CNX-001 Free Sample Questions

A financial services company is migrating its on-premises data center to a hybrid cloud model, leveraging a 10 Gbps dedicated connection to a public cloud provider. During performance testing of a latency-sensitive trading application, network architects observe intermittent packet loss and degraded performance, specifically with large data transfers. Initial analysis with `ping` shows no packet loss for standard-sized packets, but issues arise with larger payloads. Which of the following is the MOST likely cause of this issue?

An enterprise is designing a new data center network fabric to support high-performance computing (HPC) and east-west traffic patterns from containerized microservices. The primary requirements are low latency, predictable performance, and non-blocking throughput. Which network topology should the architect select to BEST meet these requirements?

A global retailer is implementing a Secure Access Service Edge (SASE) architecture to provide unified security and networking for its remote workforce and branch offices. A network security architect needs to ensure that security policies are enforced consistently, regardless of user location or the application being accessed. Which TWO of the following are core functional components of a SASE solution that achieve this? (Select TWO).

A DevOps team is using Terraform to manage a multi-cloud network infrastructure. They have defined resources for both AWS and Azure in their configuration files. A junior engineer on the team runs `terraform apply` and receives an error related to provider authentication for Azure, even though the AWS resources were provisioned successfully. What is the MOST likely reason for this failure?

True or False: In a Zero Trust architecture, once a user has successfully authenticated with multi-factor authentication (MFA) and their device posture has been verified, they are granted implicit trust and broad access to all network resources within their assigned security zone for the duration of their session.

A healthcare organization is deploying a new critical patient records application in a public cloud VPC. To comply with HIPAA, all traffic between the application servers and the database servers must be isolated from other workloads and inspected for threats. The application tier consists of an auto-scaling group of virtual machines. What is the MOST effective way to enforce this security requirement?

A network architect is designing a global load balancing solution for a web application hosted in three different cloud regions: US-East, EU-West, and AP-Southeast. The goal is to provide the lowest latency for users worldwide and ensure automatic failover if an entire region becomes unavailable. Which DNS-based load balancing policy should be implemented to achieve these goals?

A company has established a hybrid cloud connection using AWS Direct Connect. They are using BGP to advertise routes between their on-premises network and their AWS VPC. An administrator notices that traffic from the on-premises network to a specific subnet in the VPC is taking a suboptimal path through a backup VPN connection instead of the Direct Connect link. Which BGP attribute should be modified on the on-premises router to make the Direct Connect path more preferable?

A systems administrator is tasked with writing a Python script to automate the process of checking the status of hundreds of network devices. The script needs to run concurrently to be efficient. The primary task is to send an ICMP echo request to each device and wait for a reply. Which Python library would be the MOST suitable for handling these concurrent, I/O-bound operations?

A network engineer is configuring a new site-to-site IPsec VPN tunnel between a corporate headquarters and a new branch office. After configuring both endpoints, the engineer observes that the tunnel fails to establish. Log analysis on the headquarters' firewall shows the following message: `Phase 1 IKE proposal mismatch`. What is the MOST likely cause of this error?