comptia cnx-001 practice test

A network engineer is establishing a wireless network for handheld inventory scanners in a
manufacturing company's warehouse. The engineer needs an authentication mechanism for these
scanners that uses the Wi-Fi network and works with the company's Active Directory. The business
requires that the solution authenticate the users and authorize the scanners. Which of the following
provides the best solution for authentication and authorization?

• A. TACACS+
• B. RADIUS
• C. LDAP
• D. PKI

A company is migrating an application to the cloud for modernization. The engineer needs to provide
dependencies between application and database tiers in the environment. Which of the following
should the engineer reference in order to best meet this requirement?

• A. Internal knowledge base article
• B. CMDB
• C. WBS
• D. Diagram of physical server locations
• E. SOW

A network administrator recently deployed new Wi-Fi 6E access points in an office and enabled 6GHz
coverage. Users report that when they are connected to the new 6GHz SSID, the performance is
worse than the 5GHz SSID. The network administrator suspects that there is a source of 6GHz
interference in the office. Using the troubleshooting methodology, which of the following actions
should the network administrator do next?

• A. Test to see if the changes have improved network performance.
• B. Use a spectrum analyzer and check the 6GHz spectrum.
• C. Document the list of channels that are experiencing interference.
• D. Change the channels being used by the 6GHz radios in the APs.

A SaaS company is launching a new product based in a cloud environment. The new product will be
provided as an API and should not be exposed to the internet. Which of the following should the
company create to best meet this requirement?

• A. A transit gateway that connects the API to the customer's VPC
• B. Firewall rules allowing access to the API endpoint from the customer's VPC
• C. A VPC peering connection from the API VPC to the customer's VPC
• D. A private service endpoint exposing the API endpoint to the customer's VPC

A network administrator is configuring firewall rules to lock down the network from outside attacks.
Which of the following should the administrator configure to create the most strict set of rules?

• A. URL filtering
• B. File blocking
• C. Network security group
• D. Allow List

A network engineer is installing new switches in the data center to replace existing infrastructure.
The previous network hardware had administrative interfaces that were plugged into the existing
network along with all other server hardware on the same subnet. Which of the following should the
engineer do to better secure these administrative interfaces?

• A. Connect the switch management ports to a separate physical network.
• B. Disable unused physical ports on the switches to keep unauthorized users out.
• C. Set the administrative interfaces and the network switch ports on the same VLAN.
• D. Upgrade all of the switch firmware to the latest hardware levels.

A network administrator receives a ticket from one of the company's offices about video calls that
work normally for one minute and then get very choppy. The network administrator pings the video
server from that site to ensure that it is reachable:

Which of the following is most likely the cause of the video call issue?

• A. Throughput
• B. Jitter
• C. Latency
• D. Loss

A network architect is designing a solution to place network core equipment in a rack inside a data
center. This equipment is crucial to the enterprise and must be as secure as possible to minimize the
chance that anyone could connect directly to the network core. The current security setup is:
In a locked building that requires sign in with a guard and identification check.
In a locked data center accessible by a proximity badge and fingerprint scanner.
In a locked cabinet that requires the security guard to call the Chief Information Security Officer
(CISO) to get permission to provide the key.
Which of the following additional measures should the architect recommend to make this equipment
more secure?

• A. Make all engineers with access to the data center sign a statement of work.
• B. Set up a video surveillance system that has cameras focused on the cabinet.
• C. Have the CISO accompany any network engineer that needs to do work in this cabinet.
• D. Require anyone entering the data center for any reason to undergo a background check.

An organization has centralized logging capability at the on-premises data center and wants a
solution that can consolidate logging from deployed cloud workloads. The organization would like to
automate the detection and alerting mechanism. Which of the following best meets the
requirements?

• A. IDS/IPS
• B. SIEM
• C. Data lake
• D. Syslog

Security policy states that all inbound traffic to the environment needs to be restricted, but all
external outbound traffic is allowed within the hybrid cloud environment. A new application server
was recently set up in the cloud. Which of the following would most likely need to be configured so
that the server has the appropriate access set up? (Choose two.)

• A. Application gateway
• B. IPS
• C. Port security
• D. Firewall
• E. Network security group
• F. Screened subnet