Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA CNX-001 - CompTIA CloudNetX Exam

Page: 2 / 3
Total 84 questions

A network architect is designing a solution to place network core equipment in a rack inside a data center. This equipment is crucial to the enterprise and must be as secure as possible to minimize the chance that anyone could connect directly to the network core. The current security setup is:

    In a locked building that requires sign in with a guard and identification check.

    In a locked data center accessible by a proximity badge and fingerprint scanner.

    In a locked cabinet that requires the security guard to call the Chief Information Security Officer (CISO) to get permission to provide the key.

Which of the following additional measures should the architect recommend to make this equipment more secure?

A.

Make all engineers with access to the data center sign a statement of work.

B.

Set up a video surveillance system that has cameras focused on the cabinet.

C.

Have the CISO accompany any network engineer that needs to do work in this cabinet.

D.

Require anyone entering the data center for any reason to undergo a background check.

A call center company provides its services through a VoIP infrastructure. Recently, the call center set up an application to manage its documents on a cloud application. The application is causing recurring audio losses for VoIP callers. The network administrator needs to fix the issue with the least expensive solution. Which of the following is the best approach?

A.

Adding a second internet link and physically splitting voice and data networks into different routes

B.

Configuring QoS rules at the internet router to prioritize the VoIP calls

C.

Creating two VLANs, one for voice and the other for data

D.

Setting up VoIP devices to use a voice codec with a higher compression rate

An architect needs to deploy a new payroll application on a cloud host. End users' access to the application will be based on the end users' role. In addition, the host must be deployed on the 192.168.77.32/30 subnet. Which of the following Zero Trust elements are being implemented in this design? (Choose two.)

A.

Least privilege

B.

Device trust

C.

Microsegmentation

D.

CASB

E.

WAF

F.

MFA

A customer asks a MSP to propose a ZTA (Zero Trust Architecture) design for its globally distributed remote workforce. Given the following requirements:

    Authentication should be provided through the customer's SAML identity provider.

    Access should not be allowed from countries where the business does not operate.

    Secondary authentication should be added to the workflow to allow for passkeys.

    Changes to the user's device posture and hygiene should require reauthentication into the network.

    Access to the network should only be allowed to originate from corporate-owned devices.

Which of the following solutions should the MSP recommend to meet the requirements?

A.

Enforce certificate-based authentication.

Permit unauthenticated remote connectivity only from corporate IP addresses.

Enable geofencing.

Use cookie-based session tokens that do not expire for remembering user log-ins.

Increase RADIUS server timeouts.

B.

Enforce posture assessment only during the initial network log-on.

Implement RADIUS for SSO.

Restrict access from all non-U.S. IP addresses.

Configure a BYOD access policy.

Disable auditing for remote access.

C.

Chain the existing identity provider to a new SAML.

Require the use of time-based one-time passcode hardware tokens.

Enable debug logging on the VPN clients by default.

Disconnect users from the network only if their IP address changes.

D.

Configure geolocation settings to block certain IP addresses.

Enforce MFA.

Federate the solution via SSO.

Enable continuous access policies on the WireGuard tunnel.

Create a trusted endpoints policy.

A network administrator must connect a remote building at a manufacturing plant to the main building via a wireless connection. Which of the following should the administrator choose to get the greatest possible range from the wireless connection? (Choose two.)

A.

2.4GHz

B.

5GHz

C.

6GHz

D.

Omnidirectional antenna

E.

Patch antenna

F.

Built-in antenna

A network administrator needs to resolve connectivity issues in a hybrid cloud setup. Workstations and VMs are not able to access Application A. Workstations are able to access Server B.

INSTRUCTIONS

Click on workstations, VMs, firewalls, and NSGs to troubleshoot and gather information. Type help in the terminal to view a list of available commands.

Select the appropriate device(s) requiring remediation and identify the associated issue(s).

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A network architect is designing an expansion solution for the branch office network and requires the following business outcomes:

    Maximize cost savings with reduced administration overhead

    Easily expand connectivity to the cloud

    Use cloud-based services to the branch offices

Which of the following should the architect do to best meet the requirements?

A.

Design a SD-WAN solution to integrate with the cloud provider; use SD-WAN to connect branch offices to the cloud provider.

B.

Design point-to-site branch connectivity for offices to headquarters; deploy ExpressRoute and/or DirectConnect between headquarters and the cloud; use headquarters connectivity to connect to the cloud provider.

C.

Design an MPLS architecture for the branch offices and site-to-site VPN between headquarters and branch offices; use site-to-site connectivity to the cloud provider.

D.

Design a dark fiber solution for headquarters and branch offices' connectivity; deploy point-to-site VPN between headquarters and the cloud provider; use the headquarters connectivity to the cloud provider.

A network engineer adds a large group of servers to a screened subnet and configures them to use IPv6 only. The servers need to seamlessly communicate with IPv4 servers on the internal networks. Which of the following actions is the best way to achieve this goal?

A.

Add IPv6 to the network cards on the internal servers so they can communicate with the screened subnet.

B.

Set up a bridge between the screened subnet and internal networks to handle the conversion.

C.

Change the servers in the screened subnet from IPv6 addresses to IPv4 addresses.

D.

Implement NAT64 on the router between the screened subnet and the internal network.

A security architect needs to increase the security controls around computer hardware installations. The requirements are:

    Auditable access logs to computer rooms

    Alerts for unauthorized access attempts

    Remote visibility to the inside of computer rooms

Which of the following controls best meet these requirements? (Choose two.)

A.

Video surveillance

B.

NFC access cards

C.

Motion sensors

D.

Locks and keys

E.

Security patrols

F.

Automated lighting

A network architect needs to design a solution to ensure every cloud environment network is built to the same baseline. The solution must meet the following requirements:

    Use automated deployment.

    Easily update multiple environments.

    Share code with a community of practice.

Which of the following are the best solutions? (Choose two.)

A.

CI/CD pipelines

B.

Public code repository

C.

Deployment runbooks

D.

Private code repository

E.

Automated image deployment

F.

Deployment guides