CompTIA CNX-001 시험

Question No : 1

A cloud architect needs to change the network configuration at a company that uses GitOps to document and implement network changes. The Git repository uses main as the default branch, and the main branch is protected.
Which of the following should the architect do after cloning the repository?

• A.Use the main branch to make and commit the changes back to the remote repository.
• B.Create a new branch for the change, then create a pull request including the changes.
• C.Check out the development branch, then perform and commit the changes back to the remote repository.
• D.Rebase the remote main branch after making the changes to implement.

답을 확인하기

정답:
Explanation:
Because main is protected, you must make your network-configuration edits on a separate feature branch and submit them via a pull request. This preserves the integrity of the protected branch and aligns with GitOps best practices for change review and automated deployment.

Question No : 2

A network architect is designing a solution to secure the organization's applications based on the security policy.
The requirements are:
Users must authenticate using one set of credentials.
External users must be located in authorized sites.
Session timeouts must be enforced.
Network access requirements should be changed as needed.
Which of the following best meet these requirements? (Choose two.)

• A.Role-based access
• B.Single sign-on
• C.Static IP allocation
• D.Multifactor authentication
• E.Conditional access policy
• F.Risk-based authentication

답을 확인하기

정답:
Explanation:
Single sign-on: Provides users with one set of credentials for authentication across all applications, simplifying access and reducing password fatigue.
Conditional access policy: Enforces location-based restrictions for external users, configurable session timeouts, and dynamic network access controls that can be updated as requirements evolve.

Question No : 3

A company is transitioning from on premises to a hybrid environment. Due to regulatory standards, the company needs to achieve a high level of reliability and high availability for the connection between its data center and the cloud provider.
Which of the following solutions best meets the requirements?

• A.Establish a Direct Connect with the cloud provider and peer to two different VPCs in the cloud network.
• B.Establish a Direct Connect with the cloud provider and a redundant connection with a VPN over the internet.
• C.Establish two Direct Connect connections to the cloud provider using two different suppliers.
• D.Establish a VPN with two tunnels to a transit gateway at the cloud provider.

답을 확인하기

정답:
Explanation:
By provisioning two dedicated Direct Connect circuits from separate carriers (diverse physical paths and providers), you achieve a true highly available, fault-tolerant link that meets stringent reliability and regulatory requirements without relying on the public internet.

Question No : 4

A large commercial enterprise that runs a global video streaming platform recently acquired a small business that serves customers in a geographic area with limited connectivity to the global telecommunications infrastructure. The executive leadership team issued a mandate to deliver the highest possible video streaming quality to all customers around the world.
Which of the following solutions should the enterprise architect suggest to meet the requirements?

• A.Serve the customers in the acquired area with a highly compressed version of content.
• B.Use a geographically weighted DNS solution to distribute the traffic.
• C.Deploy multiple local load balancers in the newly added geographic area.
• D.Utilize CDN for all customers regardless of geographic location.

답을 확인하기

정답:
Explanation:
A global Content Delivery Network caches and serves video streams from edge nodes close to end users, minimizing latency and packet loss over limited backhaul links and ensuring the highest possible quality everywhere. By offloading traffic to a CDN, even customers in regions with constrained connectivity will receive optimized streams from the nearest POP rather than traversing the congested core network.

Question No : 5

End users are getting certificate errors and are unable to connect to an application deployed in a cloud. The application requires HTTPS connection. A network solution architect finds that a firewall is deployed between end users and the application in the cloud.
Which of the following is the root cause of the issue?

• A.The firewall on the application server has port 443 blocked.
• B.The firewall has port 443 blocked while SSL/HTTPS inspection is enabled.
• C.The end users do not have certificates on their laptops.
• D.The firewall has an expired certificate while SSL/HTTPS inspection is enabled.

답을 확인하기

정답:
Explanation:
When SSL inspection is turned on, the firewall intercepts and re-signs HTTPS traffic with its own certificate. If that certificate has expired, end users will see certificate errors even though port 443 is open and the backend application’s certificate is valid.

Question No : 6

A network architect is designing an expansion solution for the branch office network and requires the following business outcomes:
Maximize cost savings with reduced administration overhead
Easily expand connectivity to the cloud
Use cloud-based services to the branch offices
Which of the following should the architect do to best meet the requirements?

• A.Design a SD-WAN solution to integrate with the cloud provider; use SD-WAN to connect branch offices to the cloud provider.
• B.Design point-to-site branch connectivity for offices to headquarters; deploy ExpressRoute and/or DirectConnect between headquarters and the cloud; use headquarters connectivity to connect to the cloud provider.
• C.Design an MPLS architecture for the branch offices and site-to-site VPN between headquarters and branch offices; use site-to-site connectivity to the cloud provider.
• D.Design a dark fiber solution for headquarters and branch offices' connectivity; deploy point-to-site VPN between headquarters and the cloud provider; use the headquarters connectivity to the cloud provider.

답을 확인하기

정답:
Explanation:
By deploying SD-WAN you centrally manage and orchestrate all branch connections, minimizing administration overhead, while establishing direct, optimized tunnels into the cloud provider for low-latency, scalable access to cloud services.

Question No : 7

A network administrator is troubleshooting an outage at a remote site. The administrator examines the logs and determines that one of the internet links at the site appears to be down. After the service provider confirms this information, the administrator fails over traffic to the backup link.
Which of the following should the administrator do next?

• A.Document the lessons learned.
• B.Establish a plan of action.
• C.Identify the problem.
• D.Verify full system functionality.

답을 확인하기

정답:
Explanation:
After implementing the failover solution, you should confirm that all services and network paths are fully restored and operating correctly before closing the ticket.

Question No : 8

A network architect is creating a network topology for a global SD-WAN deployment. The business has offices in Asia, Europe, and the United States and makes use of data centers in the United States and Europe. Most traffic between sites must have the lowest latency possible.
Which of the following topologies best meets this requirement?

• A.Star
• B.Spine-and-leaf
• C.Mesh
• D.Hub-and-spoke

답을 확인하기

정답:
Explanation:
A full-mesh SD-WAN topology allows each site to establish direct overlays with every other site, minimizing the number of hops and avoiding backhauling through a central hub, thereby delivering the lowest latency paths between Asia, Europe, and the US.

Question No : 9

An architect needs to deploy a new payroll application on a cloud host. End users' access to the application will be based on the end users' role. In addition, the host must be deployed on the 192.168.77.32/30 subnet.
Which of the following Zero Trust elements are being implemented in this design? (Choose two.)

• A.Least privilege
• B.Device trust
• C.Microsegmentation
• D.CASB
• E.WAF
• F.MFA

답을 확인하기

정답:
Explanation:
Least privilege: Granting users access to the payroll app strictly according to their roles enforces the principle of least privilege.
Microsegmentation: Placing the host in its own 192.168.77.32/30 subnet isolates it from other workloads, achieving microsegmentation.

Question No : 10

A company is experiencing multiple switch failures.
The network analyst discovers the following:
Network recovery time is unacceptable and occurs after the shutdown of some switches.
Some loops were detected in the network.
No broadcast storm was detected.
Which of the following is the most cost-effective solution?

• A.Add a new Layer 3 switch.
• B.Add multiple VLANs.
• C.Implement ST
• D.Implement tagging.

답을 확인하기

정답:
Explanation:
Spanning Tree Protocol prevents and automatically resolves layer-2 loops without requiring new hardware. It also improves convergence times after a link or switch failure, meeting the recovery and loop-avoidance requirements most cost-effectively.

Question No : 11

Security policy states that all inbound traffic to the environment needs to be restricted, but all external outbound traffic is allowed within the hybrid cloud environment. A new application server was recently set up in the cloud.
Which of the following would most likely need to be configured so that the server has the appropriate access set up? (Choose two.)

• A.Application gateway
• B.IPS
• C.Port security
• D.Firewall
• E.Network security group
• F.Screened subnet

답을 확인하기

정답:
Explanation:
A perimeter firewall enforces the organization’s “deny inbound by default, allow all outbound” policy at the edge of the cloud environment, while an Azure-style NSG applies the same rule set at the VM/subnet level. Together they ensure no inbound connections slip through and that outbound traffic remains unrestricted.

Question No : 12

An organization has centralized logging capability at the on-premises data center and wants a solution that can consolidate logging from deployed cloud workloads. The organization would like to automate the detection and alerting mechanism.
Which of the following best meets the requirements?

• A.IDS/IPS
• B.SIEM
• C.Data lake
• D.Syslog

답을 확인하기

정답:
Explanation:
A Security Information and Event Management system ingests and normalizes logs from on-premises and cloud sources, applies automated correlation rules for detection, and issues alerts, exactly matching the need for centralized logging, analysis, and automated notification.

Question No : 13

A network architect is designing a solution to place network core equipment in a rack inside a data
center. This equipment is crucial to the enterprise and must be as secure as possible to minimize the chance that anyone could connect directly to the network core.
The current security setup is:
In a locked building that requires sign in with a guard and identification check.
In a locked data center accessible by a proximity badge and fingerprint scanner.
In a locked cabinet that requires the security guard to call the Chief Information Security Officer (CISO) to get permission to provide the key.
Which of the following additional measures should the architect recommend to make this equipment more secure?

• A.Make all engineers with access to the data center sign a statement of work.
• B.Set up a video surveillance system that has cameras focused on the cabinet.
• C.Have the CISO accompany any network engineer that needs to do work in this cabinet.
• D.Require anyone entering the data center for any reason to undergo a background check.

답을 확인하기

정답:
Explanation:
Recording and monitoring all activity at the cabinet greatly strengthens security by providing a real-time deterrent, an audit trail of who accessed it and when, and forensic evidence if an incident ever occurs.

Question No : 14

A network administrator receives a ticket from one of the company's offices about video calls that work normally for one minute and then get very choppy.
The network administrator pings the video server from that site to ensure that it is reachable:



Which of the following is most likely the cause of the video call issue?

• A.Throughput
• B.Jitter
• C.Latency
• D.Loss

답을 확인하기

정답:
Explanation:
The wildly varying ping response times (from 11 ms up to 849 ms) indicate high packet-delay variation, which causes the video stream to become choppy after a short period. That fluctuation in latency is known as jitter.

Question No : 15

A network engineer is installing new switches in the data center to replace existing infrastructure. The previous network hardware had administrative interfaces that were plugged into the existing network along with all other server hardware on the same subnet.
Which of the following should the engineer do to better secure these administrative interfaces?

• A.Connect the switch management ports to a separate physical network.
• B.Disable unused physical ports on the switches to keep unauthorized users out.
• C.Set the administrative interfaces and the network switch ports on the same VLA
• D.Upgrade all of the switch firmware to the latest hardware levels.

답을 확인하기

정답:
Explanation:
Segregating management interfaces onto their own dedicated network ensures that administrative access is isolated from general user and server traffic, greatly reducing the attack surface and preventing lateral movement if the production network is compromised.