Networks - D325

¡Supera tus tareas y exámenes ahora con Quizwiz!

In IPv6, how is the loopback address best expressed?

::1

A server has a four-port gigabit Ethernet card. If a switch supports port aggregation, what bandwidth link can be achieved?

4 x 1 gigabit or 4 gigabit.

Hub

A multiport repeater, deployed as the central point of connection for nodes.

Enhanced IGRP (EIGRP)

Advanced distance vector dynamic routing protocol using bandwidth and delay metrics to establish optimum forwarding paths.

Typical SOHO router layout - Layer 2 (Communications).

At this layer, each host interface is identified by a media access control (MAC) address.

Spectral attenuation

At very long distances, the attenuation of different wavelengths can vary.

Point-to-Point Protocol (PPP)

Dial-up protocol working at layer 2 (Data Link) used to connect devices remotely to networks.

Internet Protocol (IP) header

Fields in a datagram used to identify source and destination IP addresses, protocol type, and other layer 3 properties.

100BASE-T transmit pins are 1 and 2. What color code are the wires terminated to these pins under T568A and T568B?

Green/White (pin 1) and Green (pin 2) for T568A or Orange/White (pin 1) and Orange (pin 2) for T568B.

Which of the following protocols reside at the application layer of the Open Systems Interconnection (OSI) model?

HTTP SMTP Layer 7 (Application layer) works at the user end to interact with user applications. QoS (Quality of Service), file transfer, and email are the major popular services of the Application layer. This layer uses the following protocols: HTTP, SMTP, and FTP.

Differentiated Services (DiffServ)

Header field used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling. Works at Layer 3

The major infrastructure of the Internet consists of:

High bandwidth trunks connecting Internet eXchange Points (IXPs). Within an IXP datacenter, ISPs establish links between their networks, using transit and peering arrangements to carry traffic to and from parts of the internet they do not physically own.

THREE-TIERED NETWORK HIERARCHY: Core Layer

Highest tier in a hierarchical network topology providing interconnections between blocks. Backbone of the network.

What parameters in packet headers can a Layer 3 firewall ruleset use?

IP source and destination address, protocol type, and port number.

Internet Control Message Protocol (ICMP)

IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping.

Ring Topology

In a ring topology, all of the computers are connected in a circle. The ring comprises a series of point-to-point links between each device. Signals pass from device to device in a single direction with the signal regenerated at each device.

Straight Tip Connector (ST) - Fiber

Multi Mode Bayonet style connector Not widely used anymore

local authentication provider

OS subsystem that authenticates users when they attempt to start a shell on the host.

Simultaneous Authentication of Equals (SAE)

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

CompTIA® Network+® troubleshooting methodology: Step: 2. Establish a theory of probable cause:

Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model. Divide and conquer.

Coax cables are categorized using the:

Radio Grade (RG) standard, which represents the thickness of the core conductor and the cable's characteristic impedance.

Media access control (MAC)

Refers to the methods a network technology uses to determine when nodes can communicate on shared media and to deal with possible problems, such as two devices attempting to communicate simultaneously.

Intrusion Detection System (IDS)

Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network.

Two main formats for patch cables:

Straight through-the cable is terminated with either T568A at both ends or T568B at both ends. This type of cable is used for an uplink (MDI port to MDIX port). Crossover-the cable is terminated with T568A at one end and T568B at the other. This type of cable is used to connect an end system (host) to another host or a hub to a hub.

A network administrator is setting up an Exterior Gateway Protocol (EGP). Which of the following protocols is part of the EGP class? RIP BGP EIGRP OSPF

The Border Gateway Protocol (BGP) is a path vector type that is part of the Exterior Gateway Protocol (EGP) class and runs over Transmission Control Protocol (TCP) port 179.

True or False? A router will not forward a packet when the TTL field is 0.

TRUE

IP

Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter.

Clustering

Load balancing technique where a group of servers are configured as a unit and work together to provide network services.

radio frequency (RF) attenuation

Loss of signal strength due to distance and environmental factors.

THREE-TIERED NETWORK HIERARCHY: Access/Edge Layer

Lowest tier that allows end-user devices, such as computers, printers, and smartphones to connect to the network.

You suspect that a network application is generating faulty packets. What interface metric(s) might help you to diagnose the problem?

Monitoring errors and discards/drops would help to prove the cause of the problem.

Fiber Finishing Types - Angled Physical Contact (APC)

The faces are angled for an even tighter connection and better return loss performance. APC cannot be mixed with PC or UPC. These connectors are usually deployed when the fiber is being used to carry analog signaling, as in Cable Access TV (CATV) networks. They are also increasingly used for long distance transmissions and for Passive Optical Networks (PON), such as those used to implement Fiber to the x (FTTx) multiple subscriber networks.

Fiber Finishing Types - Physical Contact (PC)

The faces of the connector and fiber tip are polished so that they curve slightly and fit together better, reducing return loss (interference caused by light reflecting back down the fiber).

What function or service handles traffic according to rules; traffic that does not conform to a rule that allows access is blocked?

The firewall

A help desk operator is trying to identify the vendor for a piece of equipment. What could the help desk operator check to determine the vendor?

The first six hex digits of a MAC address (3 bytes or octets), also known as the Organizationally Unique Identifier (OUI), identifies the manufacturer of the adapter.

What is the dotted decimal representation of an 18-bit netmask?

The first two octets take up 16 bits. In the third octet, the first two bits are set to one. In decimal, this is 192 (128+64). Therefore, the full mask is 255.255.192.0.

How are port numbers handled at the Network and Data Link layers?

The port number is ignored-it becomes part of the data payload and is invisible to the routers and switches that implement the addressing and forwarding functions of these layers.

Signaling

The process of transmitting and receiving encoded data over the network medium, including modulation schemes and timing/synchronization.

Which three means of establishing a theory of probable cause refer to the OSI model?

Top-to-bottom, bottom-to-top, and divide and conquer.

broadcast storm

Traffic that is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches.

What IPSec mode would you use for data confidentiality on a private network?

Transport mode with Encapsulating Security Payload (ESP). Tunnel mode encrypts the IP header information, but this is unnecessary on a private network. Authentication Header only provides authentication and integrity validation, not confidentiality.

Cat 3

UTP 10BASE-T (10 Mbps) 100 m (328 ft) 16 MHz RJ-45

Cat 6 1000Base-T (Class E)

UTP, F/UTP, or U/FTP 1000BASE-T 100 m (328 ft) 250 MHz RJ-45

Cat 6 10GBase-T (Class E)

UTP, F/UTP, or U/FTP 10GBASE-T 55 m (180 ft) 250 MHz RJ-45

Media Dependent Interface (MDI) & MDI-X

Under 100BASE-T, an end system uses media dependent interface (MDI) to transmit on pins 1 and 2 and receive on pins 3 and 6. This is also referred to as an uplink port. As an intermediate system, a switch port uses MDI-X and receives on pins 1 and 2 and transmits on pins 3 and 6.

Ethernet switches can be distinguished using the following general categories:

Unmanaged versus managed Stackable Modular versus fixed Desktop versus rack-mounted

A network operator is troubleshooting connectivity issues and suspects the transceiver. What should the network operator perform?

Use a loopback tool

You need to provision modular SFP+ transceivers to support a 10 gigabit link between two switches using an existing fiber cable. What two characteristics must you check when ordering the transceivers?

Use an appropriate Ethernet standard and wavelength for the type and grade of fiber and link distance (10GBASE-SR versus 10GBASE-LR, for instance) and match the connector type of the existing cable (LC or SC, for instance).

Broadcast Address

Used to communicate with all hosts on the network.

Cisco IOS has three principal modes:

User EXEC mode-This is a read-only mode where commands can be used to report the configuration, show system status, or run basic troubleshooting tools. Privileged EXEC mode/enable mode-This allows the user to reboot or shut down the appliance and to backup and restore the system configuration. Global configuration mode-This allows the user to write configuration updates.

Fiber optic cable carries:

Very high frequency radiation in the infrared light part of the electromagnetic spectrum. The light signals are also not susceptible to interference or noise from other sources and less affected by attenuation.

How does an SNMP agent report an event to the management system?

Via a trap.

Plenum-rated cable uses

reated PVC or Fluorinated Ethylene Polymer (FEP

A network Protocol has two principle functions

1. Addressing 2. Encapsulation

Fiber is often used for backbone cabling in office networks and for workstations with high bandwidth requirements, such as video editing. The principal applications of 10 GbE (and better) are:

1. Increasing bandwidth for server interconnections and network backbones, especially in datacenters and for storage area networks (SAN). 2. Replacing existing switched public data networks based on proprietary technologies with simpler Ethernet switches (Metro Ethernet).

3 main options for connecting a sniffer to the appropriate point in the network:

1. SPAN (switched port analyzer)/mirror port 2. Passive test access point ( TAP ) 3. Active TAP

Maximum length of a standard Ethernet Frame:

1518 bytes, excluding preamble. Each frame has an 18-byte header.

Hex is base?

16

At the 515support branch office, you have been asked to implement an IP network. Your network ID is currently 198.51.100.0/24. You need to divide this in half (two subnets) to accommodate hosts on two separate floors of the building, each of which is served by managed switches. The whole network is served by a single router. Using the above scenario, answer the following question: What are the subnet IDs for each network?

198.51.100.0 /25 and 198.51.100.128 /25. An easy way to find the first subnet ID is to deduct the least significant octet in the mask (128 in the example) from 256, giving the answer 128.

At the 515support branch office, you have been asked to implement an IP network. Your network ID is currently 198.51.100.0/24. You need to divide this in half (two subnets) to accommodate hosts on two separate floors of the building, each of which is served by managed switches. The whole network is served by a single router. Using the above scenario, answer the following question: What is the range of assignable IP addresses for each subnet?

198.51.100.1 to 126 and 198.51.100.129 to 254. If you have each subnet ID and the broadcast ID, the host ranges are simply the values in between.

How many binary digits does it take to represent a decimal value up to 255?

8

Modem

A device that performs some type of signal modulation and demodulation, such as sending digital data over an analog line.

Multimode fiber to twisted pair

A different media converter model is required to convert the light signals carried over MMF media.

What must be installed on a server to use secure (HTTPS) connections?

A digital certificate and the corresponding private key.

Modular versus fixed

A fixed switch comes with a set number of ports that cannot be changed or upgraded. A modular switch has slots for plug-in cards, meaning they can be configured with different numbers and types of ports.

What is an Network Access control list (ACL)?

A network ACL is a list of the addresses and types of traffic that are permitted or blocked.

Unicast addressing

A packet addressed to a single host. If the host is not on the local subnet, the packet must be sent via one or more routers.

Crosstalk usually indicates:

A problem with bad wiring (poor quality or damaged or the improper type for the application), a bad connector, or improper termination.

Bus Topology

A shared access media where all nodes attach directly to a single cable segment

Content Addressable Memory (CAM)

A table of MAC addresses and port mapping used by the switch to identify connected networking devices

Star Topology

A topology with one central node that has each computer or network device attached to the central node. All data first goes into the central node and then is sent out to its destination. (Think of it like a bicycle wheel with spokes.)

A project manager is putting together supplies for a project using fiber optic cabling. The manager is looking at the cabling core ferrule, which has the tightest connection and best return loss performance. Which of the following should the project manager use? A. APC B. UPC C. PC D. LC

A. APC The angled faces of Angled Physical Contacts (APCs) make for an even tighter connection and better return loss performance. APCs cannot mix with PC faces or UPCs.

Remote Authentication Dial-in User Service (RADIUS)

AAA protocol used to manage remote and wireless authentication infrastructures. RADIUS typically uses UDP ports 1812 and 1813.

A mail administrator configured the DNS server to allow connections on TCP port 53. Why would the administrator make this kind of configuration? The network is using IPv6 The network is using IPv4 The network is using Windows The network is using Linux

Administrators may configure some DNS servers to allow connections over TCP port 53, as this allows larger record transfers (over 512 bytes) which may be necessary if the network is using IPv6.

At what layer of the OSI model does a fiber distribution panel work?

All types of distribution frames work at the physical layer (layer 1).

traceroute tool

Allows you to test the whole path between two nodes with a view to isolating the node or link that is causing the problem. Is Supported on Linux

tracert

Allows you to test the whole path between two nodes with a view to isolating the node or link that is causing the problem. Is Supported on Windows

Layer 4 - Transport - OSI

Also known as the end-to-end or host-to-host layer-the content of the packets becomes significant.

Layer 7 - Application - OSI

An application-layer protocol doesn't encapsulate any other protocols or provide services to any protocol. Application-layer protocols provide an interface for software programs on network hosts that have established a communications channel through the lower-level protocols to exchange data.

Twisted pair cable is rated to

CAT Standards

A technician is cabling a top-of-rack switch in a spine and leaf architecture. Each server has been cabled to the switch. What cabling must the technician add to complete the design?

Cable the top-of-rack (leaf) switch to each spine (distribution) switch. The two tiers are cabled in a full mesh topology.

Channel Bonding

Capability to aggregate one or more adjacent channels to increase bandwidth.

Service Set Identifier (SSID)

Character string that identifies a particular wireless LAN (WLAN). An SSID can be up to 32 bytes in length and for maximum compatibility should only use ASCII letters and digits plus the hyphen and underscore characters.

transceivers/media converters

Component in a network interface that converts data to and from the media signalling type. Modular transceivers are designed to plug into switches and routers.

DHCP Relay

Configuration of a router to forward DHCP traffic where the client and server are in different subnets

You are troubleshooting a connectivity problem with a network application server. Certain clients cannot connect to the service port. How could you rule out a network or remote client host firewall as the cause of the problem?

Connect to or scan the service port from the same segment with no host firewall running.

In terms of QoS, network functions are commonly divided into three planes:

Control plane-makes decisions about how traffic should be prioritized and where it should be switched. Data plane-handles the actual switching of traffic. Management plane-monitors traffic conditions.

PORT MIRRORING

Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch. On a Cisco switch, this is referred to as a switched port analyzer (SPAN).

resource records

Data file storing information about a DNS zone. The main records are as follows: A (maps a host name to an IPv4 address), AAAA (maps to an IPv6 address), CNAME (an alias for a host name), MX (the IP address of a mail server), and PTR (allows a host name to be identified from an IP address).

A systems administrator is looking into communications issues on a server. If the destination IPv4 address is on a different IP network or subnet, where will the host send the traffic?

Default gateway When the destination IPv4 address is on a different IP subnet, the host forwards the packet to its default gateway rather than trying to deliver it locally. The default gateway is a router configured with a path to remote networks.

What is an I/G bit?

Determines whether a frame is addressed to an individual node (0) or group (1). The latter is used for multicast and broadcast.

Algorithms used for path selection are classed by:

Distance vector - Selects a forwarding path based on the next hop router with the lowest hop count to the destination network. Link State - builds a complete network topology to use to select optimum forwarding paths.

Snips

Electrician's scissors that are sturdy enough to cut wire and notched to assist with stripping insulation from wire.

Jumbo Frames

Ethernet frame with a payload larger than 1500 bytes (up to about 9000 bytes). Usually found on 10 GBPS systems.

True or False? Cat standards apply only to wiring.

False-Connectors and interconnects are also rated to cat standards.

Ethernet headers

Fields in a frame used to identify source and destination MAC addresses, protocol type, and error detection.

Port aggregation is often implemented by the Link Aggregation Control Protocol (LACP

IEEE protocol governing the use of bonded Ethernet ports (NIC teaming).

802.1p

IEEE standard defining a 3-bit (0 to 7) class of service priority field within the 802.1Q format. Works at layer 2.

IP protocol type

Identifier for a protocol working over the Internet Protocol, such as TCP, UDP, ICMP, GRE, EIGRP, or OSPF.

Ethernet layer 2 switch

Intermediate system used to establish contention-free network segments at layer 2 (Data Link).

The IP version 6 (IPv6)

Its 128-bit addressing scheme has space for 340 undecillion unique addresses. Even though only a small part of the scheme can currently be allocated to hosts, there is still enough address space within that allocation for every person on the planet to own approximately 4,000 addresses.

Authentication factors fall into the following categories:

Knowledge factor-something you know (such as a password). Ownership factor-something you have (such as a smart card). Human or biometric factor-something you are (such as a fingerprint). Behavioral factor-something you do (such as making a signature). Location factor-somewhere you are (such as using a mobile device with location services).

YAML Ain't Markup Language (YAML)

Language for configuration files and applications such as Netplan and Ansible.

Internet Group Management Protocol (IGMP)

Layer 3 protocol that allows hosts to join and leave groups configured to receive multicast communications.

Apart from breaking up broadcast domains, subnets can be used to achieve other network design goals:

Many organizations have more than one site with WAN links between them. The WAN link normally forms a separate subnet. It is useful to divide a network into logically distinct zones for security and administrative control. Networks that use different physical and data link technologies, such as Token Ring and Ethernet, should be logically separated as different subnets.

A network technician is looking at prevention mechanisms for routing loops. What are the 3 mechanisms for distance vector protocals.

Maximum hop count Holddown timer Split horizon

What network infrastructure implementation links multiple buildings within the same city?

Metropolitan area network (MAN).

Subnet addressing has how many hierarchical levels? What are the names of these levels?

Network ID Subnet ID Host ID

6to4 automatic tunneling

No host configuration is necessary to enable the tunnel. 6to4 addresses use the prefix 2002::/16. 6to4 has been widely replaced by an enhanced protocol called IPv6 Rapid Deployment (6RD). With 6RD, the 2002::/16 prefix is replaced by an ISP-managed prefix and there are various other performance improvements.

Collision Domain

Nodes attached to the same shared access media, such as a bus network or Ethernet hub.

How can you check the IP configuration of an interface on an end system host at the command line?

On Windows, run ipconfig (or netsh interface ip show config or Get-NetIPAddress). On Linux, run ifconfig or ip a.

Unmanaged versus managed

On a SOHO network, switches are more likely to be unmanaged, standalone units that can be added to the network and run without any configuration. The switch functionality might also be built into an Internet router/modem. On a corporate network, switches are most likely to be managed. This means the switch settings can be configured. If a managed switch is left unconfigured, it functions the same as an unmanaged switch does.

CompTIA® Network+® troubleshooting methodology: Step: 3. Test the theory to determine cause:

Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, reestablish new theory or escalate.

The Confidentiality, Integrity, and Availability (CIA) Triad

One of the foundational principles of computer security is that the systems used to store, transmit, and process data must demonstrate three properties, often referred to as the CIA Triad: Confidentiality means that certain information should only be known to certain people. Integrity means that the data is stored and transferred as intended and that any modification is authorized. Availability means that information is accessible to those authorized to view or modify it.

Single mode to multimode fiber

Passive (unpowered) device that converts between the two fiber cabling types.

Decapsulation

Performing Encapsulation in reverse order. It receives the stream of bits arriving at the physical layer and decodes an Ethernet frame. It extracts the IP packet from this frame and resolves the information in the IP header, then does the same for the TCP and application headers, eventually extracting the HTTP application data for processing by a software program, such as a web browser or web server.

Crosstalk

Phenomenon whereby one wire causes interference in another as a result of their close proximity.

Port security

Preventing a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile.

Transmission Control Protocol (TCP)

Protocol in the TCP/IP suite operating at the transport layer to provide connection-oriented, guaranteed delivery of packets.

Spanning Tree Protocol (STP)

Protocol that prevents layer 2 network loops by dynamically blocking switch ports as needed.

packet sniffer

Recording data from frames as they pass over network media, using methods such as a mirror port or tap device.

Using screened or shielded cable means that you must also use:

Screened/shielded connectors Screened/shielded cable elements should not be mixed with unscreened/unshielded elements.

Intrusion Prevention System (IPS)

Security appliance or software that combines detection capabilities with functions that can actively block attacks.

Transport Layer Security (TLS)

Security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols.

STP

Shielded Twisted

A network administrator is setting up cabling between buildings and needs to transmit the maximum distance possible. Which type of cabling would be most suitable?

Single Mode (SMF) fiber optic cable supports higher bandwidth over longer links than copper cable. Single mode allows for longer distance transmission than MultiMode.

Dynamic Multipoint VPN (DMVPN)

Software-based mechanism that allows VPNs to be built and deleted dynamically.

An engineer begins the installation of a network for a new business. Ethernet cables run from desktop locations to a centralized patch panel in a data closet where a hub is placed until a new switch arrives. Evaluate the engineer's configuration, and conclude which types of physical and logical topologies the engineer implements.

Star & Bus

Business impact analysis (BIA)

Systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

What type of frames are carried over tagged ports?

Tagged ports typically operate as trunks to carry frames between VLANs on different switches. Frames are transported over the trunk link with an 802.1Q header to indicate the VLAN ID.

If a packet is addressed to a remote network, what destination MAC address will the sending node use to encapsulate the IP packet in a frame?

The MAC address of the default gateway.

A technician is configuring a firewall appliance to work with an SDN controller. What functionality on the firewall must be enabled?

The firewall must be able to communicate with the software defined networking (SDN) controller via an application programming interface (API). This API between the control and infrastructure layers is referred to as the southbound API.

A communications engineer notices that every time it rains the signal becomes very degraded. Which layer of the OSI model is the engineer most likely troubleshooting?

The physical layer (PHY) of the OSI model (layer 1) is responsible for the transmission and receipt of the signals that represent bits of data from one node to another node. Wireless is one medium.

A security researcher is looking at traffic directed to 192.0.2.128. What is this used for if used correctly?

The subnets 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 are all set aside for use in documentation and examples. These are other IPv4 address ranges reserved for special use and are not publicly routable.

On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?

The switch must be configured to mirror traffic to the sniffer's port.

What is the significance of the address 127.0.0.1?

This is the default loopback address for most hosts. The loopback address facilitates testing the TCP/IP implementation on a host.

What is the core function of IP:

To facilitate the creation of a group of logically distinct but interconnected networks, referred to as an internetwork. This means that some packets addressed to hosts on remote networks must be forwarded via one or more of the intermediate systems that establish paths between networks.

Wire map tester

Tool to verify termination/pinouts of cable.

At which OSI layer is the concept of a port number introduced?

Transport, Layer 4.

8/8.1 (Class I)

U/FTP or F/UTP 40GBASE-T 30 m (100 ft) 2000 MHz RJ-45"

Captive Portal

Web page or website to which a client is redirected before being granted full network access.

Given an 18-bit netmask, are the IP addresses 172.16.1.10 and 172.16.54.10 on the same network?

Yes. Convert the IP addresses to binary, and you will see that the first 18 binary digits in each address are the same (10101100 00010000 00).

66 block

an older-style distribution frame used to terminate telephone cabling and legacy data applications (pre-Cat 5). A 66 block comprises 50 rows of 4 IDC terminals. The 25-pair cable from the access provider is terminated on one side of the block. On the other side of the block, the terminals terminate the wiring from the PBX. A jumper (bridging clip) is installed over the middle two terminals to complete the connection.

Small Office/Home office (SOHO)

is a category of LAN with a small number of computing hosts that typically rely on a single integrated appliance for local and Internet connectivity.

Noise

is anything that gets transmitted within or close to the channel that isn't the intended signal. This serves to make the signal itself difficult to distinguish, causing errors in data and forcing retransmissions. This is expressed as the signal to noise ratio (SNR).

Data link layer (layer 2):

is responsible for transferring data between nodes on the same logical segment.

IEEE 802.11 Standards

on spread spectrum radio transmission in the 2.4 GHz and 5 GHz bands. The standard, known as Wi-Fi, has six main iterations: a, b, g, Wi-Fi 4 (n), Wi--Fi 5 (ac), and Wi-Fi 6 (ax). These specify different modulation techniques, supported distances, and data rates, plus special features, such as channel bonding, MIMO, and MU-MIMO.

Single Mode Fiber (SMF) has a:

small core (8 to 10 microns) and a long wavelength, near infrared (1310 nm or 1550 nm) light signal, generated by a laser. Single mode cables support data rates up to 100 Gbps and cable runs of many kilometers, depending on the quality of the cable and optics. There are two grades of SMF cable; OS1 is designed for indoor use, while OS2 is for outdoor deployment.

BiDirectional Wavelength Division Multiplexing

support transmit and receive signals over the same strand of fiber. This uses WDM to transmit the Tx and Rx signals over slightly shifted wavelengths, such as 1310 nm for Tx and 1490 nm for Rx. BiDi transceivers must be installed in opposite pairs, so the downstream transceiver would have to use 1490 nm for Tx and 1310 for Rx.

Write the command to use tcpdump to capture traffic from the IP address 172.16.16.254 on the interface eth0 and output the results to the file router.pcap.

tcpdump -i eth0 -w 'router.pcap' src host 172.16.16.254

Networks are often Heterogeneous

that is, they use a variety of physical layer media and data link protocols.

The collision detection mechanism means:

that only half-duplex transmission is possible. This means that a node can transmit or receive, but it cannot do both at the same time.

In Ethernet terms, the speed is:

the expected performance of a link that has been properly installed to operate at 10 Mbps, 100 Mbps, 1 Gbps, or better. The term speed is also used to describe how well or badly a link is performing in terms of throughput but do be aware of the distinction between bandwidth and latency.

Two main types of copper cable:

twisted pair and coaxial (coax)

Coaxial (or coax) cable is made of:

two conductors that share the same axis, hence the name ("co" and "ax"). The core conductor of the cable is made of copper wire (solid or stranded) and is enclosed by plastic insulation (dielectric). A wire mesh (the second conductor), which serves both as shielding from EMI and as a ground, surrounds the insulating material. A tough plastic sheath protects the cable.

SFP

uses LC connectors and is also designed for Gigabit Ethernet.

Ethernet bridge

works at the data link layer (layer 2) to establish separate physical network segments while keeping all nodes in the same logical network. This reduces the number of collisions caused by having too many nodes contending for access.

Ethernet media specifications are named using a three-part convention, which is often referred to as:

xBASE-y

Gigabit Ethernet over copper is specified as

1000Base-T Working over Cat 5e or better

Which Ethernet standard works at 100 Mbps over Cat 5 or better copper cable?

100BASE-TX.

Db reference points to remember:

+3 dB means doubling, while -3 dB means halving. +6 dB means quadrupling, while -6 dB relates to a quarter +10 dB means ten times the ratio, while -10 dB is a tenth.

Which fiber Ethernet standard is best suited to implementing backbone cabling that does not exceed 200 m (656 feet) and can achieve at least 4 Gbps throughput?

10GBASE-SR

Which types of distribution frame are best suited to 100 MHz or better operation?

110, BIX, and Krone blocks.

A technician boots a server from USB media and installs a virtualization product. What type of hypervisor is being used?

A Type I hypervisor. A Type I (or bare metal) hypervisor is installed directly to the server hardware. A Type II hypervisor is installed as a software app on a server that is already running a host operating system.

What operates at layer 3 to enforce an access control list (ACL)?

A basic firewall

A systems engineer configures IP addresses for a SOHO router. In doing so, the engineer uses calculations to determine addresses for two subnets. Which value does the engineer determine the binary value of 1010 relates to in hexadecimal? A 0 FF 10

Answer is A. The character A is the hexadecimal representation of the decimal value of 10 and the binary value of 1010. The value of 0 is a decimal value that corresponds to a hexadecimal value of 0 and also to the binary value of 0000. The character FF is the hexadecimal value of 255 in decimal notation. This would sometimes be written as 0xFF for clarity. The binary representation is 11111111. The hexadecimal value for the decimal value of 10 is not also 10. The binary value for the decimal value of 10 is 1010.

An organization has multiple subnets but is only using one DHCP server. How is this possible?

DHCP relay & UDP forwarding

Which OSI layer packages bits of data from the Physical layer into frames?

Data Link, Layer 2

Types of Web Servers

Dedicated server -The ISP allocates your own private server computer. This type of service is usually unmanaged (or management comes at additional cost). Virtual Private Server (VPS)-The ISP allocates you a virtual machine (VM) on a physical server. This is isolated from other customer instances by the hypervisor. Cloud hosting-Your website is run on a cloud over several hardware computers, allowing more scalability if demand patterns change. Shared hosting-Your website is hosted within a private directory on a shared server. Performance can be severely affected by other sites hosted on the server, because all the sites are competing for the same resources.

PoE switches are also referred to as:

Endspan (or endpoint) power sourcing equipment (PSE).

At layer 2, the SOHO router implements the following functions to make use of its physical layer adapters:

Ethernet switch-the RJ-45 jacks are connected internally by an Ethernet switch. Wireless access point-the radio antennas implement some version of the Wi-Fi standard. The access point functions as a wireless hub, allowing stations (PCs, tablets, smartphones, and printers) to form a wireless network. The access point is also wired to the Ethernet switch via an internal port. This forms a bridge between the cabled and wireless segments, creating a single logical local network.

FTP

Foiled Twisted Pair

F/UTP

Foiled/Unshielded Twisted Pair

Authentication Header (AH)

IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks

Encapsulating Security Payload (ESP)

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

What protocol would enable a client to manage mail subfolders on a remote mail server?

Internet Message Access Protocol (IMAP) or IMAP Secure (IMAPS). Post Office Protocol (POP3) allows download of mail messages but not management of the remote inbox.

Disassociation

Management frame handling process by which a station is disconnected from an access point.

Port Address Translation (PAT)

Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications.

What is an MTU?

Maximum transmission unit-the maximum amount of data that a frame can carry as payload.

IPv6 replaces ARP (IPv4) with:

Neighbor Discovery (ND) protocol.

On a switch interface/port. A switch that supports 802.1X port-based access control can enable a port but allow only the transfer of Extensible Authentication Protocol over LAN (EAPoL) traffic. This allows the client device and/or user to be authenticated before full network access is granted.

On a switch interface/port. A switch that supports 802.1X port-based access control can enable a port but allow only the transfer of Extensible Authentication Protocol over LAN (EAPoL) traffic. This allows the client device and/or user to be authenticated before full network access is granted.

Port Tagging

On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link.

Fiber optic cabling - MultiMode (MMF) type is graded by:

Optical Mode designations (OM1, OM2, OM3, and OM4). OM1/OM2-62.5-micron cable is OM1, while early 50-micron cable is OM2. OM1 and OM2 are mainly rated for applications up to 1 Gbps and use LED transmitters. OM3/OM4-these are also 50-micron cable, but manufactured differently, designed for use with 850 nm Vertical-Cavity Surface-Emitting Lasers (VCSEL), also referred to as laser optimized MMF (LOMMF). A VCSEL is not as powerful as the solid-state lasers used for SMF, but it supports higher modulation (transmitting light pulses rapidly) than LED-based optics.

A general ping sequence for identifying connectivity issues: Step 4: Ping remote host

Ping the IP address of other hosts on the same subnet to test for local configuration or link problems. Note: If a local host cannot be pinged and the error is destination unreachable, then verify the IP configuration does not contain an incorrect IP address or netmask. If these are correct but pings still time out, suspect either a security issue (such as a switch port security issue) or a problem at the data link or physical layer.

An organization has identified that they must be able to continually process customer payments and pay employee salaries to keep the business running even in the event of a service disruption as mission essential functions. What kind of assessment did the organization use to make these determinations? Risk assessment Posture assessment Process assessment Business impact analysis

Process assessment The organization used a process assessment which involves identifying critical systems and assets that support mission essential functions.

Convergence

Process whereby routers agree on routes through the network to establish the same network topology in their routing tables (steady state). The time taken to reach steady state is a measure of a routing protocol's convergence performance.

The network administrator configures a switch with custom privilege levels and assigns commands to each. What type of best practice network hardening will this configuration support?

Role-based access, where different administrator and operator groups are assigned least privilege permissions.

Output from a ping command reports some values in milliseconds. What does this measure?

Round Trip Time (RTT) is a measure of the latency or delay between the host sending the probe and receiving a reply. ping will report minimum, maximum, and average RTT values.

Main appliance working at layer 3:

Router

What is SNTP?

Simple Network Time Protocol-A simpler protocol derived from NTP that enables workstations to obtain the correct time from time servers.

An organization is using Lightweight Directory Access Protocol (LDAP) to update the directory database. The administrator insists that steps to ensure access to the directory has already been completed and is secure. What authentication methods will the administrator disable? (Select all that apply.) SASL Simple bind No authentication LDAPS

Simple bind & No authentication

Directly Connected Routes

These routes come from the active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated. Each of the router's interfaces is connected to a different network segment.

THREE-TIERED NETWORK HIERARCHY:

access, distribution, and core. Paradigm to simplify network design by separating switch and router functionality and placement into three tiers each with a separate role, performance requirements, and physical topology.

Canonical Name (CNAME)

alias for existing record, like google.com = www.google.com

MAX distance of 100 m (328 feet) applies to:

cabling between the node and a switch port, or between two switch ports.

Fiber Duplex patch cords must maintain the:

correct polarity, so that the Tx port on the transmitter is linked to the Rx port on the receiver and vice versa.

Layer 4 - Transport - OSI - Sending sise (host):

data from the upper layers is packaged as a series of layer 4 Protocol Data Units (PDUs), referred to as segments. Each segment is tagged with the application's port number. The segment is then passed to the network layer for delivery. Many different hosts could be transmitting multiple HTTP and email packets at the same time. These are multiplexed using the port numbers along with the source and destination network addresses onto the same link.

Start of Authority (SOA) record

defines the general parameters for the DNS zone, including the identity of the authoritative server for the zone.

How do switches eliminate the effect of contention:

switches allow for full-duplex transmissions, where a node can transmit and receive simultaneously, and each node can use the full 100 Mbps bandwidth of the cable link to the switch port.

VPN Headend

Appliance that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels, often in hub and spoke site-to-site VPN topologies.

On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link.

At the data link layer or layer 2.

What sort of log would you inspect if you wanted to track web server access attempts?

Audit/security/access log

Address Resolution Protocol (ARP)

Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.

Multicast Listener Discovery (MLD)

Allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.

Routing Information Protocol (RIP)

Distance vector-based routing protocol that uses a hop count to determine the least-cost path to a destination network.

Client A is sending data to Server A. The packet has left the application layer and traversed the ISO model through to the data link layer. Which header will get encapsulated onto the packet at the data link layer?

Ethernet header Ethernet encapsulates the payload from higher layer protocols within a protocol data unit (PDU) called a frame. The ethernet header encapsulates onto a packet at the data link layer.

Vulnerability Assessment

Evaluation of a system's security and ability to meet compliance requirements based on the configuration state of the system, as represented by information collected from the system.

extended unique identifier (EUI)

IEEE's preferred term for a network interface's unique identifier. An EUI-48 corresponds to a MAC address while an EUI-64 is one that uses a 64-bit address space.

What output would you expect when running the command ip neigh?

IP:MAC address mappings held in the ARP cache of a Linux host.

What cabling faults would a wire map tester detect?

Opens, shorts, and transpositions (reversed and crossed pairs).

Neighbor Discovery (ND) protocol

IPv6 protocol used to identify link local nodes. Performs some of the functions on an IPv6 network that ARP and ICMP perform under IPv4.

Extended SSID (ESSID)

Network name configured on multiple access points to form an extended service area. All the APs are configured with the same SSID and security information.

Horizontal Cabling

Connects user work areas to the nearest horizontal cross-connect. A cross-connect can also be referred to as a distribution frame. Horizontal cabling is so-called because it typically consists of the cabling for a single floor and so is made up of cables run horizontally through wall ducts or ceiling spaces.

Optical spectrum analyzer (OSA)

Determines attenuation of different light wavelengths to establish suitability of fiber optic cable for long-distance applications.

What is the reason for making power sum crosstalk measurements when testing a link?

Power sum crosstalk measures cable performance when all four pairs are used, as Gigabit and 10G Ethernet do.

802.1Q

Trunking protocols enable switches to exchange data about VLAN configurations. The 802.1Q protocol is often used to tag frames destined for different VLANs across trunk links.

A Windows client workstation cannot access a help desk application server by its name support.515support.com. The service can be accessed using its IP address. What two command line tools should you use to identify possible causes of this issue?

Use ipconfig to report the DNS servers that the client is trying to use and verify they are correct. Use ping to verify connectivity with the DNS servers.

IPv4 Multicasting

allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content. Multicast packets are sent to a destination IP address from a special range configured for use with that multicast group.

A link local address is also appended with a zone index (or scope id) of:

the form %1 (Windows) or %eth0 (Linux). This is used to define the source of the address and make it unique to a particular link.

Network Access Control (NAC)

General term for the collected protocols, policies, and hardware that authenticate and authorize access to a network at the device level. NAC uses 802.1X port security mechanisms

Main Distribution Frame (MDF)

Passive wiring panel providing a central termination point for cabling. A MDF distributes backbone or "vertical" wiring through a building and connections to external access provider networks.

Intermediate Distribution Frame (IDF)

Passive wiring panel providing a central termination point for cabling. An IDF is an optional layer of distribution frame hierarchy that cross-connects "vertical" backbone cabling to an MDF to "horizontal" wiring to wall ports on each floor of a building or each building of a campus network.

You have selected an SFP+ 1310 nm Tx and 1490 nm Rx transceiver to implement a BiDi link between two switches. Should you provision a second SFP+ 1310 nm Tx and 1490 nm Rx for the other switch?

No, you need an SFP+ module with 1490 nm Tx and 1310 nm Rx.

FIBER OPTIC CABLE INSTALLATION

Normally, strands are installed in pairs (duplex) at each device, with one strand for transmit (Tx) and one strand for receive (Rx).

DNS Caching

Data store on DNS clients and servers holding results of recent queries.

routing table

Data store on an IP host used to determine the interface over which to forward a packet.

True or false? An automated vulnerability scanner can be used to detect zero-days.

False. An automated scanner is configured with a list of known vulnerabilities to scan for. By definition, zero-day vulnerabilities are unknown to the vendor or to security practitioners. A zero-day is detected either through detailed manual research or because an exploit is discovered.

industrial control system (ICS)

Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Internet Protocol Security (IPSec)

Network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet.

Lightweight Directory Access Protocol (LDAP)

Network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information. LDAP messaging uses TCP and UDP port 389 by default.

True or false? The DHCP server in the SOHO router assigns an IP address to the WAN interface automatically.

False-the DHCP server in the SOHO router assigns IP addresses to the hosts on the local network. The WAN address is likely to be assigned by DHCP, but a DHCP server is managed by the access provider.

True or false? The WAN port on a SOHO router is connected to the LAN ports by an internal switch.

False-the LAN ports and access point are connected by a switch. The WAN port is separate. Packets must be routed between the LAN and WAN segments.

A file server on the network is receiving synchronized time so that it can communicate properly, however it cannot provide synchronized time for other devices on the network. Why is this? The server supports only NTP The server is a stratum 1 server The server is a stratum 2 server The server supports only SNTP

The server supports only Simple Network Time Protocol (SNTP). SNTP works over the same port as NTP, UDP port 123. A host that supports only SNTP cannot act as a time source for other hosts.

The ANSI/TIA/EIA 568 standard defines two methods for terminating Ethernet connectors:

T568A and T568B T568B more widely used.

Coarse Wavelength Division Multiplexing (CWDM)

Technology for multiplexing up to 16 signal channels on a single fiber using different wavelengths.

Teredo protocol

Teredo tunnels IPv6 packets as IPv4-based UDP messages over port 3544. Teredo requires compatible clients and servers. The open-source Miredo package implements the Teredo for UNIX/Linux operating systems.

With CSMA/CD, what will happen if a host has data to transmit and there is already data on the cable?

The host will wait for a random backoff period before attempting to transmit again.

A network administrator is trying to figure out which switch will be rooted in a spanning tree protocol set up. What would determine the root?

The switch with the lowest ID, comprising a priority value and the MAC address, will be selected as the root.

At the 515support branch office, you have been asked to implement an IP network. Your network ID is currently 198.51.100.0/24. You need to divide this in half (two subnets) to accommodate hosts on two separate floors of the building, each of which is served by managed switches. The whole network is served by a single router. Using the above scenario, answer the following question: What is the broadcast address for each subnet?

198.51.100.127 and 198.51.100.255. You can work these out quite simply from the subnet ID that you calculated. The broadcast address for the first subnet is 1 less than the next subnet ID. The second subnet's broadcast address is the last possible address.

Which of the parameters in the following routing table entry represents the gateway? R 192.168.1.0/24 [120/1] via 198.51.100.254, GigabitEthernet0/1

198.51.100.254-the gateway is the address of the next hop router. 192.168.1.0/24 is the destination and GigabitEthernet0/1 is the interface that the packet should be forwarded out of to reach the gateway.

A help desk technician is troubleshooting communications between a client and print server. They are trying to perform the step to identify symptoms and duplicate the problem. Which of the following does NOT fall under this step? A. Question the obvious B. Physical inspection C. Check system logs D. Use a test system

A Questioning the obvious falls under establishing a theory of probable cause.

broadcast domain

Network segment in which all nodes receive the same broadcast frames at layer 2.

When troubleshooting cable connectivity, you are focusing on issues at the physical layer. At layer one, a typical Ethernet link for an office workstation includes the following components:

Network transceiver in the host (end system). Patch cable between the host and a wall port. Structured cable between the wall port and a patch panel (the permanent link). Patch cable between the patch panel port and a switch port. Network transceiver in the switch port (intermediate system).

The arp utility can be used to perform functions related to the ARP table cache. You would use this to diagnose a suspected problem with local addressing and packet delivery.

arp -a (or arp -g ) shows the ARP cache contents. You can use this with IPAddress to view the ARP cache for the specified interface only. The ARP cache will not necessarily contain the MAC addresses of every host on the local segment. There will be no cache entry if there has not been a recent exchange of frames. arp -s IPAddress MACAddress adds an entry to the ARP cache. Under Windows, MACAddress needs to be entered with hyphens between each hex byte. arp -d * deletes all entries in the ARP cache; it can also be used with IPAddress to delete a single entry.

Cyclic Redundancy Check (CRC)

Calculation of a 32-bit (4-byte) checksum based on the contents of a frame used to detect errors. The CRC is calculated based on the contents of the frame; the receiving node performs the same calculation and, if it matches, accepts the frame.

Fiber Finishing Types

1. Physical Contact (PC 2. UltraPhysical Contact (UPC) 3. Angled Physical Contact (APC)

802.11 relies on a shared physical bus running at half-duplex. How does this standard manage contention? CSMA/CA ACK RTS CTS

802.11 uses Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) where clients avoid collisions by waiting until the channel is idle before sending.

Which IEEE WLAN standards specify a data transfer rate of up to 54 Mbps?

802.11a and 802.11g.

POWER OVER ETHERNET (PoE)

802.3af-Powered devices can draw up to about 13 W over the link. Power is supplied as 350mA@48V and limited to 15.4 W, but the voltage drop over the maximum 100 meters of cable results in usable power of around 13 W. 802.3at (PoE+)-Powered devices can draw up to about 25 W, with a maximum current of 600 mA. 802.3bt (Ultra PoE)-Supplies up to about 51 W (Type 3) or 73 W (Type 4) usable power.

A security technician is analyzing IPv6 traffic and looking at incomplete addresses. Which of the following is a correct IPv6 address? A. 2001:db8:abc:def0::1234 B. 2001:db8::abc::def0:1234 C. 2001:db8::abc:def0::1234 D. 2001::db8:abc:def0::1234

A The address 2001:db8:abc:def0::1234 is a correct address. The double colon (::) compression can only be used once in a given address.

A Linux systems administrator wants to interface correctly with modern network configuration manager packages. Which of the following would be best to accomplish this? A. iproute2 B. net-tools C. ifconfig D. ipconfig

A The iproute2 package can interface correctly with modern network configuration manager packages. Running the ip addr command performs the basic reporting functionality of ifconfig that shows the current address configuration.

An administrator configures a new mail server to meet the organization's goals. Which record lists the IP addresses or names of servers that can send email from a particular domain and combats the sending of spam?

A Sender Policy Framework (SPF) record lists the IP addresses or names of servers that can send email from a particular domain and combats the sending of spam.

8 Bit is also called:

A byte or octet

A cyber technician needs to draft a policy for the organization to mitigate the risk from route processor vulnerabilities. What is the name of this type of policy? Firewall access control lists (ACLs) Control plane policing Endpoint security Hardening

A control plane policing policy mitigates the risk from route processor vulnerabilities. Such a policy can use ACLs to allow or deny control traffic from certain sources and apply rate-limiting if a source threatens to overwhelm the route processor.

What type of address is used by the switch to forward transmissions to the appropriate host?

A media access control (MAC) address. This is a layer 2 address. It is also referred to as a hardware or physical address.

What type of distribution frame is best suited to cabling wall ports to Ethernet switches in a way that best supports future changes?

A patch panel allows wall ports to be connected to switches via patch cords. If a switch is replaced or if a wall port needs to be connected to a different switch port, the change can be made easily by moving a patch cord.

What component performs signal amplification to extend the maximum allowable distance for a media type?

A repeater

Network loopback adapter (or loopback plug)

A specially wired RJ-45 plug with a 6" stub of cable. The wiring pinout is pin 1 (Tx) to pin 3 (Rx) and pin 2 (Tx) to pin 6 (Rx). This means that the packet sent by the NIC is received by itself. This is used to test for bad ports and network cards.

What is the default rule on a firewall?

A system-defined rule that denies anything not permitted by the preceding rules. This is also referred to as an implicit deny rule. An explicit deny is one configured manually by the administrator.

How does a traffic shaper benefit real-time data applications?

A traffic shaper can reserve bandwidth so that QoS parameters, such as maximum latency and jitter, for a real-time data application can be guaranteed.

A security administrator is investigating a CAM table flooded by an attacker. In the packet capture, what protocol should the security administrator filter on to look at related traffic? A. ARP B. IP C. TCP D. HTTP

A. ARP The Transmission Control Protocol/Internet Protocol (TCP/IP) suite includes the Address Resolution Protocol (ARP). The ARP performs the task of resolving an IP address to a hardware address. ARP messaging is only available to use with Ethernet.

A network administrator wants to be able to address multiple address hosts. Which of the following would accomplish this task? (Select all that apply.) A. Broadcast B. ff:ff:ff:ff:ff:ff C. Unicast D. 255.255.240.0

A. Broadcast B. ff:ff:ff:ff:ff:ff One method of addressing multiple hosts is to perform a broadcast. An administrator performs a broadcast by sending a packet to the network or subnet's broadcast address. Implemented broadcasts occur at layer 2 by sending them to MAC address ff:ff:ff:ff:ff:ff. All hosts connected to the switch (or in the same VLAN) will receive them.

A network technician needs a cost-effective solution that can multiplex up to 16 wavelengths on an SFP/SFP+ interface. Which multiplexing technique should the network technician use? A. CWDM B. WDM C. BiDi D. DWDM

A. CWDM Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and typically deploys four or eight bidirectional channels over a single fiber strand.

A company is upgrading its current network infrastructure to Gigabit Ethernet. Which of the following about Gigabit Internet is true? (Select all that apply.) A. Works over Cat 5e or newer B. Max distance of 100 m for UTP cabling between node/switch port or between two ports C. Supports rates up to 1000 Mbps D. Specified as 100BASE-T

A. Works over Cat 5e or newer B. Max distance of 100 m for UTP cabling between node/switch port or between two ports C. Supports rates up to 1000 Mbps

Terminal Access Controller Access Control System (TACACS+)

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management. TCP over port 49

Thin AP

Access point that requires a wireless controller in order to function.

For example, if the subnet mask is 255.255.255.240, the last four digits of the last octet in the IP address is the host ID portion. If these digits are set to all 1s, that is the last possible address before the next subnet ID, and therefore the network broadcast address:

All hosts that share the same broadcast address receive the packet. They are said to be in the same layer 3 broadcast domain. Broadcast domain boundaries are established at the Network layer by routers. Routers do not forward broadcasts, except in some specially configured circumstances.

classful addressing

An IP addressing convention that adheres to network class distinctions, in which the first 8 bits of a Class A address, the first 16 bits of a Class B address, and the first 24 bits of a Class C address are used for network information.

A helpdesk technician is setting up a new IP configuration for a new Ethernet adapter on a client using PowerShell. Which command should the technician use? A. Set-NetIPAddress B. New-NetIPAddress C. netsh interface ip set address "Ethernet" dhcp D. netsh interface ip set address "Ethernet" static 10.1.0.1 255.255.255.0 10.1.0.254

B. New-NetIPAddress

A security analyst is reviewing malicious packets and trying to understand the IPv4 header. What is the first field in an IPv4 header? A. Header Length B. Version C. Protocol D. Source address

B. Version The Version field is the first field in an IPv4 packet and indicates the version of the Internet Protocol in use, which in the case of IPv4 is 4.

mission essential function (MEF)

Business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all.

How is jitter mitigated by a VoIP application?

By buffering packets.

How does the network layer forward information between networks?

By examining the destination network-layer address or logical network address. The packet is forwarded, router by router (or hop by hop), through the internetwork to the target network. Once it has reached the destination network, the hardware address can be used to deliver the packet to the target node.

A project manager is visiting a new building and connects to the network. The manager performs all connectivity tests by IP address but cannot ping by host name. What is most likely the problem? A. UPS issues B. DHCP C. DNS D. Duplicate MACs

C If the project manager can successfully perform all connectivity tests by IP address but cannot ping by host name, then this suggests a name resolution problem

A network technician is setting up IPv6 global addressing. Which of the following is NOT part of an IPv6 unicast address? A. Starts with 001 B. Network ID C. Starts with fe80 D. Subnet

C Link local addresses start with a leading fe80, but global IPv6 addresses begin with 001.

A new network engineer is deploying an architecture using Carrier Sense Multiple Access with Collision Detection (CSMA/CD). How does the CSMA/CD protocol work? A. Data, check network, transmit data, collision, retransmit B. Data, transmit, collision, wait, retransmit C. Data, check network, transmit data, collision, wait, retransmit D. Data, check network, transmit data, collision, wait

C. Data, check network, transmit data, collision, wait, retransmit

A network cabling operator is looking at different fiber optic connector form factors. Which of the following only works for multimode? A. Straight Tip B. Subscriber Connector C. Mechanical Transfer Registered Jack D. Local Connector

C. Mechanical Transfer Registered Jack Mechanical Transfer Registered Jack (MTRJ) is a small-form-factor duplex connector with a snap-in design used for multimode networks.

An administrator can ping a server by IP address but cannot ping the server by its name. What are some areas the administrator should check to find out why the name isn't resolving to the IP address? (Select all that apply.) Check the local cache Check for a rogue DHCP server Check the HOSTS file Query DNS

Check the local cache Check the HOSTS file Query DNS

The preamble and Start Frame Delimiter (SFD) are used for:

Clock synchronization and as part of the CSMA/CD protocol to identify collisions early. The preamble consists of 8 bytes of alternating 1s and 0s with the SFD being two consecutive 1s at the end. This is not technically considered to be part of the

Socket

Combination of a TCP/UDP port number and IP address. A client socket can form a connection with a server socket to exchange data.

Port aggregation

Combining the bandwidth of two or more switch ports into a single channel link.

An administrator received a Syslog alert, code 2. What level does this indicate the issue is? Notice Alert Error Critical

Critical A code 2 level alert indicates a critical level alert meaning that a fault that will require immediate remediation is likely to develop and the administrator should investigate immediately.

nslookup command

Cross-platform command tool for querying DNS resource records.

netstat

Cross-platform command tool to show network information on a machine running TCP/IP, notably active connections and the routing table.

route

Cross-platform command tools used display and manage the routing table on a Windows or Linux host.

What is Crosstalk?

Crosstalk is a phenomenon whereby one pair causes interference in another as a result of their proximity.

A network administrator is diagnosing a suspected problem with local addressing and packet delivery. Which of the following commands would the administrator use to add an entry to the ARP cache? A. arp -a B. arp -d C. arp -g D. arp -s

D The arp -s IPAddress MACAddress adds an entry to the ARP cache. Under Windows, the network administrator needs to enter the MACAddress with hyphens between each hex byte.

rerecursive lookup

DNS query type whereby a server submits additional queries to other servers to obtain the requested information.

Encapsulation

Describing how data messages should be packaged for transmission. Encapsulation is like an envelope for a letter, with the distinction that each layer requires its own envelope. At each layer, the protocol adds fields in a header to whatever data (payload) it receives from an application or other protocol.

Nodes that send and receive information are referred to as:

End systems or as host nodes.

SFP+

Enhanced SFP (SFP+) is an updated specification to support 10 GbE but still uses the LC form factor.

True or False? The IP address 172.24.0.1 is routable over the Internet.

False. 172.16.0.0-172.31.255.255 is the Class B private address range.

True or False? The CRC mechanism in Ethernet allows for the retransmission of damaged frames.

False. The CRC indicates only that a frame may be corrupt.

True or false? An HTML web page is sent as the response to a client in an HTTP header field.

False. The HTML is the payload of the HTTP packet.

Dual Stack

Host operating multiple protocols simultaneously on the same interface. Most hosts are capable of dual stack IPv4 and IPv6 operation for instance.

Honeypot

Host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration.

Identity and access management (IAM) 4 main processes:

Identification -Creating an account or ID that identifies the user, device, or process on the network. Authentication-Proving that a subject is who or what it claims to be when it attempts to access the resource. Authorization-Determining what rights subjects should have on each resource and enforcing those rights. Accounting-Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

An organization that issues public keys should obtain a digital certificate. What does the digital certificate contain? (Select all that apply.) Information on the certificate's guarantor Information about the subject Public key infrastructure The subject's public key

Information on the certificate's guarantor Information about the subject The subject's public key

Following maintenance on network switches, users in one department cannot access the company's internal web and email servers. You can demonstrate basic connectivity between the hosts and the servers by IP address. What might the problem be?

It is likely that there is a problem with name resolution. Perhaps the network maintenance left the hosts unable to access a DNS server, possibly due to some VLAN assignment issue.

Maximum Tolerable Downtime (MTD)

Longest period that a process can be inoperable without causing irrevocable business failure.

IPv4 Anycasting

Means that a group of hosts are configured with the same IP address. When a router forwards a packet to an anycast group, it uses a prioritization algorithm and metrics to select the host that is "closest" (that will receive the packet and be able to process it the most quickly). This allows the service behind the IP address to be provisioned more reliably. It allows for load balancing and failover between the server hosts sharing the IP address.

What is a Multiple access area network?

Means that the available communications capacity is shared between the nodes that are connected to the same media.

How would you test for excessive attenuation in a network link?

Measure the insertion loss in dB by using a cable tester.

Wide Area Network (WAN)

Networks such as the Internet that are located in different geographic regions but with shared links.

Hop Count

One link in the path from a host to a router or from router to router. Each time a packet passes through a router, its hop count (or TTL) is decreased by one.

The following main parameters define a routing entry:

Protocol-The source of the route. Destination-Routes can be defined to specific hosts but are more generally directed to network IDs. The most specific destination prefix (the longest mask) will be selected as the forwarding path if there is more than one match. Interface-The local interface to use to forward a packet along the chosen route. This might be represented as the IP address of the interface or as a layer 2 interface ID. Gateway/next hop-The IP address of the next router along the path to the destination.

Network (layer 3 OSI Model)

Responsible for moving data around a network of networks, known as an internetwork or the Internet. This layer moves information around an internetwork by using logical network and host IDs.

Security Information and Event Management (SIEM)

Solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.

A security analyst is looking at traffic directed to 0.0.0.0/8. For what purpose is this IP range typically used?

Source address by client seeking a DHCP lease The system uses the subnet 0.0.0.0/8 when a specific address is unknown and typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease.

Entrance Facilities/Demarc

Special types of equipment rooms marking the point at which external cabling (outside plant) is joined to internal (premises) cabling. These are required to join the access provider's network and for inter-building communications. The demarcation point.

IEEE 802.1X Port-based Network Access Control (NAC)

Standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication. 802.1X uses authentication, authorization, and accounting (AAA) architecture.

IT engineers evaluate a network for upgrade purposes. IT engineers recommend replacing a hub with a switch. Of the choices given, which represents the current physical topology and the current logical topology?

Star & Bus

Stackable

Switches that can be connected together and operate as a group. The switch stack can be managed as a single unit.

medium dependent interface (MDI)

System that distinguishes transmit and receive pins on different interface types. The interface on an end system is MDI while that on an intermediate system is MDI-X.

A network administrator is looking at packet captures from the network and trying to isolate email traffic. Which of the following should the network administrator include?

TCP 25 & TCP 143

What is a customer premises equipment (CPE)?

The SOHO router used at the customers home or business.

Character Breakdown of a MAC address:

The first six hex digits (3 bytes or octets), also known as the Organizationally Unique Identifier (OUI), identify the manufacturer of the adapter. The last six digits are a serial number.

Work Area

The space where user equipment is located and connected to the network, usually via a wall port.

At layer 3, the network layer, the routing part of the SOHO router makes forwarding decisions between the local private network and public Internet.

These zones are distinguished by internet protocol (IP) addresses. The local network uses a private IP address range, such as 192.168.1.0/24. The SOHO router itself is identified by an address in this range, such as 192.168.1.1 or 192.168.1.254 .

True or false? A managed switch should have auto MDI/MDI-X enabled by default.

True

tcpdump is often used with some sort of filter expression:

Type-filter by host , net , port , or portrange. Direction-filter by source ( src ) or destination ( dst ) parameters ( host , network , or port ). Protocol-filter by a named protocol rather than port number (for example, arp , icmp , ip , ip6 , tcp , udp , and so on).

A wireless access point is available on the floor for wireless users in the area. User 1 wants to send a file to user 2 using their laptop's wireless adapters. Which of the following is the most secure way of sending files to one another using their current wireless adapters?

Using an ad hoc connection. In an ad hoc topology, the wireless adapter allows connections to and from other devices. This makes it possible for two laptops to connect directly with each other wirelessly. This is also referred to as an Independent Basic Service Set (IBSS).

pre-shared key (PSK)

Wireless network authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network. The passphrase is used to derive an encryption key. WPA2

What is cable that passes between floors called?

a Riser Conduit for riser cabling must be fire-stopped. This means that fire cannot spread through the opening created by the conduit.

What is a segment?

is one where all nodes can send traffic to one another using hardware addresses, regardless of whether they share access to the same media.

Bidirectional wavelength division multiplexing (WDM)

links are documented in Ethernet standards (1000BASE-BX and 10GBASE-BX).

Internet Assigned Numbers Authority (IANA) ( iana.org )

manages allocation of IP addresses and maintenance of the top-level domain space. IANA is currently run by Internet Corporation for Assigned Names and Numbers (ICANN). IANA allocates addresses to regional registries who then allocate them to local registries or ISPs.

Devices working at the transport layer include:

multilayer switches-usually working as load balancers-and many types of security appliances, such as more advanced firewalls and intrusion detection systems (IDSs).

Static Route

one that has been manually entered into the routing table with the route add command. A special type of static route that identifies the next hop router for a destination that cannot be matched by another routing table entry. The destination address 0.0.0.0/0 (IPv4) or ::/0 (IPv6) is used to represent the default route. The default route is also described as the gateway of last resort. Most end systems are configured with a default route (pointing to the default gateway).

The demarcation point is:

where the access provider's network terminates and the organization's network begins.

One pair of insulated wires twisted together forms a balanced pair. The pair carry the same signal but:

with different polarity; one wire is positive, and the other is negative. This allows the receiver to distinguish the signal from any noise more strongly. The cable is completed with an insulating outer jacket.

A few other IPv4 address ranges are reserved for special use and are not publicly routable:

0.0.0.0/8-Used when a specific address is unknown. This is typically used as a source address by a client seeking a DHCP lease. 255.255.255.255-Used to broadcast to the local network when the local network address is not known. 100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15-Set aside for a variety of special purposes. 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24-Set aside for use in documentation and examples.

How is the decimal value 171 expressed in hex?

0xAB. To work this out, divide 171 by 16 (10) and write the remainder (11) as the least significant hex digit (B). Note that the quotient 10 (the integer part of the sum, where 171/16=10.6875) is less than 16. Convert the quotient to hex (10=A) to derive the second hex digit and complete the conversion.

INTERIOR VERSUS EXTERIOR GATEWAY PROTOCOLS

1) Autonomous System (AS) - Group of network prefixes under the administrative control of a single organization used to establish routing boundaries. 2) Interior Gateway Protocol (IGP) - Dynamic routing protocol used to exchange path forwarding information between routers in the same autonomous system. 3) Exterior Gateway Protocol (EGP) - Dynamic routing protocol used to exchange information about network paths in separate autonomous systems. An EGP includes a field to communicate the network's autonomous system ID and allows network owners to determine whether they can use paths through another organization's network.

If the network ID is 10.1.0.0/22, how many IP addresses are available for allocation to host interfaces?

1,022. With a 22-bit mask, from the 32-bit IP address, there are 10 bits left for host addressing (32-22). 2 to the power 10 (2^10) is 1,024. You then need to subtract two for the network and broadcast addresses, which cannot be assigned to host interfaces.

Starting at layer 1 (Physical), the SOHO router provides the following physical connections:

1. A number of RJ-45 ports (typically four) to connect to a local cabled network. These are typically labeled as the LAN ports. 2. Radio antennas to transmit and receive wireless signals. 3. A type of modem (typically cable or digital subscriber line) to connect to the Internet Service Provider's (ISP's) network. This is typically labeled as the WAN port. On the example in the diagram, the interface is another RJ-45 port, designed to connect to the premises Internet service using the same Ethernet technology as the local network. On other SOHO routers, there may be a different type of WAN modem, such as an RJ-11 port to connect to a digital subscriber line (DSL) service.

CompTIA® Network+® troubleshooting methodology.

1. Identify the problem 2. Establish a theory of probable cause 3. Test the theory to determine cause 4. Establish a plan of action to resolve the problem and identify potential effects. 5. Implement the solution or escalate as necessary. 6. Verify full system functionality, and if applicable, implement preventive measures. 7. Document findings, actions, and outcomes.

A port security configuration has two elements:

1. Specify a static MAC address or allow the port to learn and accept a certain number of sticky addresses. 2. Specify an enforcement action when a policy violation is detected (alert only or shutdown the port, for instance).

xBASE-y describes:

1. The bit rate in megabits per second (Mbps) or gigabits per second (Gbps). 2. The signal mode (baseband or broadband). All mainstream types of Ethernet use baseband transmissions, so you will only see specifications of the form xBASE-y. 3. A designator for the media type. For example, 10BASE-T denotes an early implementation that works at 10 Mbps (10), uses a baseband signal (BASE), and runs over twisted pair copper cabling (-T).

TCP Three-Way Handshake

1. The client sends a segment with the TCP flag SYN set to the server with a randomly generated sequence number. The client enters the SYN-SENT state. 2. The server, currently in the LISTEN state (assuming it is online), responds with a SYN/ACK segment, containing its own randomly generated sequence number. The server enters the SYN-RECEIVED state. 3. The client responds with an ACK segment. The client assumes the connection is ESTABLISHED. 4. The server opens a connection with the client and enters the ESTABLISHED state.

Ipv6 Global addressing parts:

1. The first 3 bits (001) indicate that the address is within the global scope. Most of the IPv6 address space is unused. The scope for globally unique unicast addressing occupies just 1/8th of the total address space. In hex, globally scoped unicast addresses will start with a 2 (0010 in binary) or 3 (0011). 2. The next 45 bits are allocated in a hierarchical manner to regional registries and from them to ISPs and end users. 3. The next 16 bits identify site-specific subnet addresses. 4. The final 64 bits are the interface ID.

To view the DNS Servers: 1. in Windows 2. In Linux

1. ipconfig /all 2. Linux, the DNS server addresses are recorded in /etc/resolv.conf. ypically, a package such as NetworkManager or systemd-networkd would add the entries. Entries added directly will be overwritten at reboot.

What maximum distance is defined in standards documentation for 1000BASE-LX running over MMF?

550 m (1804 feet). Note that 1000BASE-LX can run over MMF or SMF. SMF has much higher range.

A host is configured with the IP address 10.0.10.22 and subnet mask 255.255.255.192. How many hosts per subnet would this addressing scheme support?

62. Either subtract the least significant octet from 256 (256-192=64), then subtract 2 for the network and broadcast addresses, or having worked out that there are 6 host bits, calculate 2^6-2.

Bit masks examples:

8-bit: 225.0.0.0 14-bit: 225.252.0.0 16-bit: 225.225.0.0 24-bit: 225.225.225.0

What is the difference between a Wi-Fi analyzer and a spectrum analyzer?

A Wi-Fi analyzer is a software-based tool that interrogates the wireless adapter to display detailed information, based on what the Wi-Fi radio can receive. A spectrum analyzer uses dedicated radio hardware to report on frequency usage outside of Wi-Fi traffic, and so can be used more reliably to detect interference sources.

What type of security control uses an attestation report?

A Network Access Control (NAC) server configured to allow connections only to clients that meet a health policy, such as running an appropriate OS/OS version and being up-to-date with patches and security scanning definitions.

Bridge

A bridge is a type of intermediate system that joins physical network segments while minimizing the performance reduction of having more nodes on the same network. A bridge has multiple ports, each of which functions as a network interface.

tcpdump

A command-line packet capture utility for Linux, providing a user interface to the libpcap library. The basic syntax of the command is: tcpdump -i eth0

What types of baselines are useful when you are performing configuration management?

A configuration baseline records the initial setup of software or appliance. A performance baseline records the initial throughput or general performance of a network (or part of a network). These baselines allow changes in the future to be evaluated.

Repeater

A device that amplifies an electronic signal to extend the maximum allowable distance for a media type.

Media Converter

A device that converts one media signaling type to another.

Virtual LANs (VLANS)

A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate. Layer 2

A technician finishes running fiber optic cable across a large building to expand the internal network. The fiber connects to equipment in a rack with extremely limited space for a connector. Considering the situation and the types of available fiber connectors, which one will accomplish connectivity?

A local connector (LC) is a small form factor version of the SC push-pull fiber optic connector. It is available in simplex and duplex versions. SFP+ use the LC form factor but run at speeds of 10Gb.

Local Area Network (LAN)

A network in a single location. his definition encompasses many different sizes of networks with widely varying functions and capabilities. It can include both residential networks with a couple of computers, and enterprise networks with hundreds of servers and thousands of workstations.

Hybrid Topology

A network that uses a combination of physical or logical topologies. In practice most networks use hybrid topologies. For example, modern types of Ethernet are physically wired as stars but logically operate as buses.

What use is a PTR DNS record?

A pointer maps an IP address to a host name, enabling a reverse lookup. Reverse lookups are used (for example) in spam filtering to confirm that a host name is associated with a given IP address.

What type of security configuration uses edge and choke firewalls?

A screened subnet. The edge or screening firewall is the public interface while the choke firewall is the LAN interface. The screened subnet is therefore configured as a perimeter network preventing hosts on the Internet being directly connected to hosts on the LAN.

Secure FTP (SFTP) Port 22

A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) (over TCP Port 22) tunnel as an encryption method to transfer, access, and manage files.

A router must forward traffic received over a single physical interface connected to a switch trunk port to the appropriate virtual LAN (VLAN). What feature must be configured on the router?

A subinterface for each VLAN carried over the trunk. Each subinterface must be configured with an IP address and mask for the subnet mapped to the VLAN

Mesh Topology

A topology often used in WANs where each device has (in theory) a point-to-point connection with every other device (fully connected); in practice, only the more important devices are directly interconnected (partial mesh).

Generic Routing Encapsulation (GRE)

A tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels. This creates a virtual point-to-point link to various brands of routers at remote points over an Internet Protocol (IP) internetwork.

Patch Panel/Patch Bay

A type of distribution block with IDCs on one side and pre-terminated RJ-45 modular ports on the other. This allows incoming and outgoing connections to be reconfigured by changing the patch cable connections, which is much simpler than reterminating punchdown blocks.

A network administrator needs to break up a subnet mask containing 64 addresses. Which of the following subnet masks should the administrator use? A. 255.255.255.192 B. 255.255.255.240 C. 255.255.255.224 D. 255.255.255.128

A. 255.255.255.192 A subnet mask of 255.255.255.192 has 64 addresses. Subnet addressing has three hierarchical levels: a network ID, subnet ID, and host ID.

A network technician is researching standards for the physical and data link layer. Which standard, developed to implement the functions of the physical and data link layers of the OSI model, is the most important? A. 802.3 B. 802.1D C. 802.11 D. 802.1X

A. 802.3 The most important standard developed is the Institute of Electrical and Electronics Engineers (IEEE) 802.3 Ethernet standards.

Which of the following are reasons why a client would unexpectedly disassociate from an access point? (Select all that apply.) Access Point Proximity MAC spoofing BYOD Interference

Access Point Proximity MAC spoofing Interference

Fat AP

Access point whose firmware contains enough processing logic to be able to function autonomously and handle clients without the use of a wireless controller.

At the 515support branch office, you have been asked to implement an IP network. Your network ID is currently 198.51.100.0/24. You need to divide this in half (two subnets) to accommodate hosts on two separate floors of the building, each of which is served by managed switches. The whole network is served by a single router. Using the above scenario, answer the following question: To divide the network in half, what subnet mask do you need to use?

Adding a single bit to the mask creates two subnets. The mask and network prefix will be 255.255.255.128 (/25).

The main functions of Neighbor Discovery (ND) protocol are:

Address autoconfiguration-Enables a host to configure IPv6 addresses for its interfaces automatically and detect whether an address is already in use on the local network, by using neighbor solicitation (NS) and neighbor advertisement (NA) messages. Prefix discovery-Enables a host to discover the known network prefixes that have been allocated to the local segment. This facilitates next-hop determination (whether a packet should be addressed to a local host or a router). Prefix discovery uses router solicitation (RS) and router advertisement (RA) messages. An RA contains information about the network prefix(es) served by the router, information about autoconfiguration options, plus information about link parameters, such as the MTU and hop limit. Routers send RAs periodically and in response to a router solicitation initiated by the host. Local address resolution-Allows a host to discover other nodes and routers on the local network (neighbors). This process also uses neighbor solicitation (NS) and neighbor advertisement (NA) messages. Redirection-Enables a router to inform a host of a better route to a particular destination.

A network engineer is analyzing a specific network protocol. Which of the following are the principal functions of a network protocol?

Addressing & Encapsulation

Quick way to remember the 7 layers, use the following mnemonic:

All People Seem To Need Data Processing. Application Presentation Session Transport Network Data Link Physical

Copper wire thickness is measured using

American Wire Gauge (AWG). Increasing AWG numbers represent thinner wire. Solid cable uses thicker 22 to 24 AWG, while the stranded cable used for patch cords is often 26 AWG. The attenuation of stranded wire is higher than solid wire, so it cannot be used over extended distances.

Throughput

Amount of data transfer supported by a link in typical conditions. This can be measured in various ways with different software applications. Goodput is typically used to refer to the actual "useful" data rate at the application layer (less overhead from headers and lost packets). Typically measured at the network or transport layer.

What is the dotted decimal representation of an 8-bit netmask?

An 8-bit mask means that each digit in the first octet is set to 1. Converted to dotted decimal, this becomes 255.0.0.0.

Wireless access point (AP)

An AP allows nodes with wireless network cards to communicate and creates a bridge between wireless networks and wired ones.

A systems administrator is trying to troubleshoot frames moving over a 10 gigabit network and wants to set up the most optimal solution. Which of the following should the sysadmin use? SPAN port Active tap Passive tap I/G

An active tap is a powered device that performs signal regeneration. Gigabit signaling over copper wire is too complex for a passive tap to monitor.

Switch

An advanced type of bridge with many ports. A switch creates links between large numbers of nodes more efficiently.

WIRESHARK

An open source graphical packet capture and analysis utility, with installer packages for most operating systems.

Network Time Protocol (NTP)

Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123.

Syslog

Application protocol and event logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default.

Internet Message Access Protocol (IMAP)

Application protocol providing a means for a client to access and manage email messages stored in a mailbox on a remote server. IMAP4 utilizes TCP port number 143, while the secure version IMAPS uses TCP/993.

Post Office Protocol (POP)

Application protocol that enables a client to download email messages from a server mailbox to a client over port TCP/110 or secure port TCP/995.

Simple Network Management Protocol (SNMP)

Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.

Server Message Block (SMB)

Application protocol used for requesting files from Windows servers and delivering them to clients. More typically ran on port 445.

Session Initiation Protocol (SIP)

Application protocol used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/ video), and session management and termination. SIP typically runs over UDP or TCP ports 5060 (unsecured) and 5061 (SIP-TLS)

Hypertext Transfer Protocol (HTTP)

Application protocol used to provide web content to browsers. HTTP uses port 80. HTTPS(secure) provides for encrypted transfers, using SSL/TLS and port 443.

Simple Mail Transfer Protocol (SMTP)

Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587.

File Transfer Protocol (FTP)

Application protocol used to transfer files between network hosts. Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and 21.

optical link budget

Assessment of allowable signal loss over a fiber optic link.

Open Systems Interconnection (OSI) reference model

Assigns network and hardware components and functions at seven discrete layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.

A client is attempting to renew its lease with the DHCP server so that it can keep the same IP addressing information. How much of the lease duration has lapsed?

At least 50%

A network designer wants to run a 10 gigabit backbone between two switches in buildings that are 75 m (246 feet) apart. What is the main consideration when selecting an appropriate copper cable?

At that distance, some type of shielded or screened cat 6A or better cable is required for the installation to be compliant with Ethernet standard 10GBASE-T.

Enumeration

Attack that aims to list resources on the network, host, or system as a whole to identify potential targets for further attack

Distributed DoS (DDoS)

Attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.

Distance

Attenuation, or degradation of a signal as it travels over media, determines the maximum distance for a particular media type at a given bit rate.

What element is missing from the following list, and what is its purpose? Identification Authentication Accounting

Authorization-Assigning privileges over the network object to the subject.

A network technician is trying to diagnose a network where something is consuming a lot of bandwidth and slowing down the network. Which of the following would point to this? A. IGMP snooping B. Multicast transmissions C. Host resolution issues D. Duplicate IPs

B At layer 2, if a switch is not multicast-aware, it treats multicast transmissions as broadcasts and floods them across all ports, consuming a lot of bandwidth and slowing down the network.

A network technician in Germany is setting up Cat 7 cabling in the organization's environment. The technician should, to comply with installation standards, terminate the cabling with what type of connector? (Select all that apply.) A. RJ45 B. TERA C. GG45 D. Horizontal connectors

B. TERA C. GG45 TERA connectors, rather than standard RJ-45 connectors, can terminate Cat 7 cabling. TIA/EIA does not recognize Cat 7 but appears in the cabling standards created by the ISO (ISO/IEC 11801). GG45 connectors, rather than standard RJ-45 connectors, can terminate Cat 7 cabling. Cat 7 cable is always of a screened/shielded type and rated for 10GbE applications up to 100 m (328 feet).

Which of the following topologies is a network of two or more nodes that shares access to the network, but only one node can be active at any one time?

BUS

trunks

Backbone link established between switches and routers to transport frames for multiple virtual LANs (VLANs).

The two default elements of Enhanced IGRP (EIGRP):

Bandwidth-Applies a cost based on the lowest bandwidth link in the path. Delay-Applies a cost based on the time it takes for a packet to traverse the link. This metric is most important if the route is used to carry time-sensitive data, such as voice or video. Delay is calculated as the cumulative value for all outgoing interfaces in the path.

Decimal numbering is also referred to as:

Base 10 Base 10 means that each digit can have one of ten possible values (0 through 9). A digit positioned to the left of another has 10 times the value of the digit to the right.

Binary is:

Base 2 A digit in any given position can only have one of two values (0 or 1), and each place position is the next power of 2.

An administrator is configuring a new network from the ground up. Which servers would the administrator configure as bastion hosts? (Select all that apply.) Proxy servers Active directory servers Web servers File servers

Bastion servers are hosts in the perimeter and are not fully trusted. Proxy servers are bastion servers because they take internal requests and transmit them to the Internet to protect the internal host. The administrator will configure servers that provide public access services, such as web servers, in a perimeter network. These are bastion servers.

insulation-displacement connection (IDC)

Block used to terminate twisted pair cabling at a wall plate or patch panel available in different formats, such as 110, BIX, and Krone. Found on Punch Down Blocks

Private IP addresses

Can be drawn from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet: 10.0.0.0 to 10.255.255.255 (Class A private address range). 172.16.0.0 to 172.31.255.255 (Class B private address range). 192.168.0.0 to 192.168.255.255 (Class C private address range).

Tunneling: an alternative to dual stack

Can be used to deliver IPv6 packets across an IPv4 network. Tunneling means that IPv6 packets are inserted into IPv4 packets and routed over the IPv4 network to their destination.

The Ethernet protocol governing contention and media access is called:

Carrier Sense Multiple Access with Collision Detection (CSMA/CD).

What mechanism does RTS/CTS support?

Carrier sense multiple access with collision avoidance (CSMA/CA). Rather than try to detect collisions, a wireless station indicates its intent to transmit by broadcasting a Request To Send (RTS) and waits to receive a Clear To Send (CTS) before proceeding.

A network engineer is troubleshooting an ethernet connection between two buildings. The engineer noticed that the network devices got upgraded, but the wiring did not. The engineer needs a connection that can handle 10Gbps at 500 MHz for a distance of 300 feet using RJ-45 connectors. What type of ethernet should the engineer replace the Cat 5 with to meet the connection standard?

Cat 6A is an improved specification cable that can support 10 Gbps over 100 m. RJ-45 connectors terminate the Cat 6A cable.

T568A and T568B wiring specifications for Cat 7 & 8 Only

Cat 7 and Cat 8 are so sensitive to noise that the secondary wire in each pair is solid white with no stripe, as the coloring process reduces the effectiveness of the insulation.

A network architect is planning a new setup for a new company that has yet to build buildings. Which of the following would the architect set up for a /16 network?

Class B: 255.255.0.0 (/16). The first octet for class B is from 128 - 191. The only remaining use of classful terminology is to describe the default subnet masks.

There are two additional classes of IP address (D and E) that use the values above 223.255.255.255:

Class D addresses (224.0.0.0 through 239.255.255.255) are used for multicasting. Class E addresses (240.0.0.0 through 255.255.255.255) are reserved for experimental use and testing.

A technician surveys an office space to document the network. Upon discovering a network closet, the technician finds a network bridge. After examining the possibilities, what description satisfies the technician's notes regarding the bridge?

Connecting different networks as if they were one. A bridge is a hardware appliance or software application that connects different networks and treats them as if they were one network.

Backbone Cabling

Connects horizontal cross-connects (HCCs) to the main cross-connect (optionally via intermediate cross-connects). These can also be described as vertical cross-connects, because backbone cabling is more likely to run up and down between floors

Backbone Cabling

Connects horizontal cross-connects (HCCs) to the main cross-connect (optionally via intermediate cross-connects). These can also be described as vertical cross-connects, because backbone cabling is more likely to run up and down between floors.

Wire map tester can be used to ID the following problems:

Continuity (open)-A conductor does not form a circuit because of cable damage or because the connector is not properly wired. Short-Two conductors are joined at some point, usually because the insulating wire is damaged, or a connector is poorly wired. Incorrect pin-out/incorrect termination/mismatched standards-The conductors are incorrectly wired into the terminals at one or both ends of the cable. The following transpositions are common: Reversed pair-The conductors in a pair have been wired to different terminals (for example, from pin 3 to pin 6 and pin 6 to pin 3 rather than pin 3 to pin 3 and pin 6 to pin 6). Crossed pair (TX/RX reverse)-The conductors from one pair have been connected to pins belonging to a different pair (for example, from pins 3 and 6 to pins 1 and 2). This may be done deliberately to create a crossover cable, but such a cable would not be used to link a host to a switch.

single optical fiber is constructed from three elements:

Core provides the transmission path for the light signals (waveguide). Cladding reflects signals back into the waveguide as efficiently as possible so that the light signal travels along the waveguide by multiple internal reflections. The core and cladding can be made from glass or plastic. The cladding is applied as a thin layer surrounding the core. While made of the same material, the cladding has a different refractive index to the core. The effect of this is to create a boundary that causes the light to bounce back into the core, facilitating the process of total internal reflection that guides the light signal through the core. Buffer is a protective plastic coating. It may be of a tight or loose configuration, with the loose format using some form of lubricant between the strand and the sheath.

Time to Live (TTL)

Counter field in the IP header recording the number of hops a packet can make before being dropped.

A security engineer is analyzing IPv6 packets. Which of the following header fields is for quality of service? A. Traffic class B. Payload length C. Hop limit D. Flow label

D. Flow label The flow label is for quality of service (QoS) management, such as for real-time streams. The security engineer sets the flow label to 0 for packets not part of any delivery sequence or structure.

A project manager is ordering equipment to set up fiber cabling in a new building. Which of the following tools will allow a more permanent join with lower insertion loss? A. Crimper B. Punchdown tool C. Block tool D. Fusion splicer

D. Fusion splicer A fusion splicer achieves a more permanent join with lower insertion loss (>=0.1 dB). The fusion splicing machine performs a precise alignment between the two strands and then permanently joins them together.

A helpdesk operator is troubleshooting communications between devices in the same location, but one is having issues communicating with the others. Which of the following will have issues? A. Host A: IP: 192.168.1.10, Mask: 255.255.255.0 B. Host B: IP: 192.168.1.11, Mask: 255.255.255.0 C. Host C: IP: 192.168.1.21, Mask: 255.255.0.0 D. Host D: IP: 192.168.0.10, Mask: 255.255.255.0

D. Host D: IP: 192.168.0.10, Mask: 255.255.255.0

iterative lookups

DNS query type whereby a server responds with information from its own data store only.

Authoritative Name Server

DNS server designated by a name server record for the domain that holds a complete copy of zone records.

Corporate has requested the installation of a new fiber link that supports 160 channels. What type of multiplexing is required to meet corporate's request?

Dense Wavelength Division Multiplexing (DWDM) provisions greater numbers of channels (20, 40, 80, or 160). This means that there is much less spacing between each channel and requires more precise and expensive lasers.

ifconfig

Deprecated Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter.

Addressing:

Describing where data messages should go. At each layer, there are different mechanisms for identifying nodes and rules for how they can send and receive messages.

Ping Error Messaging If ping probes are unsuccessful, one of two messages are commonly received:

Destination host unreachable-There is no routing information (that is, the local computer does not know how to get to that IP address). This might be caused by some sort of configuration error on the local host, such as an incorrect default gateway, by a loss of connectivity with a router, or by a routing configuration error. No reply (Request timed out.)-The host is unavailable or cannot route a reply to your computer. Requests time out when the TTL is reduced to 0 because the packet is looping (because of a corrupted routing table), when congestion causes delays, or when a host does not respond.

110 Block

Developed by AT&T - is a type of distribution frame supporting 100 MHz operation (Cat 5) and better. A 110 wiring block is arranged horizontally rather than vertically, offering better density than a 66 block. The incoming wire pairs are fed into channels on the wiring block, then a connector block or wafer is installed to terminate the incoming wiring. Outgoing wire pairs are then punched into the terminals on the connector blocks to complete the circuit.

BIX and Krone Distribution Frames

Developed by Nortel - Uses formats BIX and Krone use a single module. As well as the differences in block design, the IDCs are angled differently in each format, requiring a different termination blade to be used to ensure a reliable connection.

A sysadmin is looking into bandwidth management. Which kind of bandwidth management technology uses a header field to indicate a priority value for a layer 3 (IP) packet? IEEE 802.1p DiffServ Traffic shaper Expedited forwarding

DiffServ The Differentiated Services (DiffServ) framework classifies each packet passing through a layer 3 device and can use defined router policies to use packet classification to prioritize delivery.

Routing table entries fall into four general categories:

Direct network routes, for subnets to which the router is directly attached. Remote network routes, for subnets and IP networks that are not directly attached. Host routes, for routes to a specific IP address. A host route has a /32 network prefix. Default routes, which are used when an exact match for a network or host route is not found.

A 32-bit network mask (or netmask) is used to:

Distinguish both a network ID and a host ID within a single IP address. The mask conceals the host ID portion of the IP address and thereby reveals the network ID portion.

Subnet addressing

Division of a single IP network into two or more smaller broadcast domains by using longer netmasks within the boundaries of the network.

A network technician is setting up a connection between switches, but the switches cannot establish a connection. Which of the following would be the most likely cause of the switch's inability to establish a connection?

Dual MDI-X ports When a switch needs to connect to another switch, communications would fail if both interfaces used media dependent interface crossover (MDI-X).

Open Shortest Path First (OSPF)

Dynamic routing protocol that uses a link-state algorithm and a hierarchical topology. It relies on directly connected neighbors for information about remote networks. The most widely adopted link state protocol suited for large organizations with multiple redundant paths between networks.

network segmentation enforcement

Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped. Layers 2 & 3

QSFP+

Enhanced quad small form-factor pluggable (QSFP+) is designed to support 40 GbE by provisioning 4 x 10 Gbps links. QSFP+ is typically used with parallel fiber and multi-fiber push-on (MPO) termination. An MPO backbone ribbon cable bundles 12 or more strands with a single compact terminator (the cables are all manufactured and cannot be field terminated). QSFP+ can also be used with Wavelength Division Multiplexing (WDM) Ethernet standards.

An engineer has installed a new router but is not connected to the core network yet. What type of connector should the engineer install to get the requested throughput of 30Gbps or more?

Enhanced quad small form-factor pluggable (QSFP+) supports 40 GbE by provisioning 4 x 10 Gbps links.

Dynamic Routing

Entry in the routing table that has been learned from another router via a dynamic routing protocol.

What is an EUI-64, and how might it be used by IPv6?

Extended unique identifier (EUI) is IEEE's preferred term for a MAC address. EUI-64 is a 64-bit hardware interface ID. A 48-bit MAC address can be converted to an EUI-64 by using a simple mechanism. The EUI-64 can be used as the IPv6 interface ID, though a randomly generated token is often preferred.

8.2 (Class II)

F/FTP or S/FTP 40GBASE-T 30 m (100 ft) 2000 MHz GG45/TERA

True or False? The arp utility will always show another host's MAC address if that host is on the same subnet.

False. While that is the function of the Address Resolution Protocol, the arp utility is used to inspect the ARP table cache, which may or may not contain the other host's address. Note that a standard means to ensure the MAC address is cached is to ping the destination address first. This is the basis of a utility called arping.

How to support compatibility with hosts still equipped with 10 Mbps Ethernet interfaces?

Fast Ethernet introduced an autonegotiation protocol to allow a host to choose the highest supported connection parameters (10 or 100 Mbps and half or full duplex). 10BASE-T Ethernet specifies that a node should transmit regular electrical pulses when it is not transmitting data to confirm the viability of the link. Fast Ethernet codes a 16-bit data packet into this signal advertising its service capabilities. This is called a Fast Link Pulse. A node that does not support auto-negotiation can be detected by one that does and can send ordinary link integrity test signals or Normal Link Pulses.

Header Fields for IPv6.

Flow Label - The flow label is for quality of service (QoS) management, such as for real-time streams. The security engineer sets the flow label to 0 for packets not part of any delivery sequence or structure. Payload length - Payload length indicates the length of the packet payload, up to a maximum of 64 KB. If the payload is larger than that, then this field is 0, and the security engineer will establish a special Jumbo Payload (4 GB) option. Hop Limit - Hop limit replaces the time to live (TTL) field in IPv4 but performs the same function. Traffic Class - The Traffic Class field describes the packet's priority.

dotted-decimal notation (DDN)

Format for expressing IPv4 addresses using four decimal values from 0 to 255 for each octet.

canonical notation

Format for representing IPv6 addresses using hex double-bytes with colon delimitation and zero compression.

In what STP-configured state(s) are all ports when a network running STP is converged?

Forwarding or blocking.

Assuming unmanaged switches, how many broadcast domains are present in the following figure?

Four. Each router interface is a separate broadcast domain. One broadcast domain contains Router A and Router B, another contains the nodes on the legacy segment, and the last two are the client nodes Switch A broadcast domain and the server nodes Switch B broadcast domain.

Internet Key Exchange (IKE)

Framework for creating a Security Association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree secure protocols and cipher suites to use to exchange data.

Extensible Authentication Protocol (EAP)

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials.

Fully Shielded Cabling has:

Fully shielded cabling has a braided outer screen and foil-shielded pairs and is referred to as shielded/foiled twisted pair (S/FTP). There are also variants with a foil outer shield (F/FTP).

microsegmentation

Function of an Ethernet switch whereby collision domains are reduced to the scope of a single port only.

CompTIA® Network+® troubleshooting methodology: Step: 1. Identify the problem:

Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually.

A network engineer is troubleshooting interconnectivity between IPv4 hosts and IPv6 hosts. The engineer has found there is a need for a layer three tunneling protocol that can encapsulate different types of IPv6 and IPv4 packets. What type of encapsulation should the engineer enable on the network?

Generic Routing Encapsulation (GRE) Tunneling protocol allows the transmission of encapsulated frames or packets from different types of network protocol over an IP network.

You need to provision a fiber patch panel to terminate incoming cabling with green LC connectors. What type of ports should be provisioned on the patch panel?

Green connector color-coding indicates angled physical contact (APC) finishing. This type of finishing is incompatible with PC or UPC ports. The patch panel must be provisioned with Lucent Connector ports with APC finishing type.

ICANN is a non-profit organization that's dedicated to keeping the Internet secure. What does ICANN manage?

ICANN (Internet Corporation for Assigned Names and Numbers) manages the generic TLDs (top level domains) such as .com, .org, .net, .info, and .biz. Country Codes. & ICANN manages the Domain Name System (DNS) which is a global hierarchy of distributed name server databases that contain information on domains and hosts within those domains.

What port configuration feature allows a server to smooth incoming traffic rates?

IEEE 802.3x flow control.

Loopback address

IP address by which a host can address itself over any available interface. A special address typically used to check that TCP/IP is correctly installed on the local host.

Link Local

IP addressing scheme used within the scope of a single broadcast domain only, they are not forwarded by routers. Nodes on the same link are referred to as neighbors.

Default gateway

IP configuration parameter that identifies the address of a router on the local subnet that the host can use to contact other networks. The default gateway is a router configured with a path to remote networks.

What type of scanning tool outputs a "Host is up" status report.

IP scanner. Note that while most IP scanners can also function as port scanners they are distinct types of scanning activity.

One function of Layer 4 is:

Identify each type of network application by assigning it a port number. For example, data requested from an HTTP web application can be identified as port 80, while data sent to an email server can be identified as port 25.

What is Flooding?

If a MAC address cannot be found in the MAC address table, then the switch acts like a hub and transmits the frame out of all the ports, except for the source port.

When both sending and receiving hosts are within the same broadcast domain or subnet, local address resolution takes place using ARP requests and ARP replies, as shown in the figure:

If the destination address is on a remote network, then the local host must use its default gateway to forward the packet. Therefore, it must determine the MAC address of the default gateway using ARP.

When should you escalate a problem?

If you cannot solve it yourself (although it won't be good for your career if you give up too easily). You might also escalate if you do not have authorization to perform the necessary changes or if the system is under some sort of warranty.

Encapsulation Errors

If you check the interface status, the physical link will be listed as up, but the line protocol will be listed as down. This type of error can arise in several circumstances: Ethernet frame type-Ethernet can use a variety of frame types. The most common is Ethernet II, but if a host is configured to use a different type, such as SNAP, then errors will be reported on the link. Ethernet trunks-When a trunk link is established between two switches, it will very commonly use the Ethernet 802.1Q frame format. 802.1Q specifies an extra frame header to carry a VLAN ID and type of service data. If one switch interface is using 802.1Q but the other is not, this may be reported as an encapsulation error. WAN framing-Router interfaces to provider networks can use a variety of frame formats. Often these are simple serial protocols, such as High-level Data Link Control (HDLC) or Point-to-Point Protocol (PPP). Alternatively, the interface may use encapsulated Ethernet over Asynchronous Transfer Mode (ATM) or Virtual Private LAN Service (VPLS) or an older protocol, such as Frame Relay. The interface on the Customer Edge (CE) router must be configured for the same framing type as the Provider Edge (PE) router.

Heat Map

In a Wi-Fi site survey, a diagram showing signal strength and channel utilization at different locations.

What tools can a Windows administrator use to troubleshoot DNS issues without installing additional software? (Select all that apply.) nslookup dig hostname --fqdn ipconfig /all

In a Windows environment, administrators can troubleshoot DNS name resolution with the nslookup command. The first step in troubleshooting DNS issues is to verify the name configured on a host. In Windows, you can use the command ipconfig /all to display the FQDN of the local host.t.

Paths to other IP networks can be manually configured where?

In the routing table or learned by a dynamic routing protocol. Dynamic routing protocols allow routers to share information about known networks and possible paths to them. This information allows them to choose the best routes to any given destination and select alternate routes if one of these is unavailable.

auto-MDI/MDIX

Interface that can detect a connection type and configure as MDI or MDI-X as appropriate. his means that the switch senses the configuration of the connected device and cable wiring and ensures that an MDI uplink to an MDIX port gets configured. This will also ensure a link if a crossover cable is used to connect an end system by mistake.

THREE-TIERED NETWORK HIERARCHY: Distribution/Aggregation Layer

Intermediate tier in a hierarchical network topology providing interconnections (fault-tolerant interconnections) between the access layer and the core.

Some protocols run directly on IP (rather than at the Transport layer). These IP protocol types include the following:

Internet Control Message Protocol (ICMP/1) is used for status messaging and connectivity testing. Internet Group Management Protocol (IGMP/2) is used with multicasting. Generic Routing Encapsulation (GRE/47) is used to tunnel packets across an intermediate network. This is used (for example) in some virtual private network (VPN) implementations. Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51) are used with the encrypted form of IP (IPSec). Enhanced Interior Gateway Routing Protocol (EIGRP/88) and Open Shortest Path First (OSPF/89) are protocols used by routers to exchange information about paths to remote networks.

An administrator received an alert regarding suspicious activity on the network. The system is logging the activity and the administrator must determine how to handle the situation. What kind of system most likely sent the alert? IDS IPS Firewall NAC

Intrusion detection system (IDS)

QSFP

Is a transceiver form factor that supports 4 x 1 Gbps links, typically aggregated to a single 4 Gbps channel.

Public IP address

Is one that can establish a connection with other public IP networks and hosts over the Internet. The allocation of public IP addresses is governed by IANA and administered by regional registries and ISPs.

An administrator is attempting to update a zone record on a name server but is unable to edit it. Why can't the administrator edit the record? It is a single zone namespace It is a single name server It is a secondary name server It is a primary server

It is a secondary name server which means that the server holds a read-only copy of the zone which the primary name server maintains through a replication process known as a zone transfer.

Problems with the timing and sequence of packet delivery are defined as latency and jitter for Video.

Latency is the time it takes for a transmission to reach the recipient, measured in milliseconds (ms). Jitter is defined as being a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds, using an algorithm to calculate the value from a sample of transit times.

What is forwarding referred to at: Layer 2: Layer 3:

Layer 2: Switching Layer 3: Routing

A security engineer implements port security on a hardware firewall. Which OSI model layer identifies the application ports to configure?

Layer 4 The transport layer (layer 4) manages end-to-end communications. At layer 4, a port number identifies each application, such as 80 for hypertext transfer protocol (HTTP) web traffic.

There are two main types of load balancers:

Layer 4 switch-Basic load balancers make forwarding decisions on IP address and TCP/UDP header values, working at the transport layer of the OSI model. Layer 7 switch (content switch)-As web applications have become more complex, modern load balancers need to be able to make forwarding decisions based on application-level data, such as a request for a particular URL or data types like video or audio streaming. This requires more complex logic, but the processing power of modern appliances is sufficient to deal with this.

A network technician needs to install a load balancer onto the network as the department has experienced issues with streaming media servers. What switches could the technician use to support this request? (Select all that apply.) Bridge Layer 4 Switch Layer 2 Switch Layer 7 Switch

Layer 4 switch—Basic load balancers make forwarding decisions on IP address and TCP/UDP header values, working at the transport layer of the OSI model. Layer 7 switch (content switch)—As web applications have become more complex, modern load balancers need to make forwarding decisions based on application-level data.

decibel (dB) loss (or insertion loss)

Loss of signal strength between a transmitter and receiver due to attenuation and interference measured in decibels.

A tech configures a network to use an E-lines service. Compare and evaluate the choices to determine which network type the tech configures.

MAN A metropolitan area network (MAN) is a network that covers an area equivalent to a municipality. A MAN uses a service category such as an E-line, which establishes a point-to-point link or an E-LAN, which establishes a mesh topology.

The main office is planning for more jobs to become remote in nature. The network team is briefing the chief information security officer (CISO) on the use of VPN software and the protocols used for point-to-muiltipoint connections. Which protocols should the team brief to the CISO?

MPLS & mGRE Multipoint Generic Routing Encapsulation (mGRE) is a version of the Generic Routing Encapsulation (GRE) protocol that supports point-to-multipoint links, such as the hub and spoke dynamic multipoint Virtual Private Network (VPN). Multiprotocol label switching (MPLS) can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes regardless of the underlying physical and data link topologies.

Physical interface

Mechanical specifications for the network medium, such as cable specifications, the medium connector and pin-out details (the number and functions of the various pins in a network connector), or radio transceiver specifications.

Flow Control

Mechanism defined in IEEE 802.3a that allows a server to instruct a switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames.

Automatic Private IP Addressing (APIPA)

Mechanism for Windows hosts configured to obtain an address automatically that cannot contact a DHCP server to revert to using an address from the range 169.254.x.y. This is also called a link-local address. If a Windows host does not receive a response from a DHCP server within a given time frame, it selects an address at random from the range 169.254.1.1 to 169.254.254.254. Also referred to as "Link Local".

FRAGMENTATION

Mechanism for splitting a layer 3 datagram between multiple frames to fit the maximum transmission unit (MTU) of the underlying Data Link network. IPv6 does not allow routers to perform fragmentation

Stateless Address Autoconfiguration (SLAAC)

Mechanism used in IPv6 for hosts to assign addresses to interfaces without requiring manual intervention.

A network administrator is reviewing some packets flagged by the Intrusion Detection System (IDS). The administrator notices that the packets are ping packets, but the size of the packets is much larger than expected. What is the MOST likely cause of the oversized packets?

Modified payload Payload is the data the packet is carrying. A modified payload will increase the size of the packet, exceeding normal packet size.

Mechanical Transfer Registered Jack - Fiber

Multi Mode SFF. Snap in Design Duplex connector

A systems administrator attempts to allow one host on the Internet to send content to other hosts that have identified themselves as interested in receiving the originating host's content. What should the administrator use to accomplish this?

Multicast IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content.

Various types of crosstalk that can be measured:

Near End (NEXT)-This measures crosstalk on the receive pairs at the transmitter end and is usually caused by excessive untwisting of pairs or faulty bonding of shielded elements. Attenuation to Crosstalk Ratio, Near End (ACRN)-This is the difference between insertion loss and NEXT. ACR is equivalent to a signal-to-noise ratio (SNR). A high value means that the signal is stronger than any noise present; a result closer to 0 means the link is likely to be subject to high error rates. Attenuation-to-Crosstalk Ratio, Far End (ACRF)-Far End Crosstalk (FEXT) is measured on the receive pairs at the recipient end. The difference between insertion loss and FEXT gives ACRF, which measures cable performance regardless of the actual link length. Power sum-Gigabit and 10 GbE Ethernet use all four pairs. Power sum crosstalk calculations (PSNEXT, PSACRN, and PSACRF) confirm that a cable is suitable for this type of application. They are measured by energizing three of the four pairs in turn.

An organization deployed components so that they could use NetFlow to measure network traffic statistics. Which of the deployed components needs a high bandwidth network link and substantial storage capacity? A.NetFlow exporter B.NetFlow collector C.NetFlow analyzer D.IPFIX

NetFlow collector A NetFlow collector needs a high bandwidth network link and substantial storage capacity because it aggregates flows from multiple exporters and a large network can generate huge volumes of flow traffic and data records.

Devices that operate at the data link layer include:

Network adapter or network interface card (NICs) Bridge Switch Wireless access point (AP)

A small organization is securing their wireless network with Wi-Fi Protected Access 3 (WPA3) personal. What are some of the issues with this method of authentication? (Select all that apply.) Group authentication No accountability SAE PAKE

One of the issues with WPA3, a personal mode of authentication is: Group authentication because the administrator must configure the same secret on the access point and on each node that joins the network. No accountability for individual user actions as all users share the same credential.

What is a Class D address?

One used for multicasting.

OSI Model

Open Systems Interconnection (OSI) Model developed by The International Organization for Standardization (ISO).

Which service maps ports and documents the mappings for new webserver connections and then substitutes the private IP address for a public IP address before sending the request to the public Internet? (Select all that apply.) Static NAT Dynamic NAT PAT NAPT

PAT (port address translation), also known as NAPT Network Address Port Translation (NAPT)

General purpose (nonplenum) cabling uses:

PVC (polyvinyl chloride) jackets and insulation.

4G Long-Term Evolution (LTE)

Packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE Advanced is designed to provide 4G standard network access.

Broadcast Addressing

Packet or frame addressed to all hosts on a local network segment, subnet, or broadcast domain. Routers do not ordinarily forward broadcast traffic. The broadcast address of IP is one where the host bits are all set to 1; at the MAC layer it is the address ff:ff:ff:ff:ff:ff.

Router Advertisement (RA)

Packet sent by an IPv6-capable router to notify hosts about prefixes and autoconfiguration methods available on the local link. An RA contains information about the network prefix(es) served by the router, information about autoconfiguration options, plus information about link parameters, such as the MTU and hop limit.

Zone index (scope id)

Parameter assigned by a host to distinguish ambiguous interface addresses within a link local scope.

Border Gateway Protocol (BGP)

Path vector exterior gateway routing protocol used principally by ISPs to establish routing between autonomous systems.

Which network topology describes the placement of nodes and how they connect to each other using network media?

Physical A physical network topology describes the placement of nodes and how they are connected by the network media. For example, in one network nodes might be directly connected via a single cable.

Physical Layer (PHY) specifies?

Physical Topology Physical Interface Signaling

At which layer of the OSI model is no header encapsulation applied?

Physical, Layer 1

A workstation cannot connect to a server application on a remote network. What is the first test you could perform to establish whether the workstation's link is OK?

Ping another local system, such as the default gateway.

A general ping sequence for identifying connectivity issues: Step 5: Ping Host Name

Ping the IP address of a remote host to verify you can communicate through the router. If a remote IP address cannot be contacted, check the default gateway parameter on the local host to rule out an incorrect gateway issue. If the gateway is configured correctly and you can ping the router, you need to start investigating the routing infrastructure.

A general ping sequence for identifying connectivity issues: Step 3: Ping gateway

Ping the IP address of the default gateway to verify it is up and running and that you can communicate with another host on the local network.

A general ping sequence for identifying connectivity issues: Step 2: Ping Host

Ping the IP address of the local host to verify it was added correctly and to verify that the network adapter is functioning properly. If you cannot ping your own address, there might have been a configuration error, or the network adapter or adapter driver could be faulty.

A general ping sequence for identifying connectivity issues: Step 1: Ping Loopback:

Ping the loopback address (ping 127.0.0.1) to verify TCP/IP is installed and loaded correctly. If this fails, reinstall the network protocol stack.

Vendor management

Policies and procedures to identify vulnerabilities and ensure security of the supply chain.

A technician configures a switch with an IP address and shared secret of a network authentication server. What type of best practice network hardening is being performed?

Port security or IEEE 802.1X Port-Based Network Access Control.

Host A is communicating with Host B. Host A uses the American Standard Code for Information Interchange (ASCII) and Host B uses Unicode. The clients agree to translate the communication to ASCII. What layer of the Open System Interconnection (OSI) model does the agreement and translation occur?

Presentation The Presentation layer (Layer 6) transforms data between the format required for the network and the format required for the application. For example, the Presentation layer is used for character set conversion.

A networking administrator is trying to power off a Cisco switch, but it is not working. The administrator needs to be in which mode to perform this task?

Privileged EXEC mode (or enable mode) allows the user to reboot or shut down the appliance and to backup and restore the system configuration.

Dynamic Host Configuration Protocol (DHCP)

Protocol used to automatically assign IP addressing information to hosts that have not been configured manually.

There are three versions of RIP:

RIPv1 is a classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520. RIPv2 supports classless addressing and uses more efficient multicast transmissions over UDP port 520. It also supports authentication. RIPng (next generation) is a version of the protocol designed for IPv6. RIPng uses UDP port 521.. The simplicity of RIP makes it suited to small networks with limited failover routes

Which networking component would connect to a SOHO router, operating at the first layer of the OSI model?

RJ-45

An organization is using video conferencing to conduct meetings between different locations. What protocols provides information that allows the network stacks to adjust the quality of service parameters?

RTP Control Protocol (RTCP) is a session on each RTP stream that monitors the quality of the connection and provides reports that the network stacks can use to tune Quality of Service (QoS) parameters.

scope

Range of consecutive IP addresses in the same subnet that a DHCP server can lease to clients.

An administrator has plugged in a new security camera, but when accessing the camera's web management interface, the administrator encounters a self-signed certificate error. What should the administrator do? Add an exception for the certificate Have the service owner update the certificate Synchronize the time between the client and server Replace the default certificate

Replace the default certificate

Network Address Translation (NAT)

Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

Cat 7 (Class F)

S/FTP or F/FTP 10GBASE-Tv 100 m (328 ft) 600 MHz GG45/TERA

Common Vulnerabilities and Exposures (CVE)

Scheme for identifying vulnerabilities developed by MITRE and adopted by NI

SCTP

Screened Twisted Pair

Separation of Duties (SoD)

Security policy concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

Defence in Depth (DiD)

Security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack's progress, rather than eliminating it outright.

proxy server

Server that mediates the communications between a client and another server. It can filter and often modify communications, as well as provide caching services to improve performance.

Show Commands

Set of commands in a switch OS to report configuration or interface information.

S/FTP

Shielded/foiled twisted pair

You need to verify whether a switch port is misconfigured by checking the number of collisions being reported. What general command could you use at a CLI to report this information?

Show Interface

antenna cable attenuation

Signal loss caused by an external antenna connected to an access point over cabling.

Effective Isotropic Radiated Power (EIRP)

Signal strength from a transmitter, measured as the sum of transmit power, antenna cable/connector loss, and antenna gain.

Desktop versus rack-mounted

Simple unmanaged switches with five or eight ports might be supplied as small freestanding units that can be placed on a desktop. Most larger switches are designed to be fitted to the standard-size racks that are used to hold networking equipment.

Trivial File Transfer Protocol (TFTP)

Simplified form of FTP supporting only file copying. TFTP works over UDP port 69.

Fiber optic cabling is divided into:

Single Mode (SMF) and MultiMode (MMF) types.

Local /Lucent Connector (LC) - Fiber

Single Mode, Multi Mode Push pull tabbed design. Gigabit Ethernet and 10/40 GbE

Subscriber Connector (SC) - Fiber

Single Mode, Multi Mode Push pull design Commonly used for Gigabit Ethernet

Kerberos

Single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system.

On a switch port, the following LED link states (status indicators) are typical:

Solid green-The link is connected but there is no traffic. Flickering green-The link is operating normally (with traffic). The blink rate indicates the link speed. No light- The link is not working or the port is shut down. Blinking amber- A fault has been detected (duplex mismatch, excessive collisions, or redundancy check errors, for instance). Solid amber- The port is blocked by the spanning tree algorithm, which works to prevent loops within a switched network.

A technician connects a computer to a network port. The technician reviews the properties of the network card in the operating system and changes some settings. It is then determined that the link is not working. The technician tests the adapter and cable and can confirm that there are no problems. No other users are experiencing problems. The old computer also experienced no problems. What specific cause does the technician suspect, and what is a possible remedy?

Speed mismatch-Check the autonegotiate settings on the adapter and port.

An engineer for a large firm documents the internal computer network. A diagram the engineer creates shows a top-down view of the Ethernet infrastructure in a hub and spoke layout. While considering the physical and logical topologies of the network, determine which choices qualify.

Star & Bus A star topology is a physical network design in which each node is connected to a central point. A star network is also referred to as a hub and spoke network. A logical bus topology is one in which nodes receive the data transmitted all at the same time, regardless of the physical wiring layout of the network. A star network operates as a logical bus network when a hub is used rather than a switch.

In IPv6, how can a host obtain a routable IPv6 address without requiring manual configuration?

Stateless address autoconfiguration (SLAAC) allows a host to autoconfigure an interface by listening for Router Advertisements to obtain a network prefix.

Accounting (AAA) architecture uses the following components:

Supplicant-the device requesting access, such as a user's PC or laptop. Network access server (NAS) or network access point (NAP)-edge network appliances, such as switches, access points, and VPN gateways. These are also referred to as AAA clients or authenticators. AAA server-the authentication server, positioned within the local network. There are two main types of AAA server: RADIUS and TACACS+.

An administrator needs to perform maintenance on routers and switches and is authenticating to them over TCP port 49. What protocol is the administrator using? A.TACACS+ B.RADIUS C.EAP D.IEEE 802.1X Port-based NAC

TACACS+ The administrator is using TACACS+ which is a protocol used in authenticating administrative access to routers and switches and uses TCP over port 49.

What are the sizes of TCP and UDP headers?

TCP is 20 bytes (or more) while UDP is 8 bytes.

A server is running Microsoft SQL Server and is replicating the data to other Microsoft SQL servers on the network. The application service is using which principal port? TCP 1433 TCP 1521 TCP 3306 TCP 5432

TCP/1433 Microsoft SQL Server uses TCP/1433 to allow clients to connect to the database server over the network and allow replication traffic to move between database servers. Microsoft SQL Server uses TCP/1433.

You need to configure clients to be able to communicate with print devices in a remote subnet. Which port number must you allow on a network firewall to enable the standard TCP/IP port?

TCP/9100.

A network operator is trying to troubleshoot kinks and imperfections in cabling that could affect performance. What should the network operator use to test the cabling?

TDR A cable tester might incorporate the function of a time domain reflectometer (TDR). A TDR measures the length of a cable run and locates kinks and other imperfections in cables that could affect performance.

A network technician is installing a new ethernet receptacle using a punch tool. Which blade type can the technician utilize to terminate the wires onto the punch block

Technicians mostly use 110 format punch blocks for LAN technology and RJ-45 connections. They have a set blade on one end of the punch tool.

A network installer is building a long-distance link. The nodes are approximately 10 km apart. What type of fiber link should the installer build for this link?

The 1000BASE-LX is a Gigabit Ethernet standard and supports 1 Gbps and a distance of 10 km using single mode fiber.

Who has created categories of cable standards for twisted pair to simplify selection of a suitable quality cable.

The American National Standards Institute (ANSI) and the Telecommunications Industry Association (TIA)/Electronic Industries Alliance (EIA)

A network administrator is looking at an ARP table on a switch for connected devices. Which Open Systems Interconnection (OSI) layer are they looking at?

The Data Link layer (layer 2) transfers data between nodes on the same logical segment. This is where ARP tables are located.

A security technician is looking at binary and trying to convert it to an IP address. The first field is 00110011. What does this translate to in decimal?

The IP address 00110011 would be 51 in decimal. The place values are powers of 2 (2^1=2, 2^2=4, 2^3=8, 2^4=16, and so on). The technician should memorize these values to perform binary/decimal conversions using the columnar method.

A technician is troubleshooting a network and has asked your advice. He is trying to ping 192.168.16.192. The network has been subnetted with the custom mask 255.255.255.224. Why might this return a "Destination host unreachable" message?

The IP address resolves to the subnet network address, not a host address. Windows does not normally allow pinging the network address. Other OSs treat it as an alternative broadcast address, but most systems are configured to disallow such directed broadcasts for security reasons.

If the IP address 10.0.10.22 were used with an /18 mask, how many subnets and hosts per subnet would be available?

The IP class is a class A address. The usable host range is 10.0.0.1 - 10.0.63.254. There are 1024 subnets each with 16,382 usable hosts. 18 bits (11111111.11111111.11000000.00000000) are allocated to the subnet ID (255.255.192.0) and 14 remain as host bits.

A network technician is looking at the route configurations for the organization's environment. What is it called when the IP network or subnet for each active router interface gets automatically added to the routing table?

The IP network or subnet for each active router interface gets automatically added to the routing table. These are known as directly connected routes.

What value is used as the BSSID?

The MAC address of the access point.

An organization is using the Simple Network Management Protocol (SNMP) for remote management and monitoring of servers and network appliances and must deploy an agent to each device. Where are the statistics relating to the activity of each device kept? OID MIB Get Trap

The SNMP agent maintains a database called a Management Information Base (MIB) that holds statistics relating to the activity of the device, such as the number of frames per second handled by a switch.

An administrator wants to ensure that nothing intercepts or modifies the communications between clients and the DNS servers. What can the administrator implement to prevent this from happening? (Select all that apply.) DNSSEC DNS over TLS DNS over HTTPS Internal DNS zones

The administrator can implement DNS over TLS (Transport Layer Security) which protects client queries from on-path attacks between the client and the DNS resolver. The administrator can implement DNS over HTTPS (Hypertext Transfer Protocol Secure) which protects client queries from on-path attacks between the client and the DNS resolver.

Bandwidth

The amount of data that can be transmitted over a network in a given amount of time, measured in bits per second (bps), or some multiple thereof.

In Windows, all changes to the network interface configuration are persistent, what does this mean?

The changes made will remain until the system is rebooted.

A server administrator is analyzing a normal Transmission Control Protocol (TCP) Teardown connection to their servers. How many FIN-WAIT states does the client go through during this process?

The client goes through two FIN-WAIT states. In the first step, the client sends a FIN segment to the server and then enters the FIN-WAIT1 state.

An organization needs to use shared mailboxes for managing customer inquiries. What mailbox access protocol should the clients utilize to retrieve the mail over secured connections? POP3S IMAP IMAPS MAPI

The clients should use IMAPS which is the Internet Message Access Protocol (IMAP) secured with TLS that supports permanent connections to a server and connecting multiple clients to the same mailbox simultaneously.

channel link

The entire cable path (patch cords plus permanent link)

How many different traffic classes can be defined by 802.1Q/p?

The field is 3-bit, allowing up to 8 values. In a typical schema, 7 and 6 can be reserved for network control (such as routing table updates), 5 and 4 map to expedited forwarding levels for 2-way communications, 3 and 2 map to assured forwarding for streaming multimedia, and 1 and 0 for "ordinary" best-effort delivery.

The parts of a IPv6 multicast address are subdivided as follows:

The first 8 bits indicate that the address is within the multicast scope (1111 1111 or ff). The next 4 bits are used to flag types of multicast if necessary; otherwise, they are set to 0. The next 4 bits determine the scope; for example, 1 is node-local (to all interfaces on the same node) and 2 is link local. The final 112 bits define multicast groups within that scope.

A client's browser has requested a web page. What protocol, at the Application layer of the OSI model, makes the request?

The foundation of web technology is the HyperText Transfer Protocol (HTTP). HTTP enables clients (typically web browsers) to request resources from an HTTP server.

Network Layer Reachability Information (NLRI)

The information about available networks and the routes whereby they may be reached, which routing protocols collect, manage, and distribute to the routers or other devices that use such routing protocols. BGP works over TCP on port 179.

A network architect analyzes the software-designed networking model and reviews the layer that handles the actual forwarding (switching and routing) of traffic and imposition of ACLs and other policy configurations for security. What is the appropriate layer for this description? OSI Network Layer 3 Datacenter Infrastructure Layer Leaf

The infrastructure layer contains devices (physical or virtual) that handle the actual forwarding (switching and routing) of traffic and imposition of ACLs and other policy configurations for security.

Physical topology

The layout of nodes and links as established by the transmission media. An area of a larger network is called a segment. A network is typically divided into segments to cope with the physical restrictions of the network media used, to improve performance, or to improve security. At the Physical layer, a segment is where all the nodes share access to the same media.

Logical Topography

The logical way computers connect on a network.

Attenuation

The loss of signal strength, expressed in decibels (dB). dB expresses the ratio between two measurements; in this case, signal strength at origin and signal strength at destination.

Maximum transmission unit (MTU)

The maximum frame size allowed to be transmitted across a network medium. The maximum size of the data payload is 1500 bytes.

An IP address provides two pieces of information:

The network number (network ID)-This number is common to all hosts on the same IP network. The host number (host ID)-This number identifies a host within an IP network.

What are nodes and links?

The nodes are devices that send, receive, and forward data and the links are the communications pathways between them.

An organization is working to secure email traffic. What are some methods the organization could use to do this?

The organization could use STARTTLS which is a command that upgrades an existing unsecure connection to use TLS. This is also known as explicit TLS or opportunistic TLS. The organization could use SMTPS, the TLS version of SMTP, which establishes the secure connection before the exchange of any SMTP commands. This is also known as implicit TLS.

Transceiver

The part of a network interface that sends and receives signals over the network media.

Demarcation point (often shortened to demarc)

The point at which the telco's cabling enters the customer premises

A network architect is assessing network performance. Which (two) of the following is part of the CSMA/CD protocol to identify collisions early? CRC FCS Preamble SFD

The preamble is for clock synchronization and as part of the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol to identify collisions early. The Start Frame Delimiter (SFD) is also used for clock synchronization and as part of the CSMA/CD protocol to identify collisions early.

What is same-layer interaction?

The protocol running at each layer communicates with its equivalent (or peer) layer on the other node.

You have pinged the router for the local subnet and confirmed that there is a valid link. The local host cannot access remote hosts, however. No other users are experiencing problems. What do you think is the cause?

The router is not configured as the default gateway for the local host. You can ping it, but the host is not using it for routing.

Dynamic Routing Protocols

The routing table is dynamically updated to account for loss or changes in routes or changes in data traffic

Layer 5 - Session - OSI

The session layer (layer 5) represents functions that administer the process of establishing a dialog, managing data transfer, and then ending (or tearing down) the session.

What switch configuration feature could you use to prevent web servers in the same subnet from communicating with one another?

This can be configured using a private VLAN. The servers are all placed in the same host VLAN and communicate out of the VLAN/subnet via the promiscuous port. Each server port is configured as an isolated port. The isolated ports are not able to communicate directly.

Why might an attacker launch a disassociation attack against an access point?

This could be a simple denial of service (DoS) attack to prevent network access, but the attacker could also be attempting to use an evil twin/rogue AP to intercept network traffic.

Passive test access point ( TAP )

This is a box with ports for incoming and outgoing network cabling and an inductor or optical splitter that physically copies the signal from the cabling to a monitor port. There are types for copper and fiber optic cabling. Unlike a SPAN, no logic decisions are made so the monitor port receives every frame-corrupt or malformed or not-and the copying is unaffected by load.

Which two topologies are used in the three-tier hierarchical model?

This is a hybrid topology with mesh and star elements. The core layer is a mesh and the links between core and distribution and distribution and access are also a mesh or partial mesh. The access switches use a star topology to connect end systems.

Active TAP

This is a powered device that performs signal regeneration (again, there are copper and fiber variants), which may be necessary in some circumstances. Gigabit signaling over copper wire is too complex for a passive TAP to monitor and some types of fiber links may be adversely affected by optical splitting. Because it performs an active function, the TAP becomes a point of failure for the links in the event of power loss.

What type of routing table entry is shown below? S* 0.0.0.0/0 [1/0] via 192.0.2.1

This is a static entry for the default route. The destination 0.0.0.0/0 represents an unknown network and will be matched if there is no match to a more specific destination. 192.0.2.1 is the gateway or next hop router for the default route.

Two client hosts have intermittent connectivity issues when accessing a server service on another subnet. No other client hosts exhibit this problem. What configuration problem might you suspect?

This is likely to be caused by a duplicate IP or MAC address. Replies from the server will be misdirected between the two hosts.

Your network monitor is recording high numbers of ICMP Time Exceeded notifications. What type of routing issue does this typically indicate?

This is typical of a routing loop, where packets circulate between two routers until the time to live (TTL) is exceeded.

SPAN (switched port analyzer)/mirror port

This means that the sensor is attached to a specially configured port on the switch that receives copies of frames addressed to nominated access ports (or all the other ports). This method is not completely reliable.

Fiber Finishing Types - UltraPhysical Contact (UPC)

This means the cable and connector are polished to a higher standard than with PC.

What type of cloud solution would be used to implement a SAN?

This would usually be described as Infrastructure as a Service (IaaS).

Threat Research

Threat research is a counterintelligence gathering effort in which security companies and researchers attempt to discover the tactics, techniques, and procedures (TTPs) of threat actors. The outputs from the primary research undertaken by security solutions providers and academics can take three main forms: Behavioral threat research -narrative commentary describing examples of attacks and TTPs gathered through primary research sources. Reputational threat intelligence-lists of IP addresses and domains associated with malicious behavior, plus signatures of known file-based malware. Threat data-computer data that can correlate events observed on a customer's own networks and logs with known TTP and threat actor indicators.

What is the purpose of subnetting?

To create layer 3 broadcast domain segments with fewer hosts. The trick with subnet design is to fit the scheme to the requirements for number of subnetworks and number of hosts per subnet. Each bit added to the mask approximately halves the number of available host addresses.

Why would you deploy a reverse proxy?

To publish a web application without directly exposing the servers on the internal network to the Internet.

Fusion Splicer

Tool for joining strands of fiber optic cable with minimal signal loss.

Devices that operate at the Physical layer include:

Transceiver Repeater Hub Media Converter Modem

Layer 6 - Presentation - OSI

Transforms data between the format required for the network and the format required for the application. For example, the presentation layer is used for character set conversion, such as between American Standard Code for Information Interchange (ASCII) and Unicode. The presentation layer can also be conceived as supporting data compression and encryption.

A systems administrator wants to ensure that port numbers are being appropriately assigned for each type of network application. What layer of the OSI model should the administrator be reviewing to ensure these actions are taken? Network Transport Session Application

Transport At the transport layer on the sending host, the system packages data from the upper layers as a series of layer 4 protocol data units (PDUs). It is critical at this layer that all types of network applications be assigned the correct port number. The network layer (layer 3) is responsible for moving data around a system of networks, known as an internetwork or the Internet. The session layer (layer 5) represents functions that administer the process of establishing a dialog, managing data transfer, and then ending (or tearing down) the session. The application layer (layer 7) is at the top of the OSI stack. An application-layer protocol does not encapsulate any other protocols or provide services to any protocol.

ROUTING LOOP ISSUES

Troubleshooting issue where a packet is forwarded between routers in a loop until its TTL expires.

Switching Loop

Troubleshooting issue where layer 2 frames are forwarded between switches or bridges in an endless loop.

NIC teaming

Two or more NIC aggregated into a single channel link for fault tolerance and increased throughput. Also known as NIC bonding.

Independent Basic Service Set (IBSS)

Type of wireless network where connected devices communicate directly with each other instead of over an established medium.

What types of DNS records have priority or preference values?

Typically, mail (MX) and service (SRV) records.

DNS uses what transport protocol and port?

UDP port 53 by default.

Cat 5

UTP 100BASE-TX (100 Mbps) 100 m (328 ft) 100 MHz RJ-45

Cat 5e (Class D)

UTP or F/UTP 1000BASE-T (1000 Mbps (1 Gbps) ) 100 m (328 ft) 100 MHz RJ-45

Cat 6a (Class Ea)

UTP, F/UTP, U/FTP, or S/FTP 10GBASE-T 100 m (328 ft) 500 MHz RJ-45

Time domain reflectometer (TDR)

Used to measure the length of a cable run and are able to locate open and short circuits, kinks/sharp bends, and other imperfections in cables that could affect performance.

Optical Time Domain Reflectometer (OTDR)

Used to measure the length of a fiber optic cable run and are able to locate faults.

SSH Client Authentication The server's host key is used to set up a secure channel to use for the client to submit authentication credentials. SSH allows various methods for the client to authenticate to the SSH server. Each of these methods can be enabled or disabled as required on the server:

Username/password -The client submits credentials that are verified by the SSH server either against a local user database or using a network authentication server. Public key authentication-Each remote user's public key is added to a list of keys authorized for each local account on the SSH server. Kerberos-The client submits the Kerberos credentials (a Ticket Granting Ticket) obtained when the user logged onto the server using the Generic Security Services Application Program Interface (GSSAPI). The SSH server contacts the Ticket Granting Service (in a Windows environment, this will be a domain controller) to validate the credential.

Memorandum of Understanding (MOU)

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

ARP

Utility to display and modify contents of host's cache of IP to MAC address mappings, as resolved by address resolution protocol (ARP) replies.

Full VPN Tunnel

VPN configuration where all traffic is routed via the VPN gateway.

Split VPN Tunnel

VPN configuration where only traffic for the private network is routed via the VPN gateway.

Which step follows "Implement the solution or escalate as necessary" in the troubleshooting methodology?

Verify full system functionality, and if applicable, implement preventive measures.

zero-day attack

Vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

To perform assessment and monitoring, security teams must identify ways in which their systems could be attacked. These assessments involve vulnerabilities, threats, and risk:

Vulnerability-A weakness that could be accidentally triggered or intentionally exploited to cause a security breach. Threat- The potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called a threat actor or threat agent. The path or tool used by a malicious threat actor can be referred to as the attack vector. Risk-The likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Which of the following remote print protocols allows secure connections to a print device and allows it to advertise service capabilities over the network, provide plug-and-play installation for Windows and iOS devices, and use bidirectional status messaging?

Web Services for Devices (WSD)/AirPrint allows for secure connections to a print device and allows it to advertise service capabilities over the network, provides plug-and-play installation for Windows and iOS devices, and uses bidirectional status messaging.

A network administrator is looking at a switch where the network is not converged. What does this mean?

When the network is not converged, no communications can take place. Under the original 802.1D standard, this made the network unavailable for extended periods (tens of seconds) during configuration changes.

Which copper Ethernet standard meets the bandwidth requirements for clients in an office network while minimizing costs?

Which copper Ethernet standard meets the bandwidth requirements for clients in an office network while minimizing costs?

Open authentication

Wireless network authentication mode where guest (unauthenticated) access is permitted

Convert the decimal value 72 into binary.

Work out the binary place positions that add up to 72: 128*0 + 64*1 + 32*0 + 16*0 + 8*1 + 4*0 + 2*0 + 1*0. Transcribe the 0s and 1s to form an octet: 01001000.

Convert the binary value 11110010 to decimal.

Work out the value of the binary place positions: 128*1 + 64*1 + 32*1 + 16*1 + 8*0 + 4*0 + 2*1 + 1*0. Sum the result to derive the answer 242.

User Datagram Protocol (UDP)

Works at the Transport layer, but unlike TCP, it is a connectionless, nonguaranteed method of communication with no acknowledgments or flow control.

At the 515support branch office, you have been asked to implement an IP network. Your network ID is currently 198.51.100.0/24. You need to divide this in half (two subnets) to accommodate hosts on two separate floors of the building, each of which is served by managed switches. The whole network is served by a single router. Each subnet only needs 32 usable addresses. Using the above scenario, answer the following question: Your manager has considered his original plan and realized that it does not accommodate the need for a WAN link to the head office or a separate segment for a team that works with sensitive data. What mask will you need to accommodate this new requirement, and how many hosts per subnet will it allow?

You now need four subnets. Adding one bit to the mask will double the available subnets from two to four. A /26 prefix or 255.255.255.192 mask leaves six bits left to work with for host addressing, so 62 host addresses will be available per subnet.

A network administrator configures a SOHO router for a small business. Which zone and IP address information is configured on the router for proper functionality for users to access all internal resources and the Internet?

Zone: private Internal IP range 192.168.51.0/24 Zone: public External IP 209.0.113.1 For the SOHO router to function properly for both internal network communications and access to the Internet, a private zone would use a private IP address range while a public zone would use a public IP.

A node that provides only a forwarding function is referred to as:

an intermediate system or infrastructure node.

Wavelength Division Multiplexing (WDM)

duplex interfaces with one transmit port and one receive port that require two fiber strands. Each strand is a single channel. Wavelength Division Multiplexing (WDM) is a means of using a strand to transmit and/or receive more than one channel at a time.

What is Cat 8 intended for?

for use in datacenters only for short patch cable runs that make top-of-rack connections between adjacent appliances.

How are port numbers handled on the receiving host?

each segment is decapsulated, identified by its port number, and passed to the relevant handler at the application layer. Put another way, the traffic stream is de-multiplexed.

The link local range is:

fe80::/10. Link local addresses start with a leading fe80, with the next 54 bits set to 0, and the last 64 bits are the interface ID.

Which of the following IPv6 addresses is a valid unicast host address? fe80::218:8bff:fea7:bd37 fe80::219:d2ff::7850 ff02::219:d2ff:fea7:7850

fe80::218:8bff:fea7:bd37

Internet Engineering Task Force (IETF) ( ietf.org )

focuses on solutions to Internet problems and the adoption of new standards, published as Requests for Comments (RFCs). Some RFCs describe network services or protocols and their implementation, while others summarize policies. An older RFC is never updated. If changes are required, a new RFC is published with a new number. Not all RFCs describe standards. Some are designated informational, while others are experimental.

IPConfig - Command tool used to gather information about the IP configuration of a Windows host

ipconfig without any switches will display the IP address, subnet mask, and default gateway (router) for all network interfaces to which TCP/IP is bound. ipconfig /all displays complete TCP/IP configuration parameters for each interface, including whether the Dynamic Host Configuration Protocol (DHCP) is enabled for the interface and the interface's hardware (MAC) address. ipconfig /renew interface forces a DHCP client to renew the lease it has for an IP address. ipconfig /release interface releases the IP address obtained from a DHCP Server so that the interface(s) will no longer have an IP address. ipconfig /displaydns displays the Domain Name System (DNS) resolver cache. ipconfig /flushdns clears the DNS resolver cache. ipconfig /registerdns registers the host with a DNS server (if it supports dynamic updates).

What is a Plenum Space

is a void in a building designed to carry heating, ventilation, and air conditioning (HVAC) systems. Plenum space is typically a false ceiling, though it could also be constructed as a raised floor. As it makes installation simpler, this space has also been used for communications wiring in some building designs. Plenum space is an effective conduit for fire, as there is plenty of airflow and no fire breaks (such as walls or doors). If the plenum space is used for heating, there may also be higher temperatures. Therefore, building regulations require the use of fire-retardant plenum cable in such spaces.

What is (or twinax)?

is similar to coax but contains two inner conductors. Twinax is used for datacenter 10 GbE (unofficially referred to as 10GBASE-CR) and 40 GbE (40GBASE-CR4) interconnects of up to about 5 meters for passive cable types and 10 meters for active cable types. Twinax for 10/40 GbE is terminated using SFP+ Direct Attach Copper (DAC) and QSFP+ DAC transceivers.

What is a collision?

is the state when a signal is present on an interface's transmit and receive lines simultaneously. On detecting a collision, the node broadcasts a jam signal. Each node that was attempting to use the media then waits for a random period (backoff) before attempting to transmit again.

Multimode Fiber (MMF) has a

larger core (62.5 or 50 microns) and shorter wavelength light (850 nm or 1300 nm) transmitted in multiple waves of varying length. MMF uses less expensive optics and consequently is less expensive to deploy than SMF. However, it does not support such high signaling speeds or long distances as single mode and so is more suitable for LANs than WANs.

Encapsulation example

on the sending node, data is generated by an application, such as the HyperText Transfer Protocol (HTTP), which will include its own application header. At the transport layer, a Transport Control Protocol (TCP) header is added to this application data. At the network layer, the TCP segment is wrapped in an Internet Protocol (IP) header. The IP packet is encapsulated in an Ethernet frame at the data link layer, then the stream of bits making up the frame is transmitted over the network at the physical layer as a modulated electrical signal.

Shielding for Screened cabling has:

one thin outer foil shield around all pairs. Screened cable is usually designated as screened twisted pair (ScTP) or foiled/unshielded twisted pair (F/UTP), or sometimes just foiled twisted pair (FTP).

Single mode fiber to twisted pair

powered converters change light signals from SMF cabling into electrical signals carried over a copper wire Ethernet network (and vice versa).

Show Command - Commands:

show config displays the switch's configuration. The startup configuration ( show startup-config ) could be different from the running configuration ( show running-config ). If there has been some undocumented change to the switch, using these commands and comparing the output may reveal the source of a problem. show interface lists the state of all interfaces or the specified interface. Interfaces are identified by type, slot, and port number. For example, GigabitEthernet 0/2 (or G0/2) is port #2 on the first 10/100/1000 slot (or only slot).

Copper cable suffers from high attenuation, meaning:

the signal quickly loses strength over long links

IGMP Snooping

the switch reads IGMP messages and can determine if the host on an access port or one or more hosts in a VLAN have joined a multicast group. Multicast traffic is filtered from ports and VLANs that have no hosts participating in the multicast group.

Physical Layer (PHY) of the OSI Model is responsible for:

the transmission and receipt of the signals that represent bits of data from one node to another node. Different types of transmission media can be classified as cabled or wireless.

The 100BASE-TX FAST ETHERNET STANDARD:

uses the same CSMA/CD protocol as 10BASE-T but with higher frequency signaling and improved encoding methods, raising the bit rate from 10 Mbps to 100 Mbps. 100BASE-TX refers to Fast Ethernet working over Cat 5 (or better) twisted pair copper cable with a maximum supported link length of 100 meters (328 feet).


Conjuntos de estudio relacionados

Macroeconomics Exam 2 Launchpad HW

View Set

Combo with Mnemonics and 27 others_10-25

View Set

control of gene expression in prokaryotes ch16

View Set

Introduction to business unit one exam, (chapters 1-7)

View Set