability
Confidentiality
Internal threat
External threat
Integrity
Confidentiality is the principle of preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information1. By creating a VLAN that will only allow executives to connect to a data source, the network administrator is implementing a form of network segmentation that enhances the confidentiality of the data. This prevents unauthorized users or processes from accessing or modifying the data, which could compromise its integrity or availability. Confidentiality is one of the components of the CIA triad, a widely used information security model that guides the efforts and policies aimed at keeping data secure234.
Reference
Defending Your Network: A Comprehensive Guide to VLAN Hopping Attacks
The CIA triad: Definition, components and examples | CSO Online
Executive Summary - NIST SP 1800-25 documentation
The CIA Triad - Confidentiality, Integrity, and Availability Explained
Confidentiality, Integrity and Availability - DevQA.io
A network administrator walks into a data center and notices an unknown person is following closely. The administrator stops and directs the person to the security desk. Which of the following attacks did the network administrator prevent?
Evil twin
Tailgating
Piggybacking
Shoulder surfing
Tailgating is a type of physical security attack in which an unauthorized person follows an authorized person into a restricted area, such as a data center, without proper identification or authentication. Tailgating can allow attackers to access sensitive data, equipment, or network resources, or to plant malicious devices or software. The network administrator prevented tailgating by stopping and directing the unknown person to the security desk, where they would have to verify their identity and purpose.
Reference
Digital Threats and Cyberattacks at the Network Level
Network attacks and how to prevent them
Which of the following is most closely associated with attempting to actively prevent network intrusion?
IDS
Firewall
IPS
VPN
An intrusion prevention system (IPS) is a network security tool that continuously monitors network traffic for malicious activity and takes action to prevent it, such as reporting, blocking, or dropping it. An IPS is different from an intrusion detection system (IDS), which only detects and alerts about threats, but does not stop them. A firewall is a device or software that filters network traffic based on predefined rules, but it does not analyze the traffic for anomalies or signatures of known attacks. A VPN is a virtual private network that creates a secure tunnel between two endpoints, but it does not prevent intrusions from within the network or from compromised endpoints.
Reference
What is an Intrusion Prevention System (IPS)? | Fortinet
What is an Intrusion Prevention System? - Palo Alto Networks
An administrator needs to ensure an access switch is sending the appropriate logs to the network monitoring server. Which of the following logging levels is most appropriate for the access layer switch?
Level 0
Level 2
Level 5
Level 7
Logging levels are used to categorize the severity and importance of log messages generated by network devices. The lower the level, the higher the priority. Level 0 is the most critical, while level 7 is the most verbose and least important. Level 5 is the default logging level for most Cisco devices, and it corresponds to notifications. Notifications are messages that indicate normal but significant events, such as interface status changes, configuration changes, or system restarts. These messages are useful for monitoring the health and performance of the network, and they do not generate excessive traffic or consume too much memory or CPU resources. Therefore, level 5 is the most appropriate logging level for an access layer switch, which connects end devices to the network and does not need to log debug or informational messages.
Reference
How to configure logging in Cisco IOS
Cisco Guide to Harden Cisco IOS Devices
Cisco Privilege Levels - Explanation and Configuration
A network consultant is installing a new wireless network with the following specifications:
5GHz
1,300Mbps
20/40/80MHz
Which of the following standards should the network consultant use?
802.11a
802.11ac
802.11b
802.11n
Clients have reported slowness between a branch and a hub location. The senior engineer suspects asymmetrical routing is causing the issue. Which of the following should the engineer run on both the source and the destination network devices to validate this theory?
traceroute
ping
route
nslookup
Asymmetric routing occurs when traffic does not traverse the same path in both directions of a conversation. This can cause problems when there are stateful devices, such as firewalls or NAT devices, in the path that expect the traffic to be symmetrical. Asymmetric routing can also result in suboptimal TCP performance, as TCP assumes that the SYN and ACK packets take the same path1.
To validate the theory of asymmetric routing, the engineer should run the traceroute command on both the source and the destination network devices. The traceroute command shows the route that packets take to reach a destination, by displaying the IP addresses and hostnames of the routers along the path, as well as the time taken for each hop. By comparing the output of the traceroute command from both ends, the engineer can determine if the traffic is taking different paths in each direction, and identify where the asymmetry occurs2.
The ping command is not sufficient to validate the theory of asymmetric routing, as it only tests the connectivity and latency between two devices, but does not show the intermediate hops or the path taken by the packets. The route command shows the routing table of a device, but does not show the actual path taken by the packets. The nslookup command resolves a hostname to an IP address, or vice versa, but does not show the route or the connectivity between two devices.
Reference
How to Find & Fix Asymmetric Routing Issues | Auvik
Identifying and Troubleshooting Asymmetric Routing in WAAS - Cisco Community After a firewall replacement, some alarms and metrics related to network availability stopped updating on a monitoring system relying on SNMP. Which of the following should the network administrator do first?
Modify the device's MIB on the monitoring system.
Configure syslog to send events to the monitoring system.
Use port mirroring to redirect traffic to the monitoring system.
Deploy SMB to transfer data to the monitoring system.
SNMP (Simple Network Management Protocol) is a protocol that allows network devices to communicate with a monitoring system and provide information about their status, performance, and configuration. SNMP relies on MIBs (Management Information Bases), which are collections of objects that define the types of information that can be accessed or modified on a device1.
When a firewall replacement occurs, the new firewall may have a different MIB than the old one, which means that the monitoring system may not be able to recognize or interpret the data sent by the new firewall. This can cause some alarms and metrics related to network availability to stop updating on the monitoring system. To fix this, the network administrator should modify the device's MIB on the monitoring system, so that it matches the MIB of the new firewall and can correctly process the SNMP data2.
The other options are not relevant to the issue. Configuring syslog to send events to the monitoring system would not affect the SNMP data, as syslog is a different protocol that sends log messages from network devices to a central server. Using port mirroring to redirect traffic to the monitoring system would not help, as port mirroring is a technique that copies traffic from one port to another for analysis or troubleshooting purposes, but does not change the format or content of the traffic. Deploying SMB to transfer data to the monitoring system would not work, as SMB is a protocol that allows file sharing and access between network devices, but does not support SNMP data.
Reference
Grafana & Prometheus SNMP: advanced network monitoring guide
Configuring Windows Systems for Monitoring with SNMP - ScienceLogic
Which of the following use cases would justify the deployment of an mGRE hub-and-spoke topology?
An increase in network security using encryption and packet encapsulation A network expansion caused by an increase in the number of branch locations to the headquarters A mandatory requirement to increase the deployment of an SDWAN network An improvement in network efficiency by increasing the useful packet payload mGRE (Multipoint GRE) is a type of GRE (Generic Routing Encapsulation) tunnel that allows a single interface to support multiple tunnel endpoints, instead of having to configure a separate point-to-point tunnel for each destination. mGRE simplifies the configuration and management of large-scale VPN networks, such as DMVPN (Dynamic Multipoint VPN), which is a Cisco technology that uses mGRE, NHRP (Next Hop Resolution Protocol), and IPsec to create secure and dynamic VPN connections between a hub and multiple spokes1.
A network expansion caused by an increase in the number of branch locations to the headquarters would justify the deployment of an mGRE hub-and-spoke topology, because it would reduce the complexity and overhead of configuring and maintaining multiple point-to-point tunnels between the hub and each spoke. mGRE would also enable spoke-to-spoke communication without having to go through the hub, which would improve the network performance and efficiency23.
The other options are not directly related to the use case of mGRE hub-and-spoke topology. An increase in network security using encryption and packet encapsulation can be achieved by using IPsec, which is a separate protocol that can be applied to any type of GRE tunnel, not just mGRE. A mandatory requirement to increase the deployment of an SDWAN network can be met by using various technologies and vendors, not necessarily mGRE or DMVPN. An improvement in network efficiency by increasing the useful packet payload can be achieved by using various techniques, such as compression, fragmentation, or QoS, not specifically mGRE.
Reference
Understanding Cisco Dynamic Multipoint VPN - DMVPN, mGRE, NHRP
MGRE Easy Steps - Cisco Community
What is DMVPN (Dynamic Multipoint VPN), NHRP, mGRE and How to configu - Cisco Community Users report they cannot reach any websites on the internet. An on-site network engineer is able to duplicate the issue on a different PC. The network engineer then tries to ping a website and receives the following message:
Ping request could not find host www.google.com. Please check the name and try again.
Which of the following is the next step the engineer should take?
Ping 127. 0. 0. 1 to test local hardware.
Test the website from outside the company.
Ping internal name server functionality.
Check internet firewall logs for blocked DNS traffic.
The error message "Ping request could not find host www.google.com" indicates that the network engineer's PC cannot resolve the hostname www.google.com to its corresponding IP address. This means that there is a problem with the DNS (Domain Name System) service, which is responsible for translating hostnames to IP addresses and vice versa. The DNS service can be provided by internal or external name servers, depending on the network configuration.
The next step the engineer should take is to ping the internal name server functionality, which means to test if the PC can communicate with the name server that is configured in its network settings, and if the name server can resolve internal hostnames, such as those of the company's servers or devices. To do this, the engineer can use the following commands:
To find out the IP address of the name server, use ipconfig /all and look for the DNS Servers entry.
To ping the name server, use ping <name server IP address> and check if the packets are sent and received successfully.
To test the name resolution, use nslookup <internal hostname> and check if the name server returns the correct IP address.
If the ping or the nslookup commands fail, it means that the internal name server is not working properly, and the engineer should troubleshoot the name server configuration or connectivity. If the ping and the nslookup commands succeed, it means that the internal name server is working properly, but there is a problem with the external name resolution, and the engineer should check the internet firewall logs for blocked DNS traffic, or test the website from outside the company.
Reference
Windows 10 can't resolve hostnames - ping with IP works but not with hostname Ping request could not find host xyz.local. Please check the name and try again DNS problem, nslookup works, ping doesn't Users are connected to a switch on an Ethernet interface of a campus router. The service provider is connected to the serial 1 interface on the router. The output of the interfaces is:
E1/0: 192.168.8.1/24
S1: 192.168.7.252/30
After router and device configurations are applied, internet access is not possible. Which of the following is the most likely cause?
The Ethernet interface was configured with an incorrect IP address.
The router was configured with an incorrect loopback address.
The router was configured with an incorrect default gateway.
The serial interface was configured with the incorrect subnet mask.
The default gateway is the IP address of the router that connects a network to the internet or another network. The default gateway is usually configured on the devices that need to access the internet or other networks, such as PCs, servers, or routers. If the router was configured with an incorrect default gateway, it would not be able to forward packets to the correct destination, and internet access would not be possible.
The other options are not the most likely causes of the issue. The Ethernet interface is the physical port that connects a device to a network using a cable. If the Ethernet interface was configured with an incorrect IP address, it would cause a problem with the local network connectivity, not the internet access. The loopback address is a special IP address that refers to the device itself, usually used for testing or troubleshooting purposes. If the router was configured with an incorrect loopback address, it would not affect the internet access, as the loopback address is not used for routing packets to other networks. The serial interface is another type of physical port that connects a device to a network using a serial cable, often used for WAN connections. If the serial interface was configured with the incorrect subnet mask, it would cause a problem with the WAN connectivity, not the internet access, as the subnet mask is used to determine the network and host portions of an IP address.
Reference
What is a Default Gateway? | HowStuffWorks
What is an Ethernet Interface? - Definition from Techopedia
What is a Loopback Address? - Definition from Techopedia
What is a Serial Interface? - Definition from Techopedia
A user wants to avoid using a password to access a third-party website. Which of the following does the user need in order to allow this type of access to the third-party website?
Multifactor
RADIUS
SSO
Local authentication
A junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. Which of the following issues is the engineer attempting to prevent?
DDoS
ARP spoofing
VLAN hopping
Rogue DHCP
VLAN hopping is a type of network attack where an attacker can send or receive traffic from a VLAN that they are not supposed to access. VLAN hopping can allow an attacker to bypass security policies, access sensitive data, or launch other attacks on the network. VLAN hopping can be performed using two methods: double tagging and switch spoofing1.
Double tagging is where the attacker sends a frame with two VLAN tags, one for the native VLAN and one for the target VLAN. The native VLAN is the VLAN that is used for untagged traffic on a trunk port. If the attacker's access port is in the same VLAN as the native VLAN, the switch will accept the frame and forward it on the trunk port. The switch will remove the first tag, which is the native VLAN, and send the frame with the second tag, which is the target VLAN. The frame will then reach the target VLAN and be processed by the devices in that VLAN.
Switch spoofing is where the attacker sends Dynamic Trunking Protocol (DTP) packets and tries to negotiate a trunk with the switch. DTP is a Cisco protocol that allows switches to automatically form trunks between them. If the switch's port is configured with the default dynamic auto or dynamic desirable mode, it will accept the DTP packets and form a trunk with the attacker. The attacker will then have access to all VLANs on the trunk.
To prevent VLAN hopping, the junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. This means that the engineer is changing the VLAN that is used for untagged traffic on the trunk ports to a different VLAN than the default VLAN 1. This will prevent double tagging attacks, as the attacker's access port will not be in the same VLAN as the native VLAN, and the switch will not accept the frames with two tags. The engineer should also disable DTP on the trunk ports and use the switchport nonegotiate command to prevent switch spoofing attacks2.
Reference
VLAN Hopping - NetworkLessons.com
VLAN Hopping on Native VLAN - Cisco Community
Reference:
CompTIA Network+ N10-008 Certification Exam Objectives, Domain 5.0: Network Security, Subobjective 5.1: Summarize the importance of physical security controls, page 231 CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008), Chapter 18: Network Security, Section: Physical Security, page 7372 A technician reviews a network performance report and finds a high level of collisions happening on the network. At which of the following layers of the OSI model would these collisions be found?
Layer 1
Layer 3
Layer 4
Layer 7