CompTIA CloudNetX v1.0

Page:    1 / 6   
Exam contains 84 questions
Expand All

A network architect must design a new branch network that meets the following requirements:

No single point of failure -
Clients cannot be impacted by changes to the underlying medium
Clients must be able to communicate directly to preserve bandwidth
Which of the following network topologies should the architect use?

  • A. Hub-and-spoke
  • B. Mesh
  • C. Spine-and-leaf
  • D. Star


Answer : B

An administrator logged in to a cloud account on a shared machine but forgot to log out after the session ended. Which of the following types of security threats does this action pose?

  • A. IP spoofing
  • B. Zero-day
  • C. On-path attack
  • D. Privilege escalation


Answer : C

A network engineer is designing a Layer 2 deployment for a company that occupies several floors in an office building. The engineer decides to make each floor its own VLAN but still allow for communication between all user VLANs. The engineer also wants to reduce the time necessary for STP convergence to occur when new switches come online. Which of the following should the engineer enable to accomplish this goal?

  • A. BPDU Guard
  • B. Priority
  • C. Tagging
  • D. Portfast


Answer : D

After a malicious actor used an open port in a company's lobby, a network architect needs to enhance network security. The solution must enable:

Security posture check -

Auto remediation capabilities -

Network isolation -

Device and user authentication -
Which of the following technologies best meets these requirements?

  • A. IPS
  • B. Microsegmentation
  • C. 802.1X
  • D. NAC


Answer : D

A company deployed new applications in the cloud and configured a site-to-site VPN to connect the internal data center with the cloud. The IT team wants the internal servers to connect to those applications without using public IP addresses. Which of the following is the best solution?

  • A. Create a DNS server in the cloud. Configure the DNS server in the customer data center to forward DNS requests for cloud resources to the cloud DNS server.
  • B. Configure a NAT server on the cloud to allow internal servers to connect to the applications through the NAT server.
  • C. Register applications on the cloud with a public DNS sever and configure internal servers to connect to them using their public DNS names.
  • D. Configure proxy service in the site-to-site VPN to allow internal servers to access applications through the proxy.


Answer : A

An outage occurred after a software upgrade on core switching. A network administrator thinks that the firmware installed had a bug. Which of the following should the network administrator do next?

  • A. Establish a plan of action to resolve the issue.
  • B. Test the theory to determine cause.
  • C. Document lessons learned.
  • D. Implement the solution.


Answer : B

A network engineer identified several failed log-in attempts to the VPN from a user's account. When the engineer inquired, the user mentioned the IT help desk called and asked them to change their password. Which of the following types of attacks occurred?

  • A. Initialization vector
  • B. On-path
  • C. Evil twin
  • D. Social engineering


Answer : D

A company is replacing reserved public IP addresses with dynamic IP addresses. The network architect creates a list of assets with some dependencies to these reserved IPs:

Which of the following issues may begin to affect cloud assets after the replacement is made?

  • A. IP asymmetric routing
  • B. IP spoofing
  • C. IP exhaustion
  • D. IP reuse


Answer : D

A network architect needs to design a solution to ensure every cloud environment network is built to the same baseline. The solution must meet the following requirements:
Use automated deployment.
Easily update multiple environments.
Share code with a community of practice.
Which of the following are the best solutions? (Choose two.)

  • A. CI/CD pipelines
  • B. Public code repository
  • C. Deployment runbooks
  • D. Private code repository
  • E. Automated image deployment
  • F. Deployment guides


Answer : AB

A network engineer adds a large group of servers to a screened subnet and configures them to use IPv6 only. The servers need to seamlessly communicate with IPv4 servers on the internal networks. Which of the following actions is the best way to achieve this goal?

  • A. Add IPv6 to the network cards on the internal servers so they can communicate with the screened subnet.
  • B. Set up a bridge between the screened subnet and internal networks to handle the conversion.
  • C. Change the servers in the screened subnet from IPv6 addresses to IPv4 addresses.
  • D. Implement NAT64 on the router between the screened subnet and the internal network.


Answer : D

A customer asks a MSP to propose a ZTA design for its globally distributed remote workforce. Given the following requirements:
Authentication should be provided through the customer's SAML identity provider.
Access should not be allowed from countries where the business does not operate.
Secondary authentication should be added to the workflow to allow for passkeys.
Changes to the user's device posture and hygiene should require reauthentication into the network.
Access to the network should only be allowed to originate from corporate-owned devices.
Which of the following solutions should the MSP recommend to meet the requirements?

  • A. Enforce certificate-based authentication.
    Permit unauthenticated remote connectivity only from corporate IP addresses.
    Enable geofencing.
    Use cookie-based session tokens that do not expire for remembering user log-ins.
    Increase RADIUS server timeouts.
  • B. Enforce posture assessment only during the initial network log-on.
    Implement RADIUS for SSO.
    Restrict access from all non-U.S. IP addresses.
    Configure a BYOD access policy.
    Disable auditing for remote access.
  • C. Chain the existing identity provider to a new SAML.
    Require the use of time-based one-time passcode hardware tokens.
    Enable debug logging on the VPN clients by default.
    Disconnect users from the network only if their IP address changes.
  • D. Configure geolocation settings to block certain IP addresses.
    Enforce MFA.
    Federate the solution via SSO.
    Enable continuous access policies on the WireGuard tunnel.
    Create a trusted endpoints policy.


Answer : D

Application development team users are having issues accessing the database server within the cloud environment. All other users are able to use SSH to access this server without issues. The network architect reviews the following information to troubleshoot the issue:
IPAM information:

Traceroute output from an application developer's machine with the assigned IP 192.168.2.7:

Which of the following is the most likely cause of the issue?

  • A. The core firewall is blocking the traffic.
  • B. Network security groups do not have the correct outbound rule configured.
  • C. The server segment firewall is dropping the traffic.
  • D. The server segment gateway is having bandwidth issues.


Answer : C

A partner is migrating a client from on premises to a hybrid cloud. Given the following project status information, the initial project timeline estimates need to be revised:

Which of the following documents needs to be revised to best reflect the current status of the project?

  • A. BIA
  • B. SLA
  • C. SOW
  • D. WBS


Answer : D

A company's IT department is expected to grow from 100 to 200 employees, and the sales department is expected to grow from 1,000 to a maximum of 2,000 employees. Each employee owns a single laptop with a single IP allocated. The network architect wants to deploy network segmentation using the IP range 10.0.0.0/8. Which of the following is the best solution?

  • A. Allocate 10.1.0.0/30 to the IT department. Allocate 10.2.0.0/16 to the sales department.
  • B. Allocate 10.1.0.0/16 to the IT department. Allocate 10.2.1.0/24 to the sales department.
  • C. Allocate 10.1.0.0/22 to the IT department. Allocate 10.2.0.0/15 to the sales department.
  • D. Allocate 10.1.0.0/16 to the IT department. Allocate 10.2.1.0/25 to the sales department.


Answer : C

A network security administrator needs to set up a solution to:
Gather all data from log files in a single location.
Correlate the data to generate alerts.
Which of the following should the administrator implement?

  • A. Syslog
  • B. Event log monitoring
  • C. Log management
  • D. SIEM


Answer : D

Page:    1 / 6   
Exam contains 84 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams