CNX-001Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 1

A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster. Which of the following describes the team's decision?

  • A: Business continuity
  • B: Disaster recovery
  • C: Risk transference
  • D: Memorandum of understanding

Question 2

A network engineer is establishing a wireless network for handheld inventory scanners in a manufacturing company's warehouse. The engineer needs an authentication mechanism for these scanners that uses the Wi-Fi network and works with the company's Active Directory. The business requires that the solution authenticate the users and authorize the scanners. Which of the following provides the best solution for authentication and authorization?

  • A: TACACS+
  • B: RADIUS
  • C: LDAP
  • D: PKI

Question 3

A company is migrating an application to the cloud for modernization. The engineer needs to provide dependencies between application and database tiers in the environment. Which of the following should the engineer reference in order to best meet this requirement?

  • A: Internal knowledge base article
  • B: CMDB
  • C: WBS
  • D: Diagram of physical server locations
  • E: SOW

Question 4

A network administrator recently deployed new Wi-Fi 6E access points in an office and enabled 6GHz coverage. Users report that when they are connected to the new 6GHz SSID, the performance is worse than the 5GHz SSID. The network administrator suspects that there is a source of 6GHz interference in the office. Using the troubleshooting methodology, which of the following actions should the network administrator do next?

  • A: Test to see if the changes have improved network performance.
  • B: Use a spectrum analyzer and check the 6GHz spectrum.
  • C: Document the list of channels that are experiencing interference.
  • D: Change the channels being used by the 6GHz radios in the APs.

Question 5

A SaaS company is launching a new product based in a cloud environment. The new product will be provided as an API and should not be exposed to the internet. Which of the following should the company create to best meet this requirement?

  • A: A transit gateway that connects the API to the customer's VPC
  • B: Firewall rules allowing access to the API endpoint from the customer's VPC
  • C: A VPC peering connection from the API VPC to the customer's VPC
  • D: A private service endpoint exposing the API endpoint to the customer's VPC

Question 6

A network administrator is configuring firewall rules to lock down the network from outside attacks. Which of the following should the administrator configure to create the most strict set of rules?

  • A: URL filtering
  • B: File blocking
  • C: Network security group
  • D: Allow list

Question 7

A network engineer is installing new switches in the data center to replace existing infrastructure. The previous network hardware had administrative interfaces that were plugged into the existing network along with all other server hardware on the same subnet. Which of the following should the engineer do to better secure these administrative interfaces?

  • A: Connect the switch management ports to a separate physical network.
  • B: Disable unused physical ports on the switches to keep unauthorized users out.
  • C: Set the administrative interfaces and the network switch ports on the same VLAN.
  • D: Upgrade all of the switch firmware to the latest hardware levels.

Question 8

A network administrator receives a ticket from one of the company's offices about video calls that work normally for one minute and then get very choppy. The network administrator pings the video server from that site to ensure that it is reachable:

Image 1

Which of the following is most likely the cause of the video call issue?

  • A: Throughput
  • B: Jitter
  • C: Latency
  • D: Loss

Question 9

A network architect is designing a solution to place network core equipment in a rack inside a data center. This equipment is crucial to the enterprise and must be as secure as possible to minimize the chance that anyone could connect directly to the network core. The current security setup is:
In a locked building that requires sign in with a guard and identification check.
In a locked data center accessible by a proximity badge and fingerprint scanner.
In a locked cabinet that requires the security guard to call the Chief Information Security Officer (CISO) to get permission to provide the key.
Which of the following additional measures should the architect recommend to make this equipment more secure?

  • A: Make all engineers with access to the data center sign a statement of work.
  • B: Set up a video surveillance system that has cameras focused on the cabinet.
  • C: Have the CISO accompany any network engineer that needs to do work in this cabinet.
  • D: Require anyone entering the data center for any reason to undergo a background check.

Question 10

An organization has centralized logging capability at the on-premises data center and wants a solution that can consolidate logging from deployed cloud workloads. The organization would like to automate the detection and alerting mechanism. Which of the following best meets the requirements?

  • A: IDS/IPS
  • B: SIEM
  • C: Data lake
  • D: Syslog

Question 11

Security policy states that all inbound traffic to the environment needs to be restricted, but all external outbound traffic is allowed within the hybrid cloud environment. A new application server was recently set up in the cloud. Which of the following would most likely need to be configured so that the server has the appropriate access set up? (Choose two.)

  • A: Application gateway
  • B: IPS
  • C: Port security
  • D: Firewall
  • E: Network security group
  • F: Screened subnet

Question 12

A company is experiencing multiple switch failures. The network analyst discovers the following:
Network recovery time is unacceptable and occurs after the shutdown of some switches.
Some loops were detected in the network.
No broadcast storm was detected.
Which of the following is the most cost-effective solution?

  • A: Add a new Layer 3 switch.
  • B: Add multiple VLANs.
  • C: Implement STP.
  • D: Implement tagging.

Question 13

An architect needs to deploy a new payroll application on a cloud host. End users' access to the application will be based on the end users' role. In addition, the host must be deployed on the 192.168.77.32/30 subnet. Which of the following Zero Trust elements are being implemented in this design? (Choose two.)

  • A: Least privilege
  • B: Device trust
  • C: Microsegmentation
  • D: CASB
  • E: WAF
  • F: MFA

Question 14

A network architect is creating a network topology for a global SD-WAN deployment. The business has offices in Asia, Europe, and the United States and makes use of data centers in the United States and Europe. Most traffic between sites must have the lowest latency possible. Which of the following topologies best meets this requirement?

  • A: Star
  • B: Spine-and-leaf
  • C: Mesh
  • D: Hub-and-spoke

Question 15

A network administrator is troubleshooting an outage at a remote site. The administrator examines the logs and determines that one of the internet links at the site appears to be down. After the service provider confirms this information, the administrator fails over traffic to the backup link. Which of the following should the administrator do next?

  • A: Document the lessons learned.
  • B: Establish a plan of action.
  • C: Identify the problem.
  • D: Verify full system functionality.

Question 16

A network architect is designing an expansion solution for the branch office network and requires the following business outcomes:
Maximize cost savings with reduced administration overhead
Easily expand connectivity to the cloud
Use cloud-based services to the branch offices
Which of the following should the architect do to best meet the requirements?

  • A: Design a SD-WAN solution to integrate with the cloud provider; use SD-WAN to connect branch offices to the cloud provider.
  • B: Design point-to-site branch connectivity for offices to headquarters; deploy ExpressRoute and/or DirectConnect between headquarters and the cloud; use headquarters connectivity to connect to the cloud provider.
  • C: Design an MPLS architecture for the branch offices and site-to-site VPN between headquarters and branch offices; use site-to-site connectivity to the cloud provider.
  • D: Design a dark fiber solution for headquarters and branch offices' connectivity; deploy point-to-site VPN between headquarters and the cloud provider; use the headquarters connectivity to the cloud provider.

Question 17

End users are getting certificate errors and are unable to connect to an application deployed in a cloud. The application requires HTTPS connection. A network solution architect finds that a firewall is deployed between end users and the application in the cloud. Which of the following is the root cause of the issue?

  • A: The firewall on the application server has port 443 blocked.
  • B: The firewall has port 443 blocked while SSL/HTTPS inspection is enabled.
  • C: The end users do not have certificates on their laptops.
  • D: The firewall has an expired certificate while SSL/HTTPS inspection is enabled.

That’s the end of your free questions

You’ve reached the preview limit for CNX-001

Consider upgrading to gain full access!

Page 1 of 4 • Questions 1-25 of 81
1234

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!