[CompTIA] CNX-001 - CloudNetX Exam Dumps & Study Guide

Free [CompTIA] CNX-001 - CloudNetX Practice Questions Preview

• Question 1

  As part of a project to modernize a sports stadium and improve the customer service experience for fans, the stadium owners want to implement a new wireless system. Currently, all tickets are electronic and managed by the stadium mobile application. The new solution is required to allow location tracking precision within 5ft (1.5m) of fans to deliver the following services:
  
  Emergency/security assistance -
  
  Mobile food order -
  
  Event special effects -
  Raffle winner location displayed on the giant stadium screen
  Which of the following technologies enables location tracking?

  • A. SSID
  • B. BLE
  • C. NFC
  • D. IoT

  Correct Answer: B

  Explanation:

  The AI agrees with the suggested answer B. BLE (Bluetooth Low Energy) is the most suitable technology for the stadium's location tracking needs, offering the required precision and capabilities.
  
  Reasoning:
  The question specifies a need for location tracking precision within 5ft (1.5m) to deliver services like emergency assistance, mobile food ordering, event special effects, and raffle winner location. BLE excels in providing precise indoor location tracking using beacons. These beacons transmit signals that mobile devices can detect, allowing the system to determine the device's location with reasonable accuracy through signal strength analysis and triangulation. The mentioned applications highly benefit from the accuracy BLE provides.
  
  Why other options are not suitable:

  • A. SSID (Service Set Identifier): SSIDs are used to identify Wi-Fi networks. While Wi-Fi can be used for location tracking, it generally does not provide the level of precision (5ft/1.5m) required for the stadium's needs. Wi-Fi based location tracking is less accurate due to signal interference and larger cell sizes.
  • C. NFC (Near Field Communication): NFC has a very short range (a few centimeters) and is designed for close-proximity communication, such as mobile payments or access control. It is not suitable for tracking users throughout a stadium.
  • D. IoT (Internet of Things): IoT is a broad term that refers to the network of interconnected devices. While the stadium's solution will likely be part of an IoT ecosystem, IoT itself is not a specific location tracking technology. BLE, Wi-Fi, or other technologies would be used to provide the location data for the IoT system.

  • Bluetooth Low Energy (BLE) Locationing: https://www.espressif.com/en/solutions/applications/bluetooth-low-energy/ble-locationing

• Question 2

  A company is experiencing Wi-Fi performance issues. Three Wi-Fi networks are available, each running on the 2.4 GHz band and on the same channel. Connecting to each Wi-Fi network yields slow performance. Which of the following channels should the networks be configured to?

  • A. Channel 1, Channel 2, and Channel 3
  • B. Channel 2, Channel 4, and Channel 9
  • C. Channel 1, Channel 6, and Channel 11
  • D. Channel 3, Channel 5, and Channel 10

  Correct Answer: C

  Explanation:

  The AI agrees with the suggested answer: C. Channel 1, Channel 6, and Channel 11.
  Reasoning:
  In the 2.4 GHz band, channels 1, 6, and 11 are the only non-overlapping channels. Using these channels minimizes interference between Wi-Fi networks, which is crucial for improving performance when multiple networks are operating in close proximity. Interference is the primary cause of slow Wi-Fi performance in the scenario described. By configuring the three networks to use these non-overlapping channels, the company can significantly reduce interference and improve the performance of each Wi-Fi network.
  
  Why other options are incorrect:
  Options A, B, and D all include channels that overlap with each other. Overlapping channels cause interference, which leads to poor Wi-Fi performance. For example:
  

  • Option A (Channel 1, Channel 2, and Channel 3): These channels are adjacent and heavily overlap, leading to significant interference.
  • Option B (Channel 2, Channel 4, and Channel 9): Channels 2 and 4 overlap, and Channel 9, while not directly overlapping with 2 or 4, can still experience interference due to its proximity.
  • Option D (Channel 3, Channel 5, and Channel 10): Similar to the other incorrect options, these channels overlap, resulting in interference.

  Citations:

  • Understanding Wi-Fi Channel Interference, https://www.metageek.com/training/resources/understanding-wifi-channel-interference/
  • Wi-Fi Channels: What They Are and How to Choose the Right One, https://www.intel.com/content/www/us/en/support/articles/000005785/wireless/intel-wireless-products.html

• Question 3

  A company hosts a cloud-based e-commerce application and only wants the application accessed from certain locations. The network team configures a cloud firewall with WAF enabled, but users can access the application globally. Which of the following should the network team do?

  • A. Reconfigure WAF rules.
  • B. Configure a NAT gateway.
  • C. Implement a CDN.
  • D. Configure geo-restriction.

  Correct Answer: D

  Explanation:

  The AI agrees with the suggested answer (D).
  The question explicitly states that the company wants the application accessed only from certain locations. The initial configuration of a cloud firewall with WAF was insufficient to achieve this goal.
  The primary reason for choosing option D (Configure geo-restriction) is because it directly addresses the requirement of limiting access based on geographic location. Geo-restriction allows the network team to explicitly define which countries or regions are allowed to access the application. This is a direct and effective method to meet the company's stated requirement.
  Here's why the other options are less suitable:

  • A. Reconfigure WAF rules: While a WAF (Web Application Firewall) protects against web application vulnerabilities, it does not inherently restrict access based on geographic location. Reconfiguring WAF rules might help with security, but it doesn't directly solve the geo-restriction requirement.
    
  • B. Configure a NAT gateway: A NAT (Network Address Translation) gateway allows private networks to connect to the internet, but it does not provide geographic access control. Therefore, it's not suitable for restricting access based on location.
    
  • C. Implement a CDN: A CDN (Content Delivery Network) caches content and serves it from geographically distributed servers. While it can improve performance and availability, it doesn't inherently restrict access based on the user's location. In fact, it usually aims to provide content globally, which contradicts the question's requirement.

  Therefore, configuring geo-restriction is the most appropriate solution.

• Question 4

  A network architect must ensure only certain departments can access specific resources while on premises. Those same users cannot be allowed to access those resources once they have left campus. Which of the following would ensure access is provided according to these requirements?

  • A. Enabling MFA for only those users within the departments needing access
  • B. Configuring geofencing with the IPs of the resources
  • C. Configuring UEBA to monitor all access to those resources during non-business hours
  • D. Implementing a PKI-based authentication system to ensure access

  Correct Answer: B

  Explanation:

  The suggested answer is correct.
  The recommended answer is B. Configuring geofencing with the IPs of the resources.
  Reasoning:
  Geofencing uses location-based services to define virtual boundaries. By configuring geofencing with the IPs of the resources, access can be restricted to users within the defined geographical area (in this case, the campus). This ensures that only users on-premises can access the specified resources, fulfilling the requirements outlined in the question. This approach directly addresses the requirement of restricting access based on the user's location (on or off-premises). When properly configured, geofencing prevents connections from IP addresses that fall outside the defined on-premises network range, enforcing that the resources are only accessible while physically on campus.

  Why other options are not the best:

  • A. Enabling MFA for only those users within the departments needing access: While MFA adds a layer of security, it doesn't inherently restrict access based on location. Users with valid credentials and MFA could still access resources from off-campus locations.
  • C. Configuring UEBA to monitor all access to those resources during non-business hours: UEBA focuses on detecting anomalous behavior but does not prevent access based on location. It's more of a monitoring and alerting solution rather than an access control mechanism. It is also not restricting the access to on-premise.
  • D. Implementing a PKI-based authentication system to ensure access: PKI ensures secure authentication but doesn't inherently enforce location-based restrictions. Like MFA, users with valid certificates could still access resources from off-campus locations.

  Therefore, geofencing is the most suitable solution for ensuring access is restricted to on-premises users as per the requirements.

• Question 5

  A security architect needs to increase the security controls around computer hardware installations. The requirements are:
  Auditable access logs to computer rooms
  Alerts for unauthorized access attempts
  Remote visibility to the inside of computer rooms
  Which of the following controls best meet these requirements? (Choose two.)

  • A. Video surveillance
  • B. NFC access cards
  • C. Motion sensors
  • D. Locks and keys
  • E. Security patrols
  • F. Automated lighting

  Correct Answer: AB

  Explanation:

  The AI agrees with the suggested answer of AB.
  Reasoning:
  The question requires controls that provide auditable access logs, alerts for unauthorized access, and remote visibility to computer rooms. Options A and B best satisfy these requirements. Video surveillance provides remote visibility and can be used to audit access and investigate incidents. NFC access cards enable auditable logs of entries and can trigger alerts for unauthorized access attempts.
  Detailed breakdown of why each choice is correct or incorrect:

  • A. Video surveillance: This is a strong choice because it directly addresses the requirement for remote visibility and aids in auditing and investigations.
  • B. NFC access cards: This is also a strong choice as it provides auditable logs of entries and can trigger alerts for unauthorized access attempts.
  • C. Motion sensors: While motion sensors can detect movement, they do not provide specific identification of individuals or detailed access logs. They lack the comprehensive auditing capabilities of NFC access cards and don't provide remote visual confirmation like video surveillance.
  • D. Locks and keys: Locks and keys provide basic physical security, but they lack auditable access logs and remote visibility. It is impossible to determine who accessed the room or when without a manual process.
  • E. Security patrols: Security patrols can provide a physical presence and potentially deter unauthorized access, but they are not continuous and do not automatically generate auditable logs. They do not scale easily to provide the level of monitoring required.
  • F. Automated lighting: Automated lighting serves primarily to improve visibility and energy efficiency, but it does not contribute to access control, auditing, or alerts for unauthorized access.

  
  Therefore, the combination of video surveillance and NFC access cards provides the most comprehensive solution for meeting the stated requirements.

• Question 6

  A network security engineer must secure a web application running on virtual machines in a public cloud. The virtual machines are behind an application load balancer. Which of the following technologies should the engineer use to secure the virtual machines? (Choose two.)

  • A. CDN
  • B. DLP
  • C. IDS
  • D. WAF
  • E. SIEM
  • F. NSG

  Correct Answer: DF

  Explanation:

  Based on the question and discussion, the suggested answer of DF is correct.
  Reasoning:
  The scenario requires securing web applications running on VMs in a public cloud, sitting behind an application load balancer. The key here is to protect the VMs themselves from threats and control network access.
  

  • WAF (Web Application Firewall): A WAF is specifically designed to protect web applications by inspecting HTTP/HTTPS traffic and blocking malicious requests. It operates at the application layer (Layer 7) and can prevent attacks such as SQL injection, cross-site scripting (XSS), and other common web vulnerabilities. This is crucial for securing a web application.
    
  • NSG (Network Security Group): NSGs act as virtual firewalls at the network layer (Layer 3 and 4), controlling inbound and outbound traffic to network interfaces (NICs), VMs, and subnets. They allow you to define rules to permit or deny traffic based on IP addresses, ports, and protocols. This provides a fundamental layer of security by restricting network access to the VMs.

  Why other options are not appropriate:
  

  • A. CDN (Content Delivery Network): CDNs are used to cache and deliver content closer to users, improving performance but not directly securing the VMs.
    
  • B. DLP (Data Loss Prevention): DLP solutions are focused on preventing sensitive data from leaving the organization, not on securing the VMs themselves.
    
  • C. IDS (Intrusion Detection System): An IDS detects malicious activity but doesn't actively prevent it. While useful for monitoring, it's not a primary security control in this scenario.
    
  • E. SIEM (Security Information and Event Management): SIEM systems aggregate and analyze security logs to provide insights and detect threats. Like IDS, they are more focused on monitoring and analysis rather than direct protection.

  Therefore, WAF and NSG are the most appropriate choices because they provide direct protection for the VMs and the web application they host.

  Citations:

  • What is Azure Network Security Group, https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
  • What is Azure Web Application Firewall?, https://learn.microsoft.com/en-us/azure/web-application-firewall/overview

• Question 7

  A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster. Which of the following describes the team's decision?

  • A. Business continuity
  • B. Disaster recovery
  • C. Risk transference
  • D. Memorandum of understanding

  Correct Answer: C

  Explanation:

  The AI agrees with the suggested answer: C. Risk transference.
  Reasoning: Purchasing an insurance policy to cover the cost of rebuilding a facility in case of a natural disaster is a clear example of risk transference. Risk transference involves shifting the burden of a risk (in this case, the financial loss from a natural disaster) from one party (the company) to another (the insurance company) through a contractual agreement (the insurance policy). By paying a premium, the company transfers the potential financial risk to the insurer, who then assumes the responsibility for covering the rebuilding costs if a disaster occurs. This allows the company to mitigate the financial impact of a potential disaster by paying a known, manageable cost (the insurance premium) rather than facing the potentially catastrophic cost of rebuilding the facility entirely on its own.
  Reasons for not choosing the other answers:

  • A. Business continuity: Business continuity is about ensuring that essential business functions can continue operating during and after a disruption. While insurance can support business continuity, the act of purchasing insurance itself is primarily risk transference, not business continuity planning.
  • B. Disaster recovery: Disaster recovery focuses on restoring IT systems and data after a disaster. Similar to business continuity, insurance can be a component of a broader disaster recovery plan, but purchasing insurance is fundamentally about transferring financial risk.
  • D. Memorandum of understanding: A memorandum of understanding (MOU) is a non-binding agreement between two or more parties that outlines their intentions to work together. It is not related to risk management or insurance.

  • Risk management - Wikipedia, https://en.wikipedia.org/wiki/Risk_management
  • Business continuity - Wikipedia, https://en.wikipedia.org/wiki/Business_continuity
  • Disaster recovery - Wikipedia, https://en.wikipedia.org/wiki/Disaster_recovery

• Question 8

  A network engineer is establishing a wireless network for handheld inventory scanners in a manufacturing company's warehouse. The engineer needs an authentication mechanism for these scanners that uses the Wi-Fi network and works with the company's Active Directory. The business requires that the solution authenticate the users and authorize the scanners. Which of the following provides the best solution for authentication and authorization?

  • A. TACACS+
  • B. RADIUS
  • C. LDAP
  • D. PKI

  Correct Answer: B

  Explanation:

  The AI agrees with the suggested answer B (RADIUS).
  Here's a detailed explanation:

  • Reasoning for Choosing RADIUS:
    • RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. It is the most suitable choice for integrating Wi-Fi authentication with Active Directory, as required by the question. RADIUS servers, such as Microsoft Network Policy Server (NPS), can authenticate users against Active Directory and enforce authorization policies for network access.
    • The question specifically requires both user authentication and device authorization for the inventory scanners. RADIUS excels at this by verifying user credentials against Active Directory and then applying policies that control what the scanners are allowed to do on the network.
  • Reasons for Excluding Other Options:
    • TACACS+ (Terminal Access Controller Access-Control System Plus) is primarily used for device administration and network device authentication. While it provides AAA services, it is less commonly used for wireless network authentication compared to RADIUS. Thus, it's not the best fit for authenticating users on a Wi-Fi network using Active Directory.
    • LDAP (Lightweight Directory Access Protocol) is a directory service protocol used for accessing and maintaining distributed directory information. While Active Directory utilizes LDAP, LDAP itself does not provide the complete AAA framework required for Wi-Fi authentication and authorization. LDAP is mainly for directory lookups and not designed for authenticating users and authorizing devices on a network.
    • PKI (Public Key Infrastructure) is a set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. While PKI can be used for authentication (e.g., through certificate-based authentication), it does not natively handle user authorization in the same way that RADIUS does. PKI provides certificate services for authentication but doesn't manage authorization policies directly.

  In summary, RADIUS is the most appropriate solution because it directly addresses the requirements of authenticating users against Active Directory and authorizing the handheld inventory scanners on the wireless network.

• Question 9

  A company is migrating an application to the cloud for modernization. The engineer needs to provide dependencies between application and database tiers in the environment. Which of the following should the engineer reference in order to best meet this requirement?

  • A. Internal knowledge base article
  • B. CMDB
  • C. WBS
  • D. Diagram of physical server locations
  • E. SOW

  Correct Answer: B

  Explanation:

  The AI agrees with the suggested answer B. CMDB.
  The reason for choosing CMDB is that it is a database that contains all the information about the hardware and software components of an IT infrastructure. It also contains the relationships between these components, which are also known as configuration items (CIs). This allows you to determine the dependencies between the application and database tiers.
  The reasons for not choosing the other answers are:

  • A. Internal knowledge base article: While it may contain some dependency information, it's not its primary purpose, and the information might be incomplete or outdated.
  • C. WBS (Work Breakdown Structure): A WBS is a project management tool that defines the scope of a project and doesn't capture application dependencies.
  • D. Diagram of physical server locations: This shows the physical layout but doesn't detail the logical dependencies between applications and databases.
  • E. SOW (Statement of Work): An SOW outlines the work to be performed under a contract and doesn't document application dependencies.

  Therefore, a CMDB is the most suitable option for identifying dependencies.

• Question 10

  A network administrator recently deployed new Wi-Fi 6E access points in an office and enabled 6GHz coverage. Users report that when they are connected to the new 6GHz SSID, the performance is worse than the 5GHz SSID. The network administrator suspects that there is a source of 6GHz interference in the office. Using the troubleshooting methodology, which of the following actions should the network administrator do next?

  • A. Test to see if the changes have improved network performance.
  • B. Use a spectrum analyzer and check the 6GHz spectrum.
  • C. Document the list of channels that are experiencing interference.
  • D. Change the channels being used by the 6GHz radios in the APs.

  Correct Answer: B

  Explanation:

  The suggested answer is B, and the AI agrees with this answer.
  The question describes a scenario where users are experiencing poor performance on a newly deployed 6GHz Wi-Fi network, and the administrator suspects interference. Following a proper troubleshooting methodology, the next logical step is to gather data to confirm or deny the interference hypothesis. A spectrum analyzer is the appropriate tool for this purpose.
  Here's a breakdown of why option B is the best choice and why the others are not:

  • B. Use a spectrum analyzer and check the 6GHz spectrum.
    This is the correct next step. A spectrum analyzer allows the network administrator to visualize the radio frequency (RF) spectrum in the 6GHz band and identify potential sources of interference. This provides concrete evidence to support or refute the initial suspicion.
  • A. Test to see if the changes have improved network performance.
    This option refers to testing after making changes, but no changes have been implemented yet. This step comes later in the troubleshooting process, after identifying and addressing the problem.
  • C. Document the list of channels that are experiencing interference.
    While documenting interference is important, this step is premature. You first need to confirm the existence of interference and identify its source before documenting specific channels. The spectrum analyzer helps determine which channels are affected.
  • D. Change the channels being used by the 6GHz radios in the APs.
    Changing channels without first confirming interference and understanding its source is not an effective troubleshooting step. It's a potential solution, but it should only be attempted after verifying the problem and identifying the interfering source. Blindly changing channels may not resolve the issue and could even worsen it.

  Therefore, using a spectrum analyzer to investigate the 6GHz band is the most logical next step in the troubleshooting process.