Online CNX-001 Test Brain Dump Question and Test Engine
Real CompTIA CNX-001 Exam Dumps with Correct 86 Questions and Answers
NEW QUESTION # 42
A company is experiencing multiple switch failures. The network analyst discovers the following:
* Network recovery time is unacceptable and occurs after the shutdown of some switches.
* Some loops were detected in the network.
* No broadcast storm was detected.
Which of the following is the most cost-effective solution?
- A. Add multiple VLANs.
- B. Implement STP.
- C. Implement tagging.
- D. Add a new Layer 3 switch.
Answer: B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Spanning Tree Protocol (STP) is a Layer 2 protocol that prevents loop conditions in redundant switch topologies. It automatically disables redundant links in a controlled way, allowing one active path at a time.
When a switch fails, STP recalculates and activates an alternate path. In this case, loops are detected, but no broadcast storms occurred, indicating that STP is not in place or not configured properly. Implementing STP is a low-cost and effective solution to resolve these issues.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Switching Technologies and Loop Prevention":
"STP prevents switching loops by dynamically identifying and disabling redundant paths. When a link failure occurs, STP re-converges to restore network connectivity."
"STP is an essential protocol in redundant Layer 2 topologies to avoid broadcast and loop issues." Other options:
* A. A Layer 3 switch adds routing functionality but does not prevent Layer 2 loops.
* B. VLANs segment broadcast domains but do not inherently prevent physical loops.
* D. Tagging (e.g., VLAN tagging) helps with segmentation but not with loop prevention.
NEW QUESTION # 43
After a company migrated all services to the cloud, the security auditor discovers many users have administrator roles on different services. The company needs a solution that:
Protects the services on the cloud.
Limits access to administrative roles.
Creates a policy to approve requests for administrative roles on critical services within a limited time.
Forces password rotation for administrative roles.
Audits usage of administrative roles.
Which of the following is the best way to meet the company's requirements?
- A. Conditional access
- B. Access control list
- C. Session-based token
- D. Privileged access management
Answer: D
Explanation:
A Privileged Access Management (PAM) solution provides just-in-time elevation to administrative roles, enforces approval workflows with time-bound access, requires credential rotation, and offers comprehensive auditing of all privileged sessions, fully meeting the company's requirements.
NEW QUESTION # 44
A user reports an issue connecting to a database server. The front-end application for this database is hosted on the company's web server. The network engineer has changed the network subnet that the company servers are located on along with the IP addresses of the servers. These are the new configurations:
New subnet for the servers is 10.10.10.64/27
Web server IP address is 10.10.10.101
Database server IP is 10.10.10.93
Which of the following ismostlikely causing the user's issue?
- A. The web application server is not forwarding the requests.
- B. The database server firewall is blocking the port to the database.
- C. The web server does not have the correct network configuration.
- D. The DNS server is not resolving properly.
Answer: C
Explanation:
With a /27 mask on 10.10.10.64/27, valid host addresses run from 10.10.10.65 through 10.10.10.94. The database server's IP (10.10.10.93) is in that range, but the web server's IP (10.10.10.101) falls outside it-so it's mis-configured and cannot reach the database.
NEW QUESTION # 45
Security policy states that all inbound traffic to the environment needs to be restricted, but all external outbound traffic is allowed within the hybrid cloud environment. A new application server was recently set up in the cloud. Which of the following would most likely need to be configured so that the server has the appropriate access set up? (Choose two.)
- A. Firewall
- B. Screened subnet
- C. Network security group
- D. IPS
- E. Application gateway
- F. Port security
Answer: A,C
Explanation:
A perimeter firewall enforces the organization's "deny inbound by default, allow all outbound" policy at the edge of the cloud environment, while an Azure-style NSG applies the same rule set at the VM/subnet level.
Together they ensure no inbound connections slip through and that outbound traffic remains unrestricted.
NEW QUESTION # 46
A network architect is working on a new network design to better support remote and on-campus workers.
Traffic needs to be decrypted for inspection in the cloud but is not required to go through the company's data center. Which of the following technologies best meets these requirements?
- A. Transit gateway
- B. Network access control system
- C. Virtual private network
- D. Secure web gateway
- E. Intrusion prevention system
Answer: D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A Secure Web Gateway (SWG) provides cloud-based traffic filtering, URL filtering, SSL decryption, and content inspection without requiring traffic to be routed through an on-premises data center. It is ideal for both remote and hybrid users, enforcing security policies in a distributed environment.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Cloud-Based Security Solutions":
"Secure Web Gateways allow cloud-hosted decryption and inspection of web traffic, enabling policy enforcement for remote and on-campus users without backhauling traffic to the data center." Other options:
* B. Transit gateways connect VPCs and on-prem but don't decrypt traffic.
* C. VPNs provide encrypted tunnels but don't inspect traffic.
* D. IPS inspects traffic but is usually on-prem and not cloud-hosted.
* E. NAC is used for access control, not traffic inspection.
NEW QUESTION # 47
A network engineer is designing a Layer 2 deployment for a company that occupies several floors in an office building. The engineer decides to make each floor its own VLAN but still allow for communication between all user VLANs. The engineer also wants to reduce the time necessary for STP convergence to occur when new switches come online. Which of the following should the engineer enable to accomplish this goal?
- A. BPDU Guard
- B. Portfast
- C. Tagging
- D. Priority
Answer: B
Explanation:
Enabling PortFast on access ports lets them immediately enter the forwarding state, skipping the STP listening
/learning timers, and dramatically speeds up convergence when switches or end-stations come online.
NEW QUESTION # 48
A network administrator needs to resolve connectivity issues in a hybrid cloud setup. Workstations and VMs are not able to access Application A. Workstations are able to access Server B.
INSTRUCTIONS
Click on workstations, VMs, firewalls, and NSGs to troubleshoot and gather information. Type help in the terminal to view a list of available commands.
Select the appropriate device(s) requiring remediation and identify the associated issue(s).
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.











Answer:
Explanation:
See explanation below.
Explanation:
Firewalls # VPN tunnel down
The IPsec tunnel between on-prem Firewall 1 and cloud Firewall 2 (ipip0/ipip2) is down, so no traffic can traverse to the cloud.
Application NSG # Misconfigured rule
There's a "block" rule for 10.3.9.0/24 # 192.2.1.0/24, preventing legitimate on-prem clients from reaching Application A.
NEW QUESTION # 49
Which of the following helps the security of the network design to align with industry best practices?
- A. Licensing agreement
- B. Service-level agreement
- C. Memorandum of understanding
- D. Reference architectures
Answer: D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Reference architectures are pre-defined templates or blueprints provided by vendors, standardsbodies, or industry alliances (e.g., NIST, CIS, vendor frameworks) that define recommended practices for secure and reliable infrastructure design. They help ensure alignment with compliance, security controls, and industry- recognized configurations.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Architecture Standards and Security Best Practices":
"Reference architectures guide the implementation of secure, scalable, and compliant infrastructure. They embody industry best practices and reduce misconfiguration risks in cloud and hybrid environments." Other options:
* B. Licensing agreements pertain to software usage rights, not security alignment.
* C. SLAs define service expectations, not design standards.
* D. MOUs are informal agreements between parties, not technical or security frameworks.
NEW QUESTION # 50
A network architect is designing a solution to secure the organization's applications based on the security policy. The requirements are:
* Users must authenticate using one set of credentials.
* External users must be located in authorized sites.
* Session timeouts must be enforced.
* Network access requirements should be changed as needed.
Which of the following best meet these requirements? (Choose two.)
- A. Single sign-on
- B. Conditional access policy
- C. Static IP allocation
- D. Role-based access
- E. Multifactor authentication
- F. Risk-based authentication
Answer: A,B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
B: Single Sign-On (SSO) - SSO enables users to authenticate once using a unified set of credentials and gain access to multiple applications. It improves user experience and simplifies identity management.
E: Conditional Access Policy - This supports dynamic enforcement of access policies based on user location, device, risk level, and session characteristics. It allows administrators to define rules such as only allowing access from authorized geographic regions and automatically enforcing session timeouts or requiring reauthentication.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Identity and Access Management (IAM)":
"SSO provides seamless authentication across services while reducing password fatigue and attack surfaces."
"Conditional Access enforces access controls based on real-time conditions such as location, device compliance, and session context, supporting dynamic security postures." Other options:
* A. Role-based access defines permissions but does not handle location or session control.
* C. Static IP allocation does not offer user-based access controls.
* D. MFA enhances security but is not directly aligned with all the listed requirements.
* F. Risk-based authentication evaluates threat levels but does not handle session timeout or location enforcement directly.
NEW QUESTION # 51
An architecture team needs to unify all logging and performance monitoring used by global applications across the enterprise to perform decision-making analytics. Which of the following technologies is the best way to fulfill this purpose?
- A. CIEM
- B. Content delivery network
- C. Relational database
- D. Data lake
Answer: D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A data lake is ideal for aggregating structured and unstructured data at scale. It supports storage and analysis of logs, performance metrics, and other telemetry data from various sources. Data lakes enable advanced analytics and machine learning for decision support.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Data Aggregation and Analytics":
"Data lakes allow storage and analysis of high-volume, diverse data types, including logs and monitoring data. They support enterprise-wide visibility and strategic decision-making." Other options:
* A. Relational databases are optimized for structured data and are less scalable for log aggregation.
* B. CDNs deliver content, not used for data aggregation.
* C. CIEM (Cloud Infrastructure Entitlement Management) governs cloud permissions, not logging.
NEW QUESTION # 52
A company just launched a cloud-based application. Some users are reporting the application will not load. A cloud engineer investigates the issues and reports the following:
* Not all users are experiencing the issue
* The application infrastructure is optimal
* Users experiencing the issue belong to the company's remote sales team Which of the following is most likely misconfigured?
- A. IP addressing
- B. Application load balancers
- C. Ports and protocols
- D. Geolocation rules
Answer: D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Because only the remote sales team is experiencing access issues-and the application infrastructure is confirmed to be functioning correctly-it's likely that geolocation-based access control is misconfigured. If geofencing or region-based restrictions are applied incorrectly, traffic from users outside an allowed geographic area may be denied.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Geolocation and Access Controls":
"Geolocation rules filter traffic based on IP geographies. Misconfiguration can unintentionally block legitimate users who access services from disallowed locations." Other options:
* A. Load balancers distribute traffic and would affect all users, not a specific group.
* B. Port/protocol misconfiguration would affect all or specific service components, not location-based access.
* C. IP addressing issues are typically network-wide, not region-specific.
NEW QUESTION # 53
Application development team users are having issues accessing the database server within the cloud environment. All other users are able to use SSH to access this server without issues. The network architect reviews the following information to troubleshoot the issue:
IPAM information:
Traceroute output from an application developer's machine with the assigned IP 192.168.2.7:
Which of the following is themostlikely cause of the issue?
- A. The core firewall is blocking the traffic.
- B. Network security groups do not have the correct outbound rule configured.
- C. The server segment gateway is having bandwidth issues.
- D. The server segment firewall is dropping the traffic.
Answer: D
Explanation:
The traceroute from 192.168.2.7 reaches the server-segment gateway (192.168.1.1) and then the server- segment firewall (192.168.4.1), but never progresses to the database's subnet. That indicates the firewall at
192.168.4.1 is blocking or not forwarding packets to 192.168.1.9.
NEW QUESTION # 54
A company hosts a cloud-based e-commerce application and only wants the application accessed from certain locations. The network team configures a cloud firewall with WAF enabled, but users can access the application globally. Which of the following should the network team do?
- A. Reconfigure WAF rules
- B. Configure a NAT gateway
- C. Configure geo-restriction
- D. Implement a CDN
Answer: C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A Web Application Firewall (WAF) is primarily used for inspecting HTTP/HTTPS requests and filtering out malicious traffic, such as SQL injection or cross-site scripting (XSS) attacks. However, WAFs do not restrict access based on geographical location by default.
To control access to the cloud-hosted application based on geographical location, the correct measure is to implement geo-restriction (geo-blocking). This technique limits access to cloud-based resources by using the source IP's geographical origin. Geo-restriction is typically enforced at the cloud firewall or load balancer level.
Relevant Extract from CompTIA CloudNetX CNX-001 Official Objectives:
"Cloud access control policies can enforce geo-restriction settings, ensuring applications and services are only accessible from authorized geographic regions." Also found under "Security Controls in Cloud Deployments" section:
"Geo-restriction uses IP geolocation data to restrict access to services based on geographic criteria, supporting compliance and security requirements."
NEW QUESTION # 55
A cafe uses a tablet-based point-of-sale system. Customers are complaining that their food is taking too long to arrive. During an investigation, the following is noticed:
Every kitchen printer did not print the orders.
Payments are processing correctly.
The cloud-based system has record of the orders.
This issue occurred when the cafe was busy.
Which of the following is the best way to mitigate this issue?
- A. Updating the application
- B. Assigning the kitchen printers static IP addresses
- C. Adding an access point exclusively for the kitchen
- D. Upgrading the kitchen printers' wireless dongles
Answer: C
Explanation:
By dedicating a separate Wi-Fi access point to the printers, you isolate their traffic from the customer-facing tablets. This prevents congestion during busy periods, ensuring orders reliably print even when the main network is under heavy load.
NEW QUESTION # 56
A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster.
Which of the following describes the team's decision?
- A. Risk transference
- B. Business continuity
- C. Disaster recovery
- D. Memorandum of understanding
Answer: A
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Risk transference is a risk management strategy in which the financial impact of a risk is shifted to a third party, such as an insurance company. In this scenario, the purchase of an insurance policy to cover potential damage or loss from a natural disaster is an example of transferring risk, not avoiding, mitigating, or accepting it.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide under "Risk Management Concepts":
"Risk transference involves moving the responsibility or financial burden of a risk to a third party, often through the purchase of insurance or third-party service agreements." This approach is contrasted with mitigation (reducing risk), acceptance (living with the risk), or avoidance (eliminating the risk).
NEW QUESTION # 57
A network engineer is setting up guest access on a Wi-Fi network. After a recent network analysis, the engineer discovered that a user could access the guest network and attack the corporate network, since the networks share the same VLAN. Which of the following should the engineer do to prevent an attack like this one from happening?
- A. Configure Layer 2 client isolation for the wireless network.
- B. Set up a captive portal so all guest users have to register before gaining access to the wireless network.
- C. Set up a strong password on the guest wireless network.
- D. Set up a MAC filtering rule and add the MAC addresses of all corporate devices to the allow list.
Answer: A
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Layer 2 client isolation ensures that devices connected to the same wireless network (such as a guest SSID) cannot communicate with each other or other VLANs. This prevents guest users from scanning or attacking internal devices. It's a fundamental security control for guest Wi-Fi access.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Wireless Network Segmentation and Security":
"Client isolation prevents peer-to-peer attacks over Wi-Fi by ensuring wireless clients cannot communicate with one another, a necessary control on shared guest networks." Other options:
* B. MAC filtering is easy to spoof and hard to manage at scale.
* C. Strong passwords improve access control but don't isolate guest traffic.
* D. Captive portals add a registration layer but don't address VLAN or broadcast isolation.
NEW QUESTION # 58
A network administrator is troubleshooting a user's workstation that is unable to connect to the company network. The results of ipconfig and arp -a are shown. The user's workstation:
A router on the same network shows the following output:
* Has an IP address of 10.21.12.8
* Has subnet mask 255.255.255.0
* Default gateway is 10.21.12.254
* ARP table shows 10.21.12.8 mapped to 1A-21-11-31-74-4C (a different MAC address than the local adapter)
- A. IP address conflict
- B. DHCP server down
- C. Asynchronous routing
- D. Broadcast storm
Answer: A
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The local machine has the IP address 10.21.12.8 and the physical address 1A-21-11-33-44-5A.However, the ARP table shows that 10.21.12.8 is mapped to a different MAC address (1A-21-11-31-74-4C), meaning another device on the network is responding to ARP requests for the same IP. This is a clear sign of an IP address conflict, which would prevent the workstation from functioning properly on the network.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Troubleshooting IP Addressing Issues":
"An IP conflict occurs when two devices on the same network are assigned the same IP address. Symptoms include connectivity loss, duplicate ARP entries, and inconsistent routing behavior." Other options:
* A. Asynchronous routing refers to packets taking different return paths, which is unrelated to ARP inconsistencies.
* C. DHCP server issues would affect IP assignment but are not indicated here - the workstation has an IP address assigned.
NEW QUESTION # 59
An application is hosted on a three-node cluster in which each server has identical compute and network performance specifications. A fourth node is scheduled to be added to the cluster with three times the performance as any one of the preexisting nodes. The network architect wants to ensure that the new node gets the same approximate number of requests as all of the others combined. Which of the following load- balancing methodologies should the network architect recommend?
- A. Weighted
- B. Round-robin
- C. Load-based
- D. Least connections
Answer: A
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Weighted load balancing allows distribution of traffic based on server capacity or assignedweights. In this case, the new node should receive a weight of 3, and each of the three older nodes a weight of 1. This ensures the new node handles the same total number of requests as the other three combined (3:1:1:1).
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Load Balancing Algorithms and Traffic Distribution":
"Weighted load balancing accounts for node capacity, distributing requests proportionally according to performance capability or administrator-defined weights." Other options:
* A. Round-robin sends traffic equally to all servers regardless of capacity.
* B. Load-based requires dynamic performance measurement and is more complex.
* C. Least connections may work in certain cases, but doesn't guarantee proportional traffic split based on server performance.
NEW QUESTION # 60
A company deployed new applications in the cloud and configured a site-to-site VPN to connect the internal data center with the cloud. The IT team wants the internal servers to connect to those applications without using public IP addresses. Which of the following is thebestsolution?
- A. Configure proxy service in the site-to-site VPN to allow internal servers to access applications through the proxy.
- B. Configure a NAT server on the cloud to allow internal servers to connect to the applications through the NAT server.
- C. Create a DNS server in the cloud. Configure the DNS server in the customer data center to forward DNS requests for cloud resources to the cloud DNS server.
- D. Register applications on the cloud with a public DNS sever and configure internal servers to connect to them using their public DNS names.
Answer: C
Explanation:
By forwarding only the cloud application DNS queries to a cloud-hosted DNS zone that returns private IP addresses, your internal servers will resolve and connect over the site-to-site VPN without ever touching public IPs.
NEW QUESTION # 61
A partner is migrating a client from on-premises to a hybrid cloud. Given the following project status information, the initial project timeline estimates need to be revised:
(Refer to image: Phases like Discovery, Design, Implementation, and Knowledge Transfer have all exceeded their initial estimated timelines.) Which of the following documents needs to be revised to best reflect the current status of the project?
- A. SOW
- B. WBS
- C. SLA
- D. BIA
Answer: B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The WBS (Work Breakdown Structure) is the document that outlines all project tasks, associated timelines, and deliverables. Since the project timeline has significantly deviated from its original estimates, updating the WBS will allow for accurate tracking, reallocation of resources, and setting new expectations. It directly reflects the phase durations and current project status.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Project and Lifecycle Documentation":
"A Work Breakdown Structure provides a detailed timeline and scope of project tasks. Revisions to WBS are essential when milestones or phase durations change significantly." Other options:
* A. BIA (Business Impact Analysis) deals with criticality, not project scheduling.
* B. SLA (Service Level Agreement) defines performance guarantees, not project phases.
* C. SOW (Statement of Work) outlines scope and deliverables but doesn't track current status or time spent.
NEW QUESTION # 62
A user reports an issue connecting to a database server. The front-end application for this database is hosted on the company's web server. The network engineer has changed the network subnet that the company servers are located on along with the IP addresses of the servers. These are the new configurations:
* New subnet for the servers is 10.10.10.64/27
* Web server IP address is 10.10.10.101
* Database server IP is 10.10.10.93
Which of the following is most likely causing the user's issue?
- A. The DNS server is not resolving properly.
- B. The web application server is not forwarding the requests.
- C. The database server firewall is blocking the port to the database.
- D. The web server does not have the correct network configuration.
Answer: A
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Since the subnet and IPs were changed recently, and users are accessing the database through a web application, the likely issue is that DNS records have not been updated to reflect the new IP addresses. If DNS is pointing to old IPs, users will fail to reach the services even if they are up and reachable on the new subnet.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "DNS and Network Configuration Troubleshooting":
"DNS misconfiguration is a common issue following IP address changes. If DNS entries are not updated accordingly, clients will attempt to reach services at outdated IPs." Other options:
* A. No indication of web server misconfiguration is provided.
* B. Firewall issues would affect all users, not just one.
* D. The web server has a valid IP in the subnet range; no misconfiguration is indicated.
NEW QUESTION # 63
A company's IT department is expected to grow from 100 to 200 employees, and the sales department is expected to grow from 1,000 to a maximum of 2,000 employees. Each employee owns a single laptop with a single IP allocated. The network architect wants to deploy network segmentation using the IP range 10.0.0.0
/8. Which of the following is the best solution?
- A. Allocate 10.1.0.0/30 to the IT department. Allocate 10.2.0.0/16 to the sales department.
- B. Allocate 10.1.0.0/16 to the IT department. Allocate 10.2.1.0/24 to the sales department.
- C. Allocate 10.1.0.0/22 to the IT department. Allocate 10.2.0.0/15 to the sales department.
- D. Allocate 10.1.0.0/16 to the IT department. Allocate 10.2.1.0/25 to the sales department.
Answer: C
Explanation:
A /22 gives you 1,022 usable addresses, ample headroom for 200 IT laptops, while a /15 yields 32,766 addresses, covering up to 2,000 sales laptops with room to grow, all within the 10.0.0.0/8 space.
NEW QUESTION # 64
Throughout the day, a sales team experiences videoconference performance issues when the accounting department runs reports. Which of the following is the best solution?
- A. Running the accounting department's reports outside of business hours
- B. Using a load balancer to split the video traffic evenly
- C. Increasing the throughput on the network by purchasing high-end switches
- D. Configuring QoS on the corporate network switches
Answer: D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Quality of Service (QoS) ensures that latency-sensitive traffic like videoconferencing is prioritized over bandwidth-heavy but delay-tolerant tasks like report generation. Implementing QoS on network switches allows the network to differentiate traffic types and ensure sufficient bandwidth for critical applications during congestion.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Traffic Prioritization and QoS":
"QoS enables classification and prioritization of network traffic to ensure performance of mission-critical or real-time applications such as voice and video." Other options:
* A. Scheduling tasks outside business hours is not scalable or reliable.
* B. Load balancing applies to servers, not prioritization of LAN traffic.
* D. Buying higher-end switches is costly and may not resolve contention under load.
NEW QUESTION # 65
A company is experiencing numerous network issues and decides to expand its support team. The new junior employees will need to be onboarded in the shortest time possible and be able to troubleshoot issues with minimal assistance. Which of the following should the company create to achieve this goal?
- A. Statement of work documenting what each junior employee should do when troubleshooting
- B. Physical and logical network diagrams of the entire networking infrastructure
- C. A mentor program for guiding each junior employee until they are familiar with the networking infrastructure
- D. Clearly documented runbooks for networking issues and knowledge base articles
Answer: D
Explanation:
Runbooks provide step-by-step troubleshooting procedures, and a solid knowledge base captures known issues and resolutions. Together they let new team members ramp up quickly and resolve common network problems with minimal hand-holding.
NEW QUESTION # 66
A cloud network engineer needs to enable network flow analysis in the VPC so headers and payload of captured data can be inspected. Which of the following should the engineer use for this task?
- A. Syslog service
- B. Network flows
- C. Traffic mirroring
- D. Application monitoring
Answer: C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Traffic mirroring allows a copy of network traffic - including headers and payloads - to be sent to an analysis tool or appliance for deep packet inspection. This is essential for security analysis, network troubleshooting, and performance diagnostics in cloud environments.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Packet Capture and Network Flow Monitoring":
"Traffic mirroring enables the capture of full packet data, including payloads, for forensic or performance analysis within cloud networks." Other options:
* A. Application monitoring focuses on app-level metrics, not packet inspection.
* B. Syslog is log-based, not for inspecting packets.
* D. Network flows (e.g., NetFlow, VPC flow logs) provide metadata (source, destination, size) but not full packet content.
NEW QUESTION # 67
......
Valid CNX-001 Test Answers & CompTIA CNX-001 Exam PDF: https://examsboost.actual4dumps.com/CNX-001-study-material.html