CompTIA A+ (220-1002) Cert Prep 6: Networking, Security, and More

What is AES?

Advanced Encryption Protocol is the wireless encryption protocol that is still widely used today.

What is NetBios or NetBt?

A very old, but still used naming convention for Windows computers.

What are the 3 indications that you can get from looking at Link lights?

1. When the computer is connected to a switch the link light will be steady. 2. The speed of the connection will be shown by the link light blinking. 3. The activity light will always be flickering.

What is the difference between a stateless firewall and a stateful firewall?

A Stateless firewall does not care about what is happening at any given time - it just follows its configuration no matter what the circumstances are. A Stateful firewall will allow or deny activities based on the circumstances. For example, if a certain website has access, it can get through, but if it tries to access too frequently, it will be denied.

What is Samba?

A Windows printer and folder sharing emulation tool that is built into Linux or MAC OS so machines using those operating systems can still share resources with Windows machines.

What is a blacklist on a firewall?

A list of websites or IP addresses that are restricted from access by the firewall.

What is a Homegroup?

A more secure and automated networking group that is better than a Workgroup for sharing files and folders, but not as powerful as an Active Directory domain. In today's Windows 10 computers, Homegroups aren't even an option anymore.

What is a RADIUS server?

A separate physical server on a network that users have to log into with their username and password.

What is a Wireless LAN Switch?

A switch that makes getting configuration and authentication information out to all of the WAP's in a network easier. Instead of having to manually configure every single WAP, the Wireless LAN Switch automatically configures all of them.

What is a whitelist on a firewall?

A very specific list of websites or IP addresses that network computers can access, but they can't access anything that is not on that whitelist.

What is the difference between an Access Control List and an Access Policy?

And Access Control List is very specific and defines access or denial one line at a time. An Access Policy can put together multiple variables to determine access or denial, such as IP address, time of day, port number, etc.

How should you set up the IP addresses on wireless access points?

Assign them static IP addresses so as the administrator you always know how to contact them, verify connectivity, etc. In addition, by assigning the IP addresses and keeping them in a local spreadsheet, it will be very easy to remember or find out the IP addresses for all of the WAPs in your network.

What are 2 locations in your network where you can set up a firewall?

At the edge or border of your network, your router usually doubles as a firewall filtering out certain ports, IP addresses, MAC addresses, etc. In addition, individual hosts in the network can have firewalls set up as well.

What does AAA stand for in the enterprise wireless world?

Authorization, Authentication, and Accounting. Enterprise environments won't used the pre-shared keys common in public environments, but will instead authenticate users via either RADIUS or TACACS+ servers.

What is a security problem with using Port Forwarding with a standard port, such as Port 80?

Anyone scanning for open ports into private networks could accidentally come across the open port that let's them into your network. The way to mitigate it is to set up a random non-frequently used port number, such as 11461, when you put the port forwarding rule into your router.

What is important to remember about where to put wireless access points?

Based on the type of antenna that the WAPs have, they will put out different propagation fields. Research the WAPs in advance and buy the versions that will give the most effective coverage for the areas that will need the wireless signal.

What does the -a switch for netstat do?

Displays all active connections, but also shows any connections that are open that the computer is listening for. For example, if a computer is connected to a local area network, there will be listening connections on port 445 waiting for other people on the LAN to connect to.

In order to use Server Message Block, or SMB, to share files between different operating systems, what must each computer have?

Each computer must have a unique computer name that Windows can understand.

What are ESSIDS?

Extended SSIDs are when 2 or more wireless access points use the same SSID. This should always be done in an enterprise environment so employees can move around without losing their network connectivity.

In addition to looking for link lights on the computer you are working on, what is the other half of that connection that has to be checked?

Go to the switch that the computer is connected to and ensure the link lights for the port that computer is plugged into are also on.

Why would you set up a host-based firewall?

Host-based firewalls have very granular controls that can filter traffic based on Process IDs, Application names, filenames, etc.

Do you need to set up a DMZ outside of your network?

If you have services that you need the outside world to access, such a file server, web server, printer server, etc., then a DMZ is a good idea to have between the outside world and your internal network. Otherwise, just having one router set up with NAT will protect your internal network.

What are the 2 options for setting up a DMZ between your network and the outside world?

If you want to set up your own DMZ, you'll need a 2nd router - one to the outside world, and one between your network and the DMZ. You can also buy a router or some other security device, and pay a monthly fee for a 3rd party to keep it up to date.

Why would you ever take a computer's NIC out of full-duplex?

If you were using a crossover cable to connect 2 computers to each other, both of their NICs would need to be set to half-duplex.

How do you enable Wake on LAN on computers?

In the power management section of the NIC Properties, check the "Allow this device to wake the computer" box and also check the "Only allow a magic packet to wake the computer" box.

What are Organizational Units?

Individual groups that exist in an Active Directory environment that individual user accounts and also user groups are added to in order to either get access to certain resources, or be restricted from certain resources.

What does the isolation setting do on a Wireless Access Point?

It allows all of the devices in that area to stay connected to the network and all of the network resources, but they won't be able to communicate with each other - not even via ping. This would be useful in a public area where you don't want people using large amounts of bandwidth passing files back and forth.

When setting up port forwarding on the router that protects your network, you have to set up an incoming IP address that the port request will be coming from. How do you determine that IP address?

It depends on where from the outside world you are going to be trying to connect to it. In the case of a home surveillance camera, you could set up one rule that allows incoming connections from your office IP address, and another that allows incoming connections from the IP address of your smart phone.

What is TCPView?

It is a utility from www.sysinternals.com that works similar to netstat, but with a GUI. In addition to viewing what is happening with various color codes, it will also allow you to close connections by right-clicking on them.

What does the net command do on the command line?

It is a way to perform very detailed network management, depending on the switches that are used. By itself, the net command will give you a list of the areas you can affect, such as accounts, computers, configurations, groups, etc.

What is a preshared key?

It is the logon protocol used frequently in coffee shops and other public areas. The "key" is set on the wireless access point, and then given to the customers when they need to access the wi-fi. It is called a preshared key because you have to be given the key before you can access the WAP.

What is often happening when you run netstat and see opening listening ports that you can't identify?

Many hardware manufacturers set up their devices to always be listening for a call from the manufacturer to get on-going updates. It is also possible that there is malware on the computer, but that is easy to check for.

Where would you find the settings to change the speed that a computer's network card works at?

Right-click on the network card in device manager, go to Properties, Advanced tab, and then click on Speed & Duplex.

Is the Properties area of the NIC the only place that Wake on LAN can be configured?

No, it can also sometimes be enabled or disabled in the System Setup, depending on the type of motherboard that is being used, so always check both areas.

Is Samba automatically installed on all Linux systems?

No, it depends on the distribution.

Are all Active Directory networks external to the local LAN?

No, you can set up a local Active Directory network, complete with local naming conventions, to just manage your local LAN.

Is sharing automatically enabled on Linux and MAC OS systems?

No, you often have to enable it, and it will create a new area in file browsers called "Other Locations" or something similar. Those other locations are other computers that any given computer has access to.

Are shares that are accessed using SAMBA automatically available when you try to access them?

No, you still have to put in your username, password, and name of the domain that the shares are accessed over.

Do all routers support Dynamic DNS?

Not all routers can configure Dynamic DNS. Sometimes you have to pay a 3rd party service for your Dynamic DNS name.

Is file sharing automatically turned on in Linux or on the MAC OS?

Not necessarily, and even if it is, you want to go into system settings to ensure the specific resources that you want to share are set up with the people or groups that you want to share them with.

Do dedicated wireless access points have A/C power?

Not normally. Most of them are Power over Ethernet, or PoE.

When setting up a host-based firewall, what are the 3 firewall options depending on the type of network you are connecting to?

One firewall for logging into an Active Directory domain, one for logging into a Workgroup, and one for logging into a public or guest network, such as when at a coffee shop, or using the free wi-fi at an airport.

What does the principal of least privilege mean?

Only give people enough resources or options to do whatever it is that they need to do.

What is Port Forwarding?

Ordinarily, routers will block all incoming connection requests that weren't initiated from inside a private network, such as for Port 80 for web pages. However, if you want to allow a certain port to go through, say to access the web-based GUI of a home security camera, you can forward incoming port requests to specific devices or computers inside your network.

What is the difference between 1st generation PoE and PoE+?

PoE+ provides more electricity than 1st generation PoE. Both the device getting the power and the switch that it is plugged into have to support PoE+ for it to work, but it the most common standard used today.

In addition to IP address information, what other critical piece of information does netstat return?

The Port numbers that are being used for each connection, which can give you clues as to which connections are doing what.

What does the -n switch for the netstat command do?

Removes a lot of the excessive text that is returned from the command and gives a more succint, numerical display.

What does the net view command do?

Shows all of the computers that are on the network of the computer that ran the net view command.

What does the netstat command do?

Shows the present status of all TCP and UDP connections running on a computer. This includes all connections to all devices, web pages, etc., - not just the one connection that the computer is using to access the Internet.

What is a file sharing benefit of using Active Directory domain accounts on individual computers?

Since all computers will have a domain login in addition to logging into their same local workstation with that domain account, each local computer can share files and folders with every other computer in that domain.

What is Dynamic DNS, or DDNS?

Since the WAN IP address of your router might change from time to time because it is probably set up with DHCP by your ISP, some routers have a DDNS feature that "names" whatever WAN IP address you have. The DNS name that your router has will not change, so you can set up port forwarding to that name, rather than to a specific IP address.

What are 4 big benefits to using Active Directory domains?

Single Sign On, or SSO, Enforcement of domain policies, Roaming profiles, and user logon scripts.

Do wireless access points only broadcast on one radio?

Some will broadcast 2.4 Ghz on one radio, and 5 Ghz on a second radio. Be sure to configure both radios when setting up the WAPs.

On Linux or MAC OS, are there user accounts that are automatically configured to communicate with Windows machines on those same domains?

Sometimes, but not always. In both Linux and MAC OS, you can go to the local user account area, and if the user accounts are not already there, you can create them.

What command is used if you want to map a drive to a shared folder over the local network?

Type the "net use" command followed by the drive letter and the UNC of specific folder, such as "net use c: \\foldername".

What is TKIP?

Temporal Key Integrity Protocol is a wireless encryption protocol that was not as predictable as RC-4, but still not very secure.

What is the command to see the network users that have accounts on the computer you are on at the time?

The "net users" command.

What is a Captive Portal?

The customizable page that you can create for people to put in their usernames and passwords to access the wi-fi network.

What are the 2 steps to adding a new computer to an A/D domain?

The domain administrator must add that computer to the domain, and then the actual computer needs to be added to the domain in System settings.

When sharing local files or folders from a local machine that is part of an Active Directory domain, does everyone in the domain automatically get access to those resources?

The individual computer sharing those resources can choose to share them with everyone, with only certain groups, or even with specific users who are part of that domain.

What is WPA2?

The industry standard wireless version that uses AES encryption. *

Where does an Active Directory user's "home" folder always live?

The physical location for the data is ultimately up to the domain administrator, but the important thing is that no matter which computer they log into, they will have access to that same home folder.

What if you have a device that supports PoE, but the switch that it is plugged into doesn't?

There are PoE adapters that can be plugged into a switch via an RJ-45 connection, and then a separate RJ-45 cable comes out the other side and gets plugged into the device that supports PoE. That is a good method to keep the clutter inside the server room instead of out in public where the WAP or other device is located.

What does Wake on LAN do?

There is a "magic packet" that an administrator can send out over the network that will wake up any sleeping computers in order to perform maintenance on them, install system updates, etc.

What are the individual account benefits of having users log into an Active Directory environment?

There is significantly more detail about each user that can be added as well as controlled, and other users in that domain can then use that information to find people, such as their physical location, telephone number, email address, etc.

What type of computer is required to run an Active Directory domain?

There must be a dedicated system running Windows Server software which acts as the domain controller.

What color are link lights?

They are different on every system and switch, so you have to look up the system documentation to find out.

Do domain controllers only control one domain?

They control at least one domain, but administrators can set up as many domains as they want to. For example, if the local domain is called .domain1, there can be users@domain1, administrators@domain1, managers@domain1, etc. Each domain is it's own network inside the larger domain1 network.

How do you configure dedicated wireless access points?

They will normally come with software or a web-based GUI. You can configure things such as the IP address, usernames and passwords, descriptions, wi-fi channels, wi-fi versions, max clients, vlans, etc.

What does Windows use port 445 for?

To talk to other computers on the local area network.

How can you use the net command to share files on the local computer?

Type "net share shareit=c:\\foldername"

How do you delete a user using the net command?

Type "net user aaron delete".

How do you create a network user using the net command?

Type "net user aaron password /add".

How can you see what is available to be shared on the computer you are on at the time?

Type the "net share" command without any other information.

What is Network Discovery?

When logging into a network, you can decide whether or not you want to broadcast your presence in order to share files and resources with other computers. Windows can automatically search for such computers using Network Discovery. It should always be turned off when using a public network.

What is a Rogue Access Point?

When someone brings their own WAP and tries to plug it into a network. The settings on wireless access points can be customized to keep that from happening.

What is WPA?

Wi-fi Protected Access is the combination of the TKIP wireless encryption protocol plus a preshared key. The combination is more secure than WEP, but still not entirely secure. *

What is WPS?

Wi-fi Protected Setup is an automated way to connect wireless hosts and wireless access points. For devices like wireless printers, it is a great way to connect them without having access to a GUI. It is very easily hacked, however, so shouldn't be used.

What is WEP?

Wired Equivalency Protocol is an old wireless security protocol that required both the client and the wireless access point to type in a hexidecimal or ASCII character in order to authenticate to each other. It used the easily crackable RC-4 mechanical encryption protocol and is no longer widely used, but most routers still support it.

What is the difference between a dedicated wireless access point, and a router that generates a wireless signal?

Wireless access points are just that - they don't do anything else but generate wireless signals. They are normally the type of WAPs used in enterprise environments.

Can you use one wireless access point to set up different SSIDs?

Yes, and it is a good idea because you can customize the settings in order to maximize the use of the available bandwidth.

What is a network maintenance task that Active Directory networks can employ?

You can set up logon scripts that run everytime someone logs into their local machine. Those scripts can either take actual actions on individual computers, or even just pop up a message that every user sees when they login.

After running the new view command, what can you do to get more information about the computers on the local network?

You can type the name of any of the local computers following the net view command, such as "net view win10px" to see all of the shares that are available from any given computer in that network.