Free CNX-001 Sample Questions — CompTIA CloudNetX

A company has a 40Gbps network that uses a network tap to inspect the traffic using an IDS. The IDS usually performs normally except when the servers are downloading patches from their local update repository 10.10.10.139 using HTTPS. During the patch windows, the IDS cannot handle the extra load and drops a significant number of packets. Which of the following would allow a network engineer to prevent this issue without compromising the network visibility?

• A. Configuring the IDS to ignore traffic from 10.10.10.139
• B. Using PF_RING offload to filter out "host 10.10.10.139 and port 443"
• C. Adding a "dst host 10.10.10.139" BPF on the tap
• D. Scheduling a cron job to stop the IDS service during the patch window

A network security administrator needs to set up a solution to: Gather all data from log files in a single location. Correlate the data to generate alerts. Which of the following should the administrator implement?

• A. Syslog
• B. Event log monitoring
• C. Log management
• D. SIEM

A network administrator recently deployed new Wi-Fi 6E access points in an office and enabled 6GHz coverage. Users report that when they are connected to the new 6GHz SSID, the performance is worse than the 5GHz SSID. The network administrator suspects that there is a source of 6GHz interference in the office. Using the troubleshooting methodology, which of the following actions should the network administrator do next?

• A. Test to see if the changes have improved network performance
• B. Use a spectrum analyzer and check the 6GHz spectrum
• C. Document the list of channels that are experiencing interference
• D. Change the channels being used by the 6GHz radios in the APs

A network administrator is configuring firewall rules to lock down the network from outside attacks. Which of the following should the administrator configure to create the most strict set of rules?

• A. URL filtering
• B. File blocking
• C. Network security group
• D. Allow list

A cafe uses a tablet-based point-of-sale system. Customers are complaining that their food is taking too long to arrive. During an investigation, the following is noticed: Every kitchen printer did not print the orders. Payments are processing correctly. The cloud-based system has record of the orders. This issue occurred when the cafe was busy. Which of the following is the best way to mitigate this issue?

• A. Updating the application
• B. Adding an access point exclusively for the kitchen
• C. Upgrading the kitchen printers' wireless dongles
• D. Assigning the kitchen printers static IP addresses

After a company migrated all services to the cloud, the security auditor discovers many users have administrator roles on different services. The company needs a solution that: Protects the services on the cloud. Limits access to administrative roles. Creates a policy to approve requests for administrative roles on critical services within a limited time. Forces password rotation for administrative roles. Audits usage of administrative roles. Which of the following is the best way to meet the company's requirements?

• A. Privileged access management
• B. Session-based token
• C. Conditional access
• D. Access control list

A company hosts its application s on the cloud and is expanding its business to Europe. The company must comply with General Data Protection Regulation to limit European customers' access to data. The network team configures the firewall rules but finds that some customers in the United States can access data hosted in Europe. Which of the following is the best option for the network team to configure?

• A. SASE
• B. Network security groups
• C. CDN
• D. Geofencing rule

A network security engineer must secure a web application running on virtual machines in a public cloud. The virtual machines are behind an application load balancer. Which of the following technologies should the engineer use to secure the virtual machines? (Choose two.)

• A. CDN
• B. DLP
• C. IDS
• D. WAF
• E. SIEM
• F. NSG

A company just launched a cloud-based application. Some users are reporting the application will not load. A cloud engineer investigates the issues and reports the following: Not all users are experiencing the issue. The application infrastructure is optimal. Users experiencing the issue belong to the company's remote sales team. Which of the following is most likely misconfigured?

• A. Application load balancers
• B. Ports and protocols
• C. IP addressing
• D. Geolocation rules

A cloud architect needs to change the network configuration at a company that uses GitOps to document and implement network changes. The Git repository uses main as the default branch, and the main branch is protected. Which of the following should the architect do after cloning the repository?

• A. Use the main branch to make and commit the changes back to the remote repository
• B. Create a new branch for the change, then create a pull request including the changes
• C. Check out the development branch, then perform and commit the changes back to the remote repository
• D. Rebase the remote main branch after making the changes to implement

End users are getting certificate errors and are unable to connect to an application deployed in a cloud. The application requires HTTPS connection. A network solution architect finds that a firewall is deployed between end users and the application in the cloud. Which of the following is the root cause of the issue?

• A. The firewall on the application server has port 443 blocked
• B. The firewall has port 443 blocked while SSL/HTTPS inspection is enabled
• C. The end users do not have certificates on their laptops
• D. The firewall has an expired certificate while SSL/HTTPS inspection is enabled

A company is experiencing numerous network issues and decides to expand its support team. The new junior employees will need to be onboarded in the shortest time possible and be able to troubleshoot issues with minimal assistance. Which of the following should the company create to achieve this goal?

• A. Statement of work documenting what each junior employee should do when troubleshooting
• B. Clearly documented runbooks for networking issues and knowledge base articles
• C. Physical and logical network diagrams of the entire networking infrastructure
• D. mentor program for guiding each junior employee until they are familiar with the networking infrastructure

An outage occurred after a software upgrade on core switching. A network administrator thinks that the firmware installed had a bug. Which of the following should the network administrator do next?

• A. Establish a plan of action to resolve the issue
• B. Test the theory to determine cause
• C. Document lessons learned
• D. Implement the solution

A network architect needs to design a solution to ensure every cloud environment network is built to the same baseline. The solution must meet the following requirements: Use automated deployment. Easily update multiple environments. Share code with a community of practice. Which of the following are the best solutions? (Choose two.)

• A. CI/CD pipelines
• B. Public code repository
• C. Deployment runbooks
• D. Private code repository
• E. Automated image deployment
• F. Deployment guides

A network architect is working on a physical network design template for a small education institution's satellite campus that is not yet built. The new campus location will consist of two small buildings with classrooms, one screening room with audiovisual equipment, and 200 seats for students. Which of the following enterprise network designs should the architect suggest?

• A. Hybrid
• B. Dual-layer
• C. Three-tier
• D. Collapsed core

A network architect must ensure only certain departments can access specific resources while on premises. Those same users cannot be allowed to access those resources once they have left campus. Which of the following would ensure access is provided according to these requirements?

• A. Enabling MFA for only those users within the departments needing access
• B. Configuring geofencing with the IPs of the resources
• C. Configuring UEBA to monitor all access to those resources during non-business hours
• D. Implementing a PKI-based authentication system to ensure access

After a malicious actor used an open port in a company's lobby, a network architect needs to enhance network security. The solution must enable: Security posture check - Auto remediation capabilities - Network isolation - Device and user authentication - Which of the following technologies best meets these requirements?

• A. IPS
• B. Microsegmentation
• C. 802.1X
• D. NAC

A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster. Which of the following describes the team's decision?

• A. Business continuity
• B. Disaster recovery
• C. Risk transference
• D. Memorandum of understanding

Server A (10.2.3.9) needs to access Server B (10.2.2.7) within the cloud environment since they are segmented into different network sections. All external inbound traffic must be blocked to those servers. Which of the following need to be configured to appropriately secure the cloud network? (Choose two.)

• A. Network security group rule: allow 10.2.3.9 to 10.2.2.7
• B. Network security group rule: allow 10.2.0.0/16 to 0.0.0.0/0
• C. Network security group rule: deny 0.0.0.0/0 to 10.2.0.0/16
• D. Firewall rule: deny 10.2.0.0/16 to 0.0.0.0/0
• E. Firewall rule: allow 10.2.0.0/16 to 0.0.0.0/0
• F. Network security group rule: deny 10.2.0.0/16 to 0.0.0.0/0

Which of the following helps the security of the network design to align with industry best practices?

• A. Reference architectures
• B. Licensing agreement
• C. Service-level agreement
• D. Memorandum of understanding