CompTIA Network+

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

- Root Bridge - Root port - Designated Port - Nondesignated Port

- This is a switch elected to act as a reference point for a spanning tree in STP topology. It features all ports in a Designated state - In STP toplogy, every nonroot bridge has a single root port, which is the port on that switch that is closest to the root bridge in terms of cost. - Every network segment has a single one of these, which is the port on that segment that is closest to the root bridge in terms of cost. Therefore, all ports on a root bridge are this type. - These ports block traffic to create a loop-free topology.

- Smart Jack - Tip & Ring - NT1

- This is a type of network interface device that adds circuitry and features such as converting between framing formats on a digital circuit (for example, a T1), supporting remote diagnostics, and regenerating a digital signal. - These are the red & green wires found in an RJ-11, old school POTS phone jack - This is an ISDN device that interconnects a 4-wire ISDN circuit with a 2-wire ISDN circuit

- PUA (privileged user agreement) - On-boarding/Off-boarding

- This establishes agreed-upon rules of behavior for individuals with elevated permissions, usually for someone like a network administrator. - This is the term for policy guidelines related to steps taking during hiring & firing of employees as it pertains to the IT dept

- PPTP (Point-to-Point Tunneling Protocol) - IPSec

- This is a set of communication rules that govern the secure implementation of virtual private networks (VPN) - This is a set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet.

- Modal Distortion or Multimode Delay Distortion

A light distortion problem unique to MMF (multimode fiber-optic cable). Happens when light signals are sent at the same time and the light breaks down into a fuzzy beam. This is why MMF cable is not used for distances as long as SMF (single mode fiber) cables.

Controller Area Network (CAN), not to be confused with Campus Area Network, also CAN

A network type which replaces bulky wiring systems and reduces weight & cost in industrial application, allowing controllers to share information

Split DNS

An implementation of DNS where internal and external DNS queries are handled by different DNS servers or by a single DNS server that is specially configured to keep internal and external DNS zones separate; enhances security.

CIR (committed information rate)

The guaranteed minimum amount of bandwidth selected when leasing a frame relay circuit, usually agreed upon with a SLA. Frame relay costs are partially based on this.

WLC (Wireless LAN Controllers)

These are used in Enterprise networks in order to centrally manage Wireless Access Points

- Port Numbers

These help your computer to understand what pieces of data are intended for and which application to get the data to.

- BOOTP (Bootstrap Protocol) - RARP (Reverse Address Resolution Protocol)

- A UDP, Application layer network protocol that helps diskless workstation computers get an IP address before loading an advanced operating system. It uses a central list of IP addresses and their associated devices' MAC addresses to assign IP addresses to clients dynamically. It does not support dynamic allocation & was the precursor to DHCP. - What is another protocol besides this and DHCP which can allocate IP addresses to clients, but cannot support dynamic allocation?

- Frames - 1500 bytes - OSI Layer 2: Data Link, TCP/IP Layer 1: Network or Link Layer

- How does a NIC send data? - What is the maximum size for these units? - What layer of the OSI and TCP/IP model does this work at?

- fc00::/7 - ::1/128

- What is a private IPv6 address? - What is the IPv6 loopback address?

- nbtstat - "nbtstat -n": this will check to make sure your computer's Registered Name is the same as what you think it is - "nbtstat -c": this will display your remote name cache - "nbtstat -a [system name]": this will show you the actual registered information for the computer system name you typed in - "nbtstat -r" is basically statistics of what it has been doing lately but it does not work well with modern systems b/c of archaic rules it was programmed with - "nbtstat -R" will clear your remote cache name table - "nbtstat -RR" will Rebroadcast and Reestablish all of your information out onto the network

- What is an older command originally designed to work with NetBIOS? - What are six switches for it?

- BOOTP (Bootstrap Protocol) - ifconfig - ipconfig /release and /renew

- What is essentially the same thing as DHCP but the Linux term for it (and its predecessor)? - What is the Linux version of ipconfig? - What switches can help with DHCP/IP addressing issues?

- Personal Mode - Enterprise mode

- What is wireless security called when using a PSK (pre-shared key)? - What is is called when using 802.1x

Federated System Trust

A common authentication system shared by multiple separate entities that allows users to authenticate seamlessly among the different entities.

Beamwidth

A measure of the angle of a radiation pattern in antennas, defined in degrees

Converged Network

A network that aggregates various forms of traffic such as voice, video, and data on the same network infrastructure.

RSSI (Received Signal Strength Indicator)

A relative metric used by 802.11 radios to measure the power of a wireless signal.

Dijkstra's shortest path first algorithm

An algorithm used in calculating the shortest path between an origin node and other destination nodes in a network. Used with Link State routing protocols

SDN (Software Defined Networking)

Approach to networking that aims at separating the infrastructure (hardware) layer from the control layer. Directly programmable from a central location, flexible, vendor neutral, based on open standards. Basically just "network virtualization"- allows data transmission paths, comm decision trees, flow control to be virtualized

Unified Threat Management (UTM)

Comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software

Deauthentication Attack

Denial-of-service (DoS) strike that disconnects a wireless host from a WAP, so that the victim is forced to reconnect and exchange the wireless key multiple times; an attacker can then perform an offline brute-force cracking of the password or trick them into connecting to a malicious network.

Hold-down timer

Distance vector routing protocol safeguard that avoids flapping. After a router makes a change to a route entry, this prevents any subsequent updates for a specified period of time. This approach helps stop flapping routes (which are routes that oscillate between being available and unavailable) from preventing convergence.

Cable Certifier

If you are working with an existing cable and want to determine its category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can use this tool

CSMA/CD

What Ethernet technology features a backoff timer?

- User training & awareness - Patch management - Policies & Procedures - Incident Response

What are four big ways to mitigate network threats?

A firewall filters traffic, an IDS reports, and an IPS takes action to stop malicious actions.

What are the differences between a firewall, an IDS, and an IPS?

- STARTTLS - It should be using Port 587 but it used to use Port 465 1. Port 465 for SMTP 2. Port 995 for POP3 3. Port 993 for IMAP

- A command (not an acronym) used to upgrade an unencrypted connection to an encrypted connection on the same port. Used primarily for older, unencrypted email protocols. - What port does it use? - What three ports were used for encrypting unsecured email protocols before this command was implemented?

- ARP (Address Resolution Protocol) - Run "arp -a" to see your ARP cache

- A communications protocol that resolves IP addresses to MAC addresses when the computer only knows the IP address - How can you see where known MAC addresses from this process are stored on a computer?

- Traffic Shaping - QoS (Quality of Service) - Policing

- Manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment by delaying excess traffic and creating queues. Can buffer excess traffic and send it later and monitors traffic from each host. - This is the major method of how the above operation is performed. - Another method which has the ability to drop excess packets

- Loopback Plug - Looking-glass site/server - Throughput Tester

- A device used to test a port in a computer or other device to make sure the port is able to send & receive traffic and might also test the throughput or speed of the port. - This allows users to connect to view the routing information from that server's perspective. These are normally related to Border Gateway Protocol (BGP) routes. - This is a network appliance that typically has multiple network interfaces and can generate high volumes of pseudo-random data. Used for simulating network performance under a heavy load.

- SONET (Synchronous Optical Network) - OC-1 @ 51.85 Mbps, STS-1 - OC-3 @ 155.52 Mbps, STS-3 - OC-12 @ 622.08 Mbps, STS-12 - DWDM (Dense Wavelength Division Multiplexing) which basically uses multiple light colors and can multiply one connection by as much as 150 times

- A high-bandwidth WAN signaling technique that specifies framing and multiplexing techniques at the Physical layer of the OSI model. Its four key strengths are that it can integrate many other WAN technologies, it offers fast data transfer rates, it allows for simple link additions and removals, and its double ring of fiber-optic cable provides a high degree of fault tolerance. - What are the first three tiers of cabling, speeds, and signal methods? - What has this standard come out with to compete with 10 Gb Ethernet?

- DDNS (Dynamic DNS) - EDNS (Extension Mechanisms for DNS)

- A method of dynamically updating DNS records for a host. It reports IP address changes to a special service you have to register with (for example, www.tzo.com), which automatically updates DNS records. - A DNS variant which supports newer DNS features while maintaining backward compatibility with the original DNS implementation through pseudo-resource-records

- Packet Switching 1. Frame Relay has been around since the '80s. Makes use of VCs for interconnecting sites and shares the service provider's bandwidth. It doesn't care about errors & is fast. This has largely faded out. 2. ATM (Asynchronous Transfer Mode) uses fixed cells instead of variable frames. Used on things like SONET. It is also starting to fade out b/c it was designed to do data plus a lot of other things like voice, but nowadays pretty much everything is done with data. One example of a shortcoming is that it breaks things down into packets only 53 bits long. 3. MPLS (Multiprotocol Label Switching) is very IP or data-centric. Uses label switching for routing frames. Makes forwarding decisions based on a label contained in a 32-bit header. Supports multiple protocols on the same network. Also performs traffic engineering (which allows traffic to be dynamically routed within an MPLS cloud based on current load conditions of specific links and availability of alternate paths). This is the dominant type of switching out there now.

- A mode of data transmission in which a message is broken into a number of parts that are sent independently, over whatever route is optimum for each packet, and reassembled at the destination; updated version of circuit switching and allows users to share bandwidth. - What are three types of technology used with this?

- AD (administrative distance) - A directly connected network - A statically configured network

- A number indicating a protocol's reliability (for routing), with lower values being given higher priority. This assignment can be changed by a network administrator when one protocol should take precedence over a previously higher-rated protocol on a network. - What will have a number of 0? - What will have a number of 1?

- WiMAX (Worldwide Interoperability for Microwave Access) - 802.16 - Regular cellphone WANs which were originally designed to carry only voice, not data.

- A recent wireless technology that can deliver maximum speeds of up to 7 Mbps to your cell phone, home computer, or car. It is an extension of regular wifi networks that we see all over the place. Has a range of about 17 miles. - What standard is it based on? - What is the more popular alternative to this?

- LSR (Label Switch Router) - P (Provider) - CE (Customer Edge) - CPE (Customer Premise Equipment) - PE (Provider Edge) or ELSR (Edge Label Switch Router); two names for the same device

- A router that makes frame-forwarding decisions based on labels applied to frames - A service provider internal router that doesn't directly interface with the customer routers - A router that uses static or dynamic routing protocols but doesn't run MPLS - A device residing at a customer site - This router resides at the edge of an MPLS service provider's cloud and interconnects a service provider to one or more customers.

- Routing Loop 1. Split horizon: The split-horizon feature prevents a route learned on one interface from being advertised back out of that same interface. 2. Poison reverse / Route Poisonin: This feature causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.

- A routing process in which two routers discover different routes to the same location that include each other but never reach the endpoint. - What are two ways Distance Vector routing protocols guard against this?

- GBIC (Gigabit Interface Converter) - The advent of SFP (Small Form-factor Pluggable) standard

- A standard type of modular interface designed in the 1990s for Gigabit Ethernet connections. They may contain RJ-45 or fiber-optic cable ports (such as LC, SC, or ST). They are inserted into a socket on a connectivity device's backplane and allow you to quickly remove and insert a port in a modular switch you are troubleshooting? - What rendered this all but obsolete?

- NIC teaming - Clustering

- A type of link aggregation in which two or more NICs work in tandem to handle traffic to and from a single node. Can move data faster but also provides redundancy & fault tolerance (high availability) - What is something else which provides high availability but would be something like putting a group of servers together with their own internal networks & switches so all of the devices act together as a single device. Very common in a virtualized environment

- 66 block - 110 block

- A type of punch-down block designed to terminate telephone connections. An earlier style which has become outdated with faster computer networks. - The newer style

- EGP (Exterior Gateway Protocol), only one example: BGP (Border Gateway Protocol) which uses ASNs (Autonomous System Numbers). BGP is a hybrid protocol and is the primary one for the internet. Uses a complex set of metrics called Path Vectors. - IGP (Interior Gateway Protocol) which has two examples: 1. RIP (Routing Information Protocol); older, for smaller networks 2. OSPF (Open Shortest Path First); more modern, uses metric of cost 3. IS-IS (Intermediate System-to-Intermediate System): This link-state routing protocol is similar in its operation to OSPF. It uses a configurable, yet dimensionless, metric associated with an interface and runs Dijkstra's shortest path first algorithm. Not widely deployed. 4. EIGRP (Enhanced Interior Gateway Routing Protocol): EIGRP is a Cisco proprietary protocol. It is popular in Cisco-only networks, but less popular in mixed-vendor environments. Like OSPF, EIGRP is an IGP with fast convergence and is very scalable. EIGRP is more challenging to classify as a distance-vector or a link-state routing protocol. Uses DUAL instead of Dijkstra's algorithm

- A type of routing protocol used by border routers and exterior routers to distribute data outside of AS (Autonomous Systems). What protocols does this use? - The protocol responsible for exchanging routing information between gateways within an AS. What protocols does this use?

- Protocol Data Unit (PDU) or Data Service Unit - Layer 4 Transport = Segments (TCP) or Datagrams (UDP) - Layer 3 Network = Packets - Layer 2 Data = Frames - Layer 1 Physical = Bits - Some People Fear Birthdays

- A unit of data at any layer of the OSI model. - What are these called at different layers? - What is a pneumonic device to help remember this?

- Z-Wave; 900 Mhz, 30 meters, 9600 bps - Ant+; 2.4 Ghz, 30 Meters, 20 Kbps

- A wireless communications protocol used primarily for home automation. It is a mesh network using low-energy radio waves to communicate from appliance to appliance. Found with devices such as lighting control systems, security systems, thermostats, windows, locks, swimming pools, and garage door openers. What are some stats for it? - A wireless protocol for monitoring sensor data, primarily on health devices, such as a person's heart rate or a car's tire pressure, as well as for controlling systems such as indoor lighting and entertainment appliances such as televisions. Owned by Garmin. What are some stats for it?

- NetBIOS (Network Basic Input/Output System) - LLMNR (Link Local Multicast Name Resolution)

- An older protocol that operates at the Session layer of the OSI seven-layer model for name resolution. This protocol creates and manages connections based on the names of the computers involved. - This is a newer version which started around the Windows Vista era

- Hub or Multiport Repeater - CSMA/CD to help prevent collisions - A Bridge - A Layer 2 Switch; it memorizes MAC addresses on a MAC table and thus will only send data to intended recipient, not every device on the network and makes forwarding decisions in hardware - A Layer 3 switch which can make forwarding decisions like a router and can also connect separate networks; however, routers are usually more feature-rich and support a broader range of interface types (e.g. serial ports, etc)

- Dumb device which simply creates multiple copies of every frame received and broadcasts to entire network - What does it use to help manage traffic? - What device separates two or more LAN segments into separate collision domains and can be used to scale Ethernet networks, forwards based on MAC addresses and software? - What is a similar but smarter device and how does it differ? - What device is similar to this last one but with more capabilities?

- Create an account named "Anonymous" - Open a command prompt and type "ftp" then the IP address of the FTP server. You may also have to enter a username & password - The "GET" command downloads and the "PUT" command uploads - SFTP (Secure FTP) and it uses SSL (older) or TLS (modern)

- How can you enable public access to your FTP server? - How do you access the built-in FTP client in Windows? - What are two important commands for it? - What is a secure option for FTP and what encryption does it use?

- It is a tunneling method that uses the internet itself as a Layer 1 connection between two devices which are not directly connected by other means. It will also make the remote device have an IP address that is the same as the local network it is connected to. The challenge of a VPN is that LANs often use private IP addressing by assigning hosts IP addresses which are not valid on the wider internet. So the remote device will need a public IP address to get to the network and then a private IP address to reach the LAN. It gets around this by creating an IP address packet inside an IP address packet. - A VPN endpoint which could be a regular router with VPN capabilities or a VPN Concentrator which is a dedicated box that does nothing but act as a VPN endpoint 1. Client-to-site VPN: connects remote device to a local network 2. Site-to-site VPN: connects two separate networks into one - Overlay network

- How does a VPN work? - What does it require on the network side? - What are two types of VPNs? - What is another name for a VPN network?

- You need an external or internal modem which connects to your POTS line. Your ISP would provide you with a phone number to dial to as well as a username & password. - 56kbps - PPP

- How does dial-up internet work? - What was its max speed? - What connection protocol did it use?

- 128 bits which means a much larger address space - Aggregation - Self Configuration; it uses NDP (Neighbor Discovery Protocol) - Dual Stack

- How large is an IPv6 address? - What is something which ended up not working with IPv4 but does work with IPv6 and allows data to move between source & destination much faster, speeding up latency? - What is a benefit of IPv6 which replaces NAT, ARP, DHCP, etc and what protocol does it use? - What is it called when you are running IPv4 and IPv6 at the same time?

- Each port on a router makes up a separate collision domain - Same for a switch - For hubs, every port will belong to the same collision domain. So no matter how many ports a hub has, it will only be 1 collision domain.

- How many ports on a router make up separate collision domains? - What about a switch? - What about a hub?

- IPAM - IP Address Management - It can do things like automatically create new DHCP scopes, create new reservations, and create blocks of addresses - Very useful for servers and virtual machine farms

- One of the features introduced with Windows Server 2012 R2. It allows integration of DNS and DHCP so that each is aware of the changes in the other. Allows an administrator to customize and monitor the IP address infrastructure on a corporate network. It is essentially designed to keep track of all of your IP addresses & take care of the addressing needs for your network - What sorts of things can it do? - Where is it very useful?

- DNS (Domain Name System) - The ipconfig /all command will show all DNS server information - Google's DNS server address is 8.8.8.8 - Top Level Domain: for example .com, .edu, or .gov

- The Internet's system for converting alphabetic FQDN (Fully Qualified Domain Names) into numeric IP addresses. - How can you see all info for these type of servers? - What is the address of Google's server of this type? - What is a TLD?

- Port Bonding (aka NIC Bonding, Port Aggregation) - Port Channel - LACP (Link Aggregation Control Protocol) - Set the ports as active/active or active/passive. Just don't set them as passive/passive or they won't work properly.

- The logical joining of multiple redundant ports and links between two network devices such as a switch and storage array. It has two or more ports team up to effectively give you one, higher-speed port. To accomplish this, make a group first, then assign the switch ports to a group. - What is another name for one of these groups? - What protocol enables this? - How should you set each port up to ensure traffic will flow correctly?

- Time Division Multiplexing (TDM) - Frequency Division Multiplexing (FDM) - BERT (Bit Error Rate Testing), usually a button on the CSU/DSU which tests the percentage of bits received with errors, but older ones could be a separate box

- The process of having frames that carry a bit of every channel in every frame sent at a regular interval in a digital T1 connection. - This process was used with phone companies back when connections were still analog - What is called when you use a cable is used to connect two T1 CSU/DSU devices in a back-to-back configuration. - What is a quick test you can do if you are having problem with a T1 connection?

- Straight Through cable - Crossover Cable

- These are the most common type of RJ-45 cable; the wiring will be the same on both ends - This will have the wiring on both ends reversed

- Channel Bonding - 802.11n

- This allows two wireless bands to be logically bonded together, forming a band with twice the bandwidth of an individual band. Some literature refers to this as 40-MHz mode (two 20-Mhz bands) - What wireless standard introduced this?

- "route" "-f": This option clears gateway entries from the routing table. If this option is used with another option, the clearing of gateways from the routing table occurs before any other specified action. "-p": This option can be used with the add command to make a statically configured route persistent, meaning that the route will remain in a PC's routing table even after a reboot. "command": Supported commands include print, add, delete, and change. The print command lists entries in a PC's routing table. The add command adds a route entry. The delete command removes a route from the routing table, while the change command can modify an existing route. "destination": This option specifies the destination host or subnet to add to a PC's routing table. "mask netmask": This option, used in conjunction with the destination option, specifies the subnet mask of the destination. If the destination is the IP address of a host, the netmask parameter is 255.255.255.255. "gateway": This option specifies the IP address of the next-hop router used to reach the specified destination. "metric metric": This option specifies the cost to reach a specified destination. If a routing table contains more than one route to reach the destination, the route with the lowest cost is selected. "if interface": If you want to forward traffic to a specified destination out of a specific interface, use this option.

- This command can display a PC's current IP routing table. In addition, you can use this command to add or delete entries to or from that routing table. - What are some switches for it?

- netstat - netstat -n - netstat -b - netstat -o - netstat -a - netstat -r (this is identical to the "route print" command) *You can also combine commands; for example, netstat -bn will show the executables AND display things numerically

- This command lists all of the open ports and various IP based connections on your computer - What is a switch which will display things numerically and is usually easier to read? - What's another switch which will show the executable for every connection? - What will show the executables and the PID for every connection? - What will show all open ports, even ones you don't currently have a connection on? - What is a switch that is sort of unrelated but shows your local routing table?

- CSU/DSU - DSLAM (Digital Subscriber Line Access Multiplexer)

- This device can distinguish between data arriving on various DS0s and can be thought of as a digital modem. When a digital circuit comes into a customer's location, the circuit is terminated on it - This is is often located in a telephone company's central office (CO), and acts as an aggregation point for multiple DSL connections going out to subscribers.

- SNMP 1. Agent: this is software built into the device from the manufacturer which lets it so SNMP. 2. Once you have connected with an agent, the device becomes a Managed Device. 3. SNMP Manager: this is the device you choose to manage the devices, usually a PC. It will have to be running some sort of application for SNMP management which we call a Network Management Station or NMS. 4. MIB (Management Information Base): this is built into devices and it's what lets proper communication take place with the NMS. For example, so that a printer will receive information it can understand versus a switch or different device also connected via SNMP. It's really a database we query

- This is the de facto standard of network management protocols & is a tool which allows us to administer & manage network devices from a single source. - What four things are required for it to function?

- Port Trunking - IEEE 802.1Q or VTP (VLAN Trunking Protocol); it adds a VLAN field to the ethernet frame to show which VLAN the frame belongs to - Port Mirroring

- This moves traffic from all VLANs between switches, so that enables VLANs to be on more than one physical switch. When you do this, there will be a complete separation of the VLAN ports from the other ports - What is a standard for this and how does it work? - A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port.

- ICMP (Internet Control Message Protocol) - IGMP (Internet Group Management Protocol)

- This protocol works at the Network layer 3 of the OSI model and Internet Layer 2 of the TCP/IP model. There isn't really any data sent via this. It's more like checking communication status. A great example is Ping. Another example is ARP - This protocol is what allows Multicast to work and also operates on Internet Layer 2 of the TCP/IP model.

- Hub and Spoke - It helps to minimize expenses since the spokes are connected through the hub rather than requiring direct connections between all of the spokes - It lacks redundancy as the hub is potentially a single point of failure - A Full-Mesh topology; all WANs are directly connected to each other and it is highly fault tolerant, however it is very expensive - A Partial Mesh topology in which only certain sites are directly interconnected. This adds fault tolerance and limits expense since not every single site is directly connected.

- This topology is similar to a Star, but it used more for large WAN setups connecting multiple LANs together such as multiple corporate locations - What is the benefit of this topology? - What is the drawback? - What is another option that would counter this drawback? - What is a variation of this second type?

- Packet-filtering Firewall - Stateful Firewall

- This type of firewall looks at packet addresses and admit or denies packets going in or out of the network; pretty fast; default in personal computers - This type of firewall inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the firewall permits that traffic.

- The hosts file - It is a text file - Windows > System32 > Drivers > etc

- This was used before DNS and is still found in Windows and actually takes precedence over DNS - What type of file is it? - Where is it located in Windows?

- "iptables" - "nmap" - "tcpdump"

- What UNIX command puts rules in place for packet filtering and is a software firewall included in most Linux distros? - What command is used to explore networks, perform security scans, create network audits, and find open ports on remote machines? The tool can scan for live hosts, operating systems, packet filters, and open ports. - This command is a protoclol analyzer in UNIX; used to print out the headers of packets on a network interface that match a Boolean expression. You can also run the command with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface.

- "dig [fqdn]" - "host [fqdn]"

- What Unix command is similar to the "nslookup" command and helps resolve FQDNs to IP addresses? - What is yet another Unix command which does the same thing?

1. Something you know: passwords, PIN codes, CAPTCHA, security questions 2. Something you have: smart card, RSA token or key (like SWTOR key fob) 3. Something you are: retinal scanner, fingerprint scanner, facial recognition 4. Something you do: walking gait, typing rhythm 5. Somewhere you are: entering zip code for credit card purchase - Multifactor authentication

- What are five authentication factors? - What is it called when more than one of these are used together for authentication?

- tracert - traceroute - ping; it uses ICMP

- What command counts the number of hops to a web destination and can help troubleshooting if a "ping" is unsuccessful? - What is the Linux version? - What command is very basic and checks IP connectivity between two devices; essentially asks a destination, "Hello can you hear me?" What protocol does it use?

- WPA2 with AES (Uses CCMP, Counter Mode Cipher Block Chain) - WPA with TKIP (WPA2 can also use TKIP but not recommended) - WEP with RC4 - WPS (Wifi Protected Setup)

- What is the current best security setup for Wifi? - What was the one previous to that? - What was original wifi setup which is cracked & outdated? - What is the terrible thing that you should turn off whenever possible that is meant for normies to easily connect wireless devices like printers to their home network but is easily crackable?

1. Omni or Isotropic, broadcasts in the shape of a full sphere in equal directions, not used with 802.11 2. Dipole, has an upper and lower antenna broadcasting simultaneously, signal looks like a flat bagel or donut 3. Patch, broadcasts in a half-sphere shape, usually mounted on a wall, common in office buildings 4. Directional Yagi, looks like old-school TV antennas from hosue roofs, broadcast shape is like a stretched-out football 5. Directional Parabolic, looks like satellite dish, same shape as Yagi but stronger. Two of these pointed at each other could carry 802.11 signal around 8 miles. - SMA (SubMiniature version A) Connector; it's where you screw the antenna on - Strength is measured in Gain and the unit is dBi

- What are five types of antennas, what sort of radiation shape do they broadcast, and which is not used with 802.11 wifi? - What do many wireless devices like security cameras have to give you flexibility with the type of antenna you connect? - How is antenna strength measured?

1. Reflection: when signal waves bounce all around 2. Refraction: when the waves actually bend, usually cause by glass 3. Absorption: when things like concrete walls suck up the signals 4. Attenuation: usually caused by distance - A wifi analyzer. You can often find them for free and use them with smart phones. They can show you heat maps as well as analyze what frequencies & channels are already congested - Signal-to-noise ratio; the more negative the value, the stronger the network signal

- What are four common problems to consider when conducting a site survey for setting up a wireless network? - What is a huge help when conducting a site survey a why? - What is the big measurement used with a wireless network to make sure the signal is propagating strongly enough?

1. Client sends out a SYN Packet 2. Server will send back a SYN/ACK in response 3. Client then sends an ACK to the server. - FIN

- What are the parts of the TCP 3-Way Handshake? - What command does TCP use to end a session?

1. Symmetric (SDSL): upload & download speeds are the same; does not allow simultaneous voice and data on the same phone line; 1.168 Mbps & 12,000 ft 2. Asymmetric (ADSL): download is much faster than upload speed; allows voice & data on same line & more popular with residential 8 Mbps Down & 1.544 Mbps Up & 18,000 ft 3. VDSL (Very high bit rate DSL) which is the same signal but very fast and uses fiber instead of copper; 52 Mbps Down & 12 Mbps Up & 4,000 ft - DSL filter; DSL will almost always be using PPPoE

- What are the three types of DSL w/speeds and their max distances? - What was an accessory which could help negate DSL noise when having a telephone conversation?

1. Security: can hide device/host IPs from the larger internet by acting as an application level gateway 2. Content Caching: can download & store things like website graphics once and serve that content up to multiple clients rather than the clients having to download & store that data individually 3. Content filtering: restricts clients from accessing certain URLs - Content Engine: dedicated content caching device which eliminates the repetitive transfer of the same data; usually used in a corporate environment - Content Switch or Load Balancer

- What are three benefits of a Proxy Server? - What device provides a dedicated way to do one of these things? - What device distributes incoming requests across the various servers in the server farm to alleviate the burden placed on a single server?

1. LFI (Link Fragmentation & Interleaving): fragments large packets and interleave smaller packets in amongst the packet fragments 2. cRTP (RTP Header Compression): can take the Layer 3 and Layer 4 headers of a Real-time Transport Protocol (RTP) packet and compress it from 40 bytes to 2 or 4 bytes - CBWFQ: When a device, such as a switch or a router, receives traffic faster than it can be transmitted, the device attempts to buffer (that is, store) the extra traffic until bandwidth becomes available. - RED (Random Early Detection): If an interface's output queue fills to capacity, newly arriving packet are discarded (that is, tail dropped) - Marking - Classification

- What are two link efficiency methods with QoS? - What is congestion management? - What is congestion avoidance? - This alters bits within a frame, cell, or packet to indicate how the network should treat that traffic, but alone does not change how the network treats a packet. - This is the process of placing traffic into different categories but does not alter any bits

1. TightVNC on Port 5900; multi-platform and comes bundles with Linux & MAC OS 2. Microsoft RDP on port 3389 - Remote Help

- What are two methods of doing remote desktop? - What is way of connecting to a user's dekstop in order to offer technical support?

- HSPA+; runs in the single megabit range, considered a 4G technology and similar to WiMAX. - LTE; runs in the 10 of megabits range. Also a 4G technology and it is predominant.

- What are two popular types of cell phone data transfer standards?

- RADIUS and TACACS+ - RADIUS needs a server, client (which may be a WAP), and a supplicant (user). Database of info for RADIUS does not need to be stored on the RADIUS server; RADIUS also does not encrypt the entire packet, only the password. TACACS+ is a proprietary Cisco protocol used for managing large number of routers & switches. It has a server, a client (which would be a router), and a user and it encrypts the entire packet. - RADIUS uses UDP ports 1812-1813 or Ports 1645-1646 - TACACS+ uses TCP Port 49

- What are two protocols which provide AAA (Authentication, Authorization, & Accountability)? - How is their setup different? - What ports do they use?

- Strategic Change, which is a major change that will substantially affect the entire infrastructure and company, and an Infrastructure Change. Change committee handles on Infrastructure changes 1. Type of Change; software, hardware? etc 2. Configuration procedures; who will be needed to make change, how long will it take? Etc 3. Rollback Process/Backout Plan: what happens if the change is a bad idea? 4. Potential Impact: how will this affect the organization? Save time, money, overall impact? 5. Notification: how will we notify stakeholders? - Last step is Documentation

- What are two types of changes and which does a change management team handle? - What are five things required for a change request? - What is the last step in the change process?

- Unicast: information is only sent to the intended recipient - Broadcast: information will be copied and sent out to every device on the network. You can get a switch to broadcast out by using a MAC address of FF-FF-FF-FF-FF-FF - Broadcast Domain - Collision Domain

- What are two ways data is sent over a network? - What is a way to get the second type if you are using a switch? - What is it called when you have a group of devices connected so they are able to hear each other's traffic? - What is an area on a LAN where there can be only one transmission at a time?

- PathPing "-g host-list": Loose source route along host-list. Loose source routing permits you to specify a set of destinations the packet must visit in transit. "-h maximum_hops": Maximum number of hops to search for target. "-i address": Use the specified source address. "-n": Do not resolve addresses to hostnames. "-p period": Wait period milliseconds between pings. "-q num_queries": Number of queries per hop. "-w timeout": Wait timeout milliseconds for each reply. "-4": Force using IPv4. "-6": Force using IPv6.

- What command line tool combines features of ping and tracert over a period of time? It shows the amount of packet loss at any given router so you can identify the routers that might be causing issues in the path. - What are some switches for it?

- Routers - Routing Tables - Default Gateway - OSI Layer 3 Network, TCP/IP Layer 2 Internet

- What devices connect multiple LANs through logical IP addressing? - How do they determine where to send information? - What is the connection to this device called? - What OSI and TCP/IP layer does this occur at?

- It communicates on domains like ".local" and helps hosts to communicate as it will not be registering any of them on the internet. It will also be the Authoritative DNS Server for its local network. 1. Forward Lookup Zone: this will translate FQDNs into IP Addresses 2. Identify the SOA (Start of Authority) which will be the primary DNS server for the network. The SOA provides authoritative information about a DNS zone (for example, the e-mail address of a DNS zone's administrator, the zone's primary name server, and various refresh timers)

- What does an Interior DNS Server do? - What are the first two things you should add to a DNS Server when first starting one up?

1. A computer boots up and broadcasts out a DHCP Discover to the whole network looking for a DHCP server 2. The server responds with unicast traffic back known as a DHCP Offer with an IP address, subnet mask, default gateway, etc 3. The computer responds with a DHCP Request, basically saying, "Yes I want all the stuff you sent me. May I please have it?" 4. Finally, the server responds with a DHCP Acknowledge - Request & ACK

- What flow does the DHCP process follow on a network? - What are the only parts of this process involved during DHCP lease renewal?

- SSID - Infrastructure Mode with WAPs and Ad hoc mode where devices connect to each other as peers - 2.4 Ghz and 5.0 Ghz - CSMA/CA 1. DSSS (Digital Sequence Spread Spectrum) which is older; Modulates data over an entire range of frequencies using a series of symbols called chips. More subject to environmental factors, as opposed to FHSS and OFDM, because of its use of an entire frequency spectrum. 2. ODFM (Orthogonal Frequency Division Multiplexing) which uses a spread spectrum but in a much wider range, especially with 5.0 Ghz. Uses a relatively slow modulation rate for symbols. This slower modulation rate, combined with the simultaneous transmission of data over 52 data streams, helps OFDM support high data rates while resisting interference between the various data streams. 3. FHSS (Frequency-Hopping Spread Spectrum) allows the participants in a communication to hop between predetermined frequencies. Security is enhanced because the participants can predict the next frequency to be used, but a third party cannot easily predict the next frequency. Not commonly used today.

- What identifies a wireless network? - What are two ways to set up a wireless network? - What two frequencies does 802.11 operate on? - What does 802.11 use to avoid collisions? - What are three forms that the actual transmission of the data will use in wireless?

- Industrial Control Systems which control machines with sensors and actuators (pumps, lights, motors, etc) that react to sensor info. They are controlled by an ICS Server. Will have a PLC (Programmable Logic Controller) and HMI (Human Machine Interface) for human control - Distributed Computer System; it is an extension of ICS which uses a hierarchy of ICS systems with one interface - SCADA (Supervisory Control and Data Acquisition). Has a Remote Terminal Unit which a standard ICS setup doesn't have.

- What is ICS and what are its main parts? - What is DCS? - What is a version of this for more long-distance industries?

- Older technology; ISDN (Integrated Service Digital Network) is a very old way we used to make last mile dial up connections. It is unique in that it is digital but also has a telephone number associate with it. It requires a Terminal Adapter instead of a modem and usually ran at 64 Kbps or 128kbps. 1. BRI: A BRI circuit contains two 64Kbps B channels logically bonded through PPP multilink to provide 128Kbps speed 2. PRI: A PRI circuit is an ISDN circuit built on a T1 or E1 circuit. - Older technology; BPL (Broadband over Power Lines) has been tried different ways but never very successful. You can use the power line network to support internet as well as electricity. The challenge is from electrical interference and danger from the interface.

- What is ISDN? - What are two types of circuits used with this? - What is BPL?

- TCP (Transmission Control Protocol) 1. Sequencing Number allows you to reassemble everything properly and will label the data, for example, part 1 of 100, part 5 of 100, etc 2. Acknowledgement Number is when the receiving system lets the sender know the data has been received correctly - UDP (User Datagram Protocol)

- What is a Connection-Oriented protocol? - What are its two main parts? - What is a connectionless protocol?

- PIM - PIM-DM: uses a source distribution tree, meaning that an optimal path is formed between the source router in a multicast network (that is, the router closest to the multicast sender) and each last-hop router (the router closest to each multicast receiver). A benefit of PIM-DM is that an optimal path is formed between the source router and each last-hop router. However, the drawback of PIM-DM is that a network must undergo the flood-and-prune behavior to form the optimal distribution tree, and this is repeated every 3 minutes. - PIM-SM: avoids flood-and-prune behavior. Uses a shared distribution tree. A shared distribution tree does not initially form an optimal path between a source router and each last-hop router. Instead, a multicast source sends traffic directly to another router, called a rendezvous point (RP). When another router in the multicast network wants to join the multicast distribution tree (because it received an IGMP join message from a client), that last-hop router sends a join message to the RP to join the shared distribution tree, as shown in Figure 6-20. The tree is called a shared distribution tree because all last-hop routers (routers with downstream multicast receivers) send join messages to the same RP.

- What is a Multicast routing protocol used between multicast enabled routers to construct a multicast distribution tree? - What two modes does it use?

- 10BaseT - 10 megabits per second - Max of 100m - Max of 1024 nodes - Ran on Cat3 or better UTP cables

- What was created for Ethernet to stay competitive with Token Ring technology? - What was its speed? - What was the max distance between hubs and nodes? - What was the max # of nodes per hub/switch? - What cabling was required?

- Telnet, runs on TCP Port 23. Requires username & password but downside is traffic is unsecure - SSH, it is encrypted and uses TCP Port 22 - PuTTY - "rlogin", is totally unsecure and does not even require username or password; uses Port 513 - RDP (Remote Desktop Protocol)

- What is a command line tool which allows you to access a remote computer and what is its downside? - What is a similar tool which counters that downside? - What is a popular client for these? - What is a third version and how is it different? - What is a more modern protocol which accomplishes the same thing but has a graphical interface

- PPP (Point-to-Point Protocol) - LCP (Link Control Protocol) 1. Multilink interface: allows multiple physical connections to be bonded together into a logical interface. This logical interface allows load balancing across multiple physical interfaces. This is referred to as Multilink PPP. 2. Looped link detection: A Layer 2 loop (of PPP links) can be detected and prevented. 3. Error detection: Frames containing errors can be detected and discarded by PPP. 4. Authentication: A device at one end of a PPP link can authenticate the device at the other end of the link (PAP, CHAP, or MS-CHAP) - Microsoft RRAS (Routing and Remote Access Server), which allows Microsoft Windows clients to remotely access a Microsoft Windows network

- What is a common Layer 2 protocol used on leased lines (T1, T3, etc)? - What control protocol does it use for simultaneously transporting multiple Layer 3 protocols? - What are four features of this control protocol? - What else frequently uses this same Layer 2 protocol?

- Kerberos - A client, an AS (Authentication Service) which grants a TGT (Ticket Granting Token) to the client, and a TGS (Ticket Granting System) which will send a timestamped token back to the client. The token is sent by the client to a KDC (Key Distribution Center) which sends a session back to the client to access resources. - EAP 1. EAP-PSK (Pre-Shared Key) has a common key everyone uses to login 2. PEAP (Protected EAP) is designed for access points & protected with a username & password 3. EAP-MD5 is not used often and it uses a hash 4. EAP-TLS and EAP-TTLS use certificates. TLS sends a cert from the server while TTLS requires both client and server to have certs.

- What is a popular authentication service for wired networks that grants timestamped tickets & tokens? - What parts make it up? - What is something that provides flexible authentication for wireless networks? - What are four versions of this?

- SAN (Storage Area Network); block level; will show up as a new hard drive - NAS (Network Attached Storage) which will just be a small box with hard drives, usually in RAID, and a tight OS like Linux; file level; will show up like a regular network share

- What is a powerful but very expensive storage option which will use FC (Fibre Channel) or iSCSI? - What is a cheaper option and what does it require? - What level does each of these operate at and how will they show up on your network?

- Bridging Loop - Spanning Tree Protocol (STP); it lets the root bridge (main switch) turn off one of its ports; uses 802.1d standard - A Root Guard; this just memorizes the MAC Address of the root bridge - BPDU (Bridge Protocol Data Unit) Guard; this will basically tell a switch, "You are only allowed to have computers connect to you". BPDUs are the bits used by switches when they negotiate with each other, so with this Guard activated a switch will shut down any port receiving BPDUs.

- What is a problem caused by having two switches connected to each other while simultaneously connected to the same router or another switch? - What protection is built-in to many modern switches to help prevent this and how does it work? - What prevents a rogue switch from getting plugged into a group of switches and declaring itself the new root bridge? - What helps prevent unauthorized switches from getting connected to the network?

- SMTP: uses port 25 - POP3: old & simplistic. Will delete the email from the server which makes it a pain when using multiple multiple devices. Port 110 - IMAP: can create email folders & will retain copies on the server and very popular today. Port 143 - MAPI: Microsoft exchange account. The only one which can both send and receive mail. Can also synchronize between multiple devices and support non-email functions such as calendars, contacts, etc. - None of these are secure except I think MAPI has an encryption option.

- What is a protocol for sending email? - What are three different protocols for receiving emails? - How are they different? - Which of these are secure?

- Segmented Ethernet - When a frame is sent out from a computer (frames would go out from a host in both directions of the cables) but reaches the end of the cable and bounces back into the network. - Terminating Resistors - 10Base5 (thicknet) and 10Base2 (thin ethernet)

- What is a term for old-style ethernet before hubs or switches? - What are Reflections? - What were used to prevent these from occurring? - What were the two early styles of ethernet?

- CARP (Common Address Redundancy Protocol) - HSRP (Hot Standby Router Protocol) - VRRP

- What is an open standard that creates a redundancy group to share an IP address? - What is a CISCO proprietary standard similar to this? - What is an IETF open standard that operates almost identically to this CISCO standard?

- On-boarding 1. Captive Portal is like getting on the network at a hotel. 2. Requiring an anti-malware tool download is another requirement. 3. Geofencing is denying access if the device is outside a certain geographical range

- What is it called in an enterprise environment when a decision is made as to whether or not a mobile device is allowed to access the network? - What are three types?

- Attenuation; this will manifest in scenario questions as a SLOW problem - Jitter; can be serious if it happens too much in UDP during things like video streaming and VoIP calls. To solve it, find the bottleneck & increase your throughput or do more buffering

- What is loss of power in a signal as it travels from the sending device to the receiving device? - What is loss of packets during data transfer and when does it become a problem?

- 127.0.0.1 - ::1

- What is the 1Pv4 loopback address? - What about 1Pv6

- Always encrypt with the public key and decrypt with the private key - Digital Signatures. A secure webpage, for example, will be encrypted with the sender's private key then hashed. The recipient will check this by encrypting with the public key and comparing the hashed value.

- What is the best practice to follow when using asymmetric encryption? - What is the exception to this?

- Virtualization uses a machine's actual hardware where emulation is software pretending to hardware a machine doesn't actually have. For example: with a VM you can never have more RAM than the physical machine does, but you can emulate SNES games on a PC even though the PC doesn't have any SNES hardware. - Type 1 Hypervisor aka Bare Metal runs directly on top of the hardware, independent of the host OS, and boots up with the computer. Usually like a little USB drive or something. - Type 2 Hypervisor aka Hosted which runs on top of another OS, like in your laptop.

- What is the difference between Virtualization and Emulation? - What are the two types of Hypervisors?

- 1522 bytes of 64 bytes - Jumbo Frame, up to 9000 bytes - MTU (Maximum Transmission Unit) - If the DF (Don't Fragment) bit is set - The router will drop the packet

- What is the max and min amount of data a frame can carry? - What is something special which can carry more and how much can it carry? - What is a term for the max amount of data you can haul? - What can prevent a packet from being fragmented? - What happens if the packet is larger than the max size and cannot be fragmented?

- 150 ms - 30 ms - 1%

- What is the maximum acceptable one-way latency in a typical VoIP network? - Max allowance for Jitter? - For packet loss?

- Windows Active Directory - SAML (Security Assertion Markup Language)

- What is the most dominant way to manage SSO options on a LAN? - What is a good SSO option for being able to use web apps connected to devices that are widespread across an area and not physically close to each other?

- 10Base2 - BNC Connectors w/T-shaped connection to the NIC - 30 devices per segment

- What is the nomenclature for thin ethernet? - What types of connectors did it use? - What was the max # of devices it could handle?

- War Driving - War Chalking 1. Open Node with no encryption. It would look like a circle cut in half with the sides reversed and would include the SSID & bandwidth 2. Closed Node meaning there is encryption or something preventing access. Its symbol is just a closed circle with SSID listed. 3. WEP Node for a network running with WEP. Symbol is a closed circle with letter "W" in the middle and would include SSID and access contact & bandwidth.

- What is the practice of driving around, looking for wifi networks to attack? - What is the practice of marking information about a wifi network near the location? - What are three symbols associated with this?

- MDF (Main Distribution Frame) - IDF (Intermediate Distribution Frame)

- What is the primary equipment/server room know as? - What are any auxiliary server rooms called?

- A Reverse Lookup Zone; it translates an IP Address into a FQDN - A TXT (Text Record) 1. DKIM Record: this is basically a certificate or key which allows us to be able to authenticate ourselves as a legitimate user 2. SPF Record: this tells the server to accept any email from a certain IP Address (should be the mail server) and to ignore emails from any other IP Address

- What is used with a DNS server primarily to help prevent email spam and how does it work? - What is a type of record used with this and what are two subtypes of that?

- Multipath Distortion - OFDM - Use the diversity antenna system on 802.11b or move the location of the antenna

- What occurs when the same signal reflects and arrives at the receiver's antenna from several different directions and at different times. Usually due to obstructions such as trees and buildings or even filing cabinets - What wifi technology helps to prevent this? - What are two other ways to help prevent this?

- AH in tunnel mode - AH in transport mode - ESP which works in tunnel and transport mode but does not digitally sign packet headers

- What should you use with IPSec to digitally sign and encapsulate each packet within another packet? - What about to digitally sign and encrypt packets sent between two hosts? - What about to encrypt IPSec packets?

- SIEM (Security Information & Event Management) - Aggregation (grabbing data from different places) and Correlating data (analyzing & reporting so data can be understood)

- What takes all of the different types of system monitoring and put them into one package? - What are two big things it provides?

1. UC Device: this is your single user device like a phone, but would also have a microphone, camera, etc 2. UC Server: this is your switchboard of the UC System. Stores voicemail, switches calls to the correct destination phone, etc 3. UC Gateway: this gets communications outside of your local network. Required to link multiple office locations together. - A Medianet, which is a bunch of UC Gateways that utilize a bunch of QoS techniques to ensure correct delivery of things like video communications.

- What three types of devices are used for Unified Communications to function? - What is used for multiple local UC networks to communicate well with methods such as video?

1. Data formatting 2. Encryption - Data formatting standards: American Standard code for Information Interchange (ASCII) and Extended Binary Coded Decimal Interchange Code (EBCDIC)

- What two things is the Presentation Layer 6 responsible for? - What are some examples?

- Layer 2: Limits the amount of data a sender can send at one time - Layer 3: Congestion Control, which prevents a sender from sending data more rapidly than a receiver can receive it - Layer 4 has two types: 1. Windowing: one or more segments are sent at one time, and a receiver can attest to the receipt of all the segments in a window with a single acknowledgment 2. Buffering: uses a chunk of memory to store segments if bandwidth is not available to send those segments. Space is limited and it can overflow and drop segments, however

- What type of Flow Control is found on Layer 2 Data Link of the OSI model? - Layer 3 Network? - Layer 4 Transport?

- Asynchronous; around 12 Mbps download and 3 Mbps upload - They have terrible latency mainly due to how far away the satellite is

- What type of connection is satellite internet and what are common speeds? - What is a big problem with satellite connections?

- An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet - A packet-filtering firewall

- What type of firewall most detrimentally affects network performance? - What firewall offers the highest performance speed?

- "man" or manual - "man arp"

- What unix command will help list out the syntax/switches for command line tools? - what is an example of how you would type it in?

- MSAU (Multistation Access Unit) or MAU (Media Access Unit) - FDDI (Fiber Distributed Data Interface); used not just one ring, but two. These two rings sent data in opposite directions, resulting in counter-rotating rings. One benefit of counter-rotating rings was that if a fiber broke, the stations on each side of the break could interconnect their two rings, resulting in a single ring capable of reaching all stations on the ring

- What was required for a Token Ring network to function? - What is another type of Ring topology which used fiber cabling and how was it different?

- 802.3af = 15.4 watts - PoE+ on 802.3at = 30 watts - PoE injector

- What was the first PoE standard? - What is the current PoE standard? - What can you use if you do not have a PoE capable switch?

- Recursive request - Iterative queries

- When a client sends a name resolution query to its DNS server, what type of request does it use so that the server will take on the responsibility for resolving the name? - What are all other queries called which are issued by the client's server to the various domain authorities?

- In-band management - Out-of-band management

- When user traffic and management traffic both go over the same network - When there are two separate networks for the traffic

- Link Local - First will always be fe80:0000:0000:0000 and the second half will be generated based on your MAC address. - The standard called EUI-64 turns your 48-bit MAC address into the second half of the IP address - The Internet Address; it's given out by your gateway router - It will always be "/64" with the only exception being things like huge routers high up on the internet using VLSM (Variable Length Subnet Mask)

- Which type of IPv6 address is generated by a host when it starts up? - What will it always consist of? - What helps generate the second half of this and what does it do? - What is the second type of IPv6 address and where does it come from? - How large is an IPv6 subnet mask?

- If you are still on IPv4 and want to connect to the IPv6 internet - You would encapsulate your IPv6 address inside of an IPv4 address - Teredo and 6TO4 (pronounced "six to four")

- Why would you use tunneling with IPv6? - How would this work? - What are two IPv6 tunneling protocols?

- route print - "add" or "delete" - netstat -r

- You can use this command to view the routing table on a client system - What switches allow you to create or remove entries? - What is another command which does the same thing?

Zeroconf (Zero Configuration)

A collection of protocols designed by the IETF to simplify the setup of nodes on a TCP/IP network. Can assign link-local addresses, performs DNS functions, and discovers services, such as print services, available to the node.

CSU/DSU (Channel Service Unit/Data Service Unit)

A piece of equipment that connects a T-carrier leased line from the telephone company to a customer's equipment (such as a router). It performs line encoding and conditioning functions, and it often has a loopback function for testing.

Butt Set

A piece of test equipment typically used by telephone technicians. It can connect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block) connecting to a telephone. This allows the technician to check the line (for example, to determine whether a dial tone is present on the line and determine whether a call can be placed from the line).

Spectrum Analyzer

A software tool that assesses the characteristics (for example, frequency, amplitude, and the effects of interference) of wireless signals.

PAT (Port Address Translation)

A subset of dynamic NAT functionality that maps either one or multiple unregistered addresses to share a single registered address using multiple ports. Allows multiple inside local addresses to share a single inside global address (many devices can share a single, public IP address). Also known as overloading.

MDIX (Media Dependent Interface Crossover)

A type of port found on Ethernet networking devices in which the wiring is crossed so that the transmit line of one device becomes the receive line of the other. It allows a port to automatically determine which of its leads are used for transmitting data and which of its leads are used for receiving data

Syslog server 0 - Emergencies: The most severe error conditions, which render the system unusable 1 - Alerts: Conditions requiring immediate attention 2 - Critical: A less-severe condition, as compared to alerts, that should be addressed to prevent an interruption of service 3 - Errors: Notifications about error conditions within the system that do not render the system unusable 4 - Warnings: Notifications that specific operations failed to complete successfully 5 - Notifications: Non-error notifications that alert an administrator about state changes within a system 6 - Informational: Detailed information about the normal operation of a system 7 - Debugging: Highly detailed information (for example, information about individual packets) that is typically used for troubleshooting purposes

A type of server used for collecting system messages from networked devices - What are the eight security levels for messages it generates?

Current state modulation

A way to electrically or optically represent a binary 0 or 1; 1 = presence of voltage or light; 0 = absence of voltage or light

Media Converter

Enables networks running on different media to interconnect and exchange signals.

- First three pairs are the OEM identifier, last three pairs are the Unique Device ID

How are MAC addresses broken down?

It is used for encrypting unencrypted applications & protocols by piggybacking off of an encrypted protocol. First you have to establish an encrypted connection between two computers, then you can run the unencrypted program. An example would be first establishing an SSH connection, then running VNC.

How does Tunneling work?

TTL (Time to Live)

Indicates the maximum duration that an IPv4 packet can remain on the network before it is discarded. Although this field was originally meant to represent units of time, on modern networks it represents the number of times a packet can still be forwarded by a router, or the maximum number of router hops remaining.

black-hole router

Router that does not respond to reception of a packet beyond its configured MTU size.

DHCP Snooping (Switch-based)

Security feature that acts like a firewall between untrusted hosts and trusted DHCP servers

Stateful DHCPv6

Something in IPv6 that keeps track of which clients have been assigned which IPv6 addresses (state information) but is primarily used if IPv6 upstream routers cause your internal network devices not to use your internal DNS server.

nslookup [fqdn]

This command helps to resolve an FQDN to an IP address. This can, for example, help you to determine whether a DNS record is correct and to verify that your DNS server is operating.

SIP Trunk

This is a VoIP technology which allows Internet telephony service providers (ITSPs) to deliver telephone services and unified communications to customers equipped with SIP-based private branch exchange (IP-PBX) and unified communications facilities.

Anycast

This is an IPv6 communication flow which is a one-to-nearest (from the perspective of a router's routing table) flow.

Router

This is considered a Layer 3 device, meaning it makes forwarding decisions based on logical network addresses

- Local area network (LAN) - Wide area network (WAN) - Wireless local area network (WLAN) - Storage area network (SAN): specialized network for storage of data - Campus area network (CAN) - Metropolitan area network (MAN) - Wireless Local Area Network (WLAN) - Personal area network (PAN)

What are eight types of networks based on geographic factors?

- Virus: software that propagates through disk or USB media and then activates - Adware: programs which pop up ads - Spyware: hides in your system and phones back home reporting on what you're doing - Trojan/RATs (Remote Access Trojan): software that runs on your system and seems to be good but does something bad in the backgroun (like whack-a-mole game) - Ransomware/Crypto malware - Logic Bomb: sits on a computer and is triggered by an event rather than activated remotely - Rootkit: grabs high privileges & is hard to detect - Backdoor: intentionally programmed into software - Polymorphic: changes itself to avoid detection - Armored viruses: includes pointless code to make reverse engineering difficult - Keylogger: records your keystrokes

What are eleven types of malware on the exam?

1. RS (Router Solicitation): Hosts inquire with Router Solicitation messages to locate routers on an attached link. 2. RA (Router Advertisement): Routers advertise their presence together with various link and Internet parameters, either periodically or in response to a Router Solicitation message. 3. NS (Neighbor Solicitation): Neighbor solicitations are used by nodes to determine the link layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link layer address. 4. NA (Neighbor Advertisement): Neighbor advertisements are used by nodes to respond to a Neighbor Solicitation message. 5. R (Redirect): Routers may inform hosts of a better first-hop router for a destination.

What are five packet types are found in the IPv6 NDP (Neighbor Discovery Protocol)?

- Hop Count, or how many routers are between you and your destination. The earliest method used for Metrics - MTU (Maximum Transmission Unit): in a particular frame, how much data can you haul? Ethernet, for example, has a default size of 1500 bytes. If you have to push traffic through other types of transport with smaller MTUs, it can slow things down even if there is a smaller hop count. - Bandwidth: if you have a 56k line and a 10Gb line, obviously the 10Gb line will be faster no matter how many routers you have to pass through. - Cost - Latency means how long does it take for a particular route to respond to what you do. For example, a satellite link has high latency

What are five things which factor into the Metrics for a routing table?

- acceptable use policy - password policies - system & workplace security (lock computer when away, don't write passwords, etc) - social engineering - avoiding malware.

What are five things which would require user training?

- Volumetric Attack is when attackers are talking to the server so much, it cannot help anybody else. E.g. Ping Flood & UDP Flood - Protocol Attack does something with the underlying protocol (HTTP, DNS, etc) that is not normally accepted. The server starts to do weird things and doesn't respond correctly. TCP SYN Flood is an example where multiple TCP sessions are started but the three way handshake is never completed by the attacker. Because many servers limit the number of TCP sessions they can have open simultaneously, a SYN flood can render a target system incapable of opening a TCP session with a legitimate user. - Application Attack works within the application and does naughty things inside the app which prevents the server from responding correctly. E.g. Slow Loris Attack - Amplification Attack is when one packet sent into a network can generate lots and lots of answering packets and flood a target with Ping replies. E.g. Smurf Attack - A DDoS (Distributed DoS) is when you have a bunch of computers working together to pull off a DoS attack. This is where a Botnet comes into play, when computers are zombies due to malware infections

What are five types of DoS attacks?

- Time Division Multiple Access (TDMA) is obsolete. It is a 2G cellular technology that was largely decommissioned in 2007-2009. - Code-division multiple access (CDMA) applies to both 2G and 3G cellular networks, and remains in wide use today at carriers such as Sprint, Virgin Mobile, and Verizon Wireless. - Global System for Mobile (GSM) communications is the world's most widely used cellphone technology. In the USA, T-Mobile, AT&T, and many other smaller cellular providers use GSM on their networks. Overseas, India, Russia, and China all have more GSM phone users than the USA. GSM is the best choice for those who need to use their cellphones outside the USA. - Enhanced Data Rates for GSM Evolution (EDGE) is three times faster than GSM (but based on GSM technologies). Equivalent to tech on original iPhone in late June 2007. It is still in use today. - Long Term Evolution (LTE) is an IP-based 4G cellular technology that started rolling out in 2012.

What are five types of celluar technologies?

- ST Connectors were one of the earliest fiber connectors. Round connector aka Bayonet which you can "STab" or punch into place. Most commonly used with MMF. Push in and twist into place - SC Connectors are as old as the ST Connectors. They are square or "SCuare". You can punch them in and pull them out. Push in and pull out. - FC Connectors are also older and look similar to ST except they are more stubby and also have to be screwed in like the coax F-type connectors - LC Connectors are newer and are two connectors built into one. Press on a tab then pull it out to disconnect. - MT-RJ Connectors are newer and look a lot like RJ-45 plugs. They also actually have two fiber strands even though this is a single connector. Push in and pull out.

What are five types of fiber cable connectors?

- 802.1x - 802.1X - A protocol that authenticates a user before allowing any of the host's data traffic to be sent to the network. 802.1x authentication can work with the NAC server. While 802.1x is used for authentication, the NAC server will check to see if the appropriate security controls are in place on the authenticating devices based on the NAC policies that are configured. - Posture assessment - This is the process whereby a client is checked against a set of requirements in a NAC policy. If a client meets the requirements, it is given full network access. If a client does not meet the requirements, it is placed on the quarantine network and given limited network access. - Persistent vs non-persistent agents - An agent running on a client computer is a persistent agent if it runs all the time. It is a non-persistent agent if it is run only during an attempt by the client computer to connect to the network via the NAC server. - Edge vs access control - Edge control verifies that users or devices have the appropriate permissions to access resources. NAC verifies that users or devices not only have the appropriate permissions to access resources but also that the users or devices have the appropriate security controls in place to ensure that the NAC client will not cause the network to be breached.

What are four Network Access Control (NAC) concepts to understand for the exam?

- Get is the standard query we use with SNMP. Consists of the NMS sending a query to a managed device and that devices responds. Asking a printer how many pages have printed and getting an answer is an example of this. - Set: An SNMP set message sets a variable in a managed device or triggers an action on a managed device. - Trap is something we set up on the devices themselves. There are some things where don't want to wait for a query, we would want to know right away. For example, if a switch suddenly has half its ports overloaded with data. We set it up on a managed device and it is sent to the NMS when the trigger value is reached. - Walk or SNMPWalk is like a batch process of "Gets". There are times when you want to ask a bunch of stuff of a managed device.

What are four big commands used with SNMP?

- Signature-based detection: primary method used - Policy-based detection: based on specific declaration of the security policy - Statistical Anomaly Detection: prone to false positives. IDS/IPS device watches network traffic patterns over a period of time and dynamically builds a baseline. Then, if traffic patterns significantly vary from the baseline, an alarm can be triggered. - Non-statistical Anomaly Detection: prone to false positives. An administrator defines what normal traffic patterns are supposed to look like.

What are four detection method for IPS & IDS?

- Wiremap: testing that the individual wires inside the cables have been wired correctly - Continuity: testing that the wires are actually plugged in and if the cable has any breaks - Distance: use a TDR (Time Domain Reflectometer) to test. UTP cable should not be more than 90m according to TIA standards. For fiber cable, use an OTDR (Optical TDR) for the same testing. - Crosstalk, Near-End (NEXT) or Far-End (FEXT)

What are four methods of network cable testing?

- Perfect forward secrecy (PFS) makes sure that a session key will remain secure, even if one of the private keys used to derive the session key becomes compromised. - Diffie-Hellman (DH) securely establishes a shared secret key over an unsecured medium. - A security association (SA) is an agreement between the two IPsec peers about the cryptographic parameters to be used in an ISAKMP session. - Internet Security Association and Key Management Protocol (ISAKMP) is a secure session within which parameters for an IPsec session are negotiated.

What are four parts of an Ipsec session?

- Application Logs will have individual problems with applications - Security Logs have to do with individual events that are related to security - Setup Logs have to do with things that have been installed or updated - System Logs are the equivalent of what the exam calls "general logs"

What are four types of logs generated by Event Viewer?

- COBO (Corporate Owned, Business Only) is the oldest one. Company owns it and does what they want with it. Decides which applications go on it, what encryption is used, what wireless networks connect to, etc. High security option. - COPE (Corporate Owned Personally Enabled) which is everyone has the same device and while they are corporate owned, they can also be used for personal tasks. Downside is the learning curve, such as handing out Android phones to iPhone users. - CYOD (Choose Your Own Device) is where users get to choose from a list of approved devices. Less learning curve. - BYOD (Bring Your Own Device) is where users can buy their own device for work use so even less of a learning curve, however there is heavy device management & mobile application management.

What are four types of mobile deployment options in a work environment?

- Acceptable Use Policy: individuals have to sign this. Says what people can do with company equipment. Defines ownership of equipment and things like web site access and access time. - Remote Access Policy: defines how you can connect to an internal network from outside the infrastructure. For example, if you must use a VPN, what type of authentication is needed - Password Policy: complexity, age, lockout policy - IT Safety Policy: what amount of weigh you can lift, equipment handling, spills, using hand trucks, safety glasses, etc

What are four types of security policies?

- SLA (Service Level Agreement) is between a customer & service provider. Outlines the scope, quality, & terms of service. Definition of service, equipment provided, technical support - MOU (Memorandum of Understanding) is used between organizations that wouldn't normally be the type of people who could make legal contracts. Defines an agreement between two parties. Has two main parts: defines duties parties are committing to performing and a time frame of how long the agreement lasts. - MSA (Multi-Source Agreement) is when companies agree to make parts for each other. Usually in an industry where there aren't a lot of manufacturers. - SOW (Statement of Work) is a legal contract between vendor & customer. Will define the services & product vendor agrees to supply. Will define a timeframe & deliverables. Will also have milestones which define progress.

What are four types of standard business documents that are on the exam?

- A route is redistributed from one routing source into a dynamic routing protocol. - A route is statically configured. - A route is directly connected. - A route is dynamically learned.

What are four ways routes can be injected into a router's routing table?

- PC (Physical Contact) is the most basic, older style. Other two are higher quality but take more time & skill to create - UPC (Ultra Physical Contact) is an improvement which is more rounded which gives less light loss - APC (Angled Physical Contact) has a 7 deg angle on the cut

What are three ways of shaping the contacts on the inside of fiber optic cables?

- NS (Name Server): this specifies the IP address of the authoritative DNS servers for a particular zone - "A Record": these are used to identify IPv4 hosts on the network - "AAAA Record": these identify IPv6 hosts on the network - CNAME (Canonical Name or Alias): Specifies an alternate name like "Bob's Machine" for a system already registered in the DNS; allows multiple DNS records to map to the same IP address - MX Record (Mail Exchange): Maps a domain name to an email server; All SMTP mail servers have these - PTR (Pointer Record): maps an IP address to a hostname; Points to a Canonical name; used for reverse name resolution & should be added to point to something like your mail server and would be used by the Reverse Lookup Zone - SRV (Server Record): these are rare and are for services which don't get their own special type of record such as VoIP services.

What are seven types of records you can add into a DNS Server?

Category 3: 10 Mbps (obsolete) Category 5: 100 Mbps (100m) Category 5e: 100 Mbps - 1000 Mbps (1 Gigabit) networks (100m) Category 6: 1 Gigabit networks (100m) or 10 Gigabit (55 m only) Cat 6a: 10 Gigabit networks (100m); this one is the current king Category 7: 10 Gigabit networks (100m, SHIELDED)

What are six categories of twisted pair cables and their speeds?

- "net view" shows you all of the systems on your workgroup - "net user" tells you a bunch of information about your own computer like your own account name & who you are currently logged in as - "net use" lets you map a drive and access a shared resource. Nomenclature would be "net use w:\\win10desktopvm\shareme" where win10desktopvm is the machine you are connected to and shareme is the resource it is sharing - "net share" lets you share a resource and the nomenclature would be "net share Donte=c:\users\michaelm\desktop\donte" where "Donte" is going to be the share name which is why it is followed by an "=". The "donte" at the end is the actual name of the folder you are trying to share - "net accounts" lets you see a bunch of settings for your account like minimum password age, lockout duration, etc - "net start" and "net stop" will let you see, start, and stop network-based services running on your machine

What are six switches for the "net" command?

- Change the default username & password of your WAP - Disable SSID broadcasting - Enable a MAC ACL where you manually enter acceptable MAC addresses to allow on the network - Broadcast Multiple SSIDs which let you have a primary home network and one for visitors - DHCP Limiting where you shrink the DHCP scope to limit how many devices can connect - Client Isolation which prevents network clients from seeing each other; very important for public wifi networks

What are six things you do for wireless network security that don't involve encryption?

- ARP Poisoning: lying to other systems so they think the attacker's IP address has a trusted MAC address - Typosquatting: type of URL hijacking where you get a domain similar to another site like "Googel.com" - Domain Hijacking: grabbing a URL when someone lets it lapse and then essentially holding it for ransom - Replay attack: capturing something like a username & pw hash and then "replaying" it to a server to login as that user - Downgrade attack: useful for webpages. Something like convincing a server to use a less secure protocol like SSL instead of TLS - Session Hijacking: getting in the middle of a real time conversation and injecting information into it (Firesheep can do this)

What are six types of MITM (Man in the middle) attacks?

"-t": This option repeatedly sends pings (ICMP echo messages) until you stop it by pressing Ctrl+C. in a Unix system, this changes to "-c" for count. "-n count": This option specifies the number of pings to send. "-f": This option sets the "don't fragment" bit in a packet's header. If the packet tries to cross a router that attempts to fragment the packet, the packet is dropped, and an ICMP error message is returned. -"i : TTL": This option sets the TTL value in a packet's header. The TTL is decremented for each router hop. A packet is discarded when its TTL value reaches 0. "-S srcaddr": If the PC from which you are issuing the ping command has more than one IP address, this option allows you to specify the source IP address from which the ICMP echo messages should be sent. - "target_name": This option specifies the name or the IP address of the device to which you are sending ICMP echo messages.

What are some switches for the "ping" command?

4 - Application (OSI Session, Presentation, & Application): everything to do with the application itself. This model looks at applications as applications 3 - Transport: just like the OSI model counterpart, the assembly/disassembly area and whatever it takes to connect w/another system, TCP/UDP 2 - Internet: IP addresses, routers 1 - Network Interface or Link Layer (OSI Data Link & Physical): physical cabling, NICs, hardware

What are the 4 layers of the TCP/IP model?

7 - Application: this is the smarts inside the apps that make them network aware and able to communicate with networks; this is where the port numbers are looked at; the OSI model does not look at applications as applications 6 - Presentation: converts data into a format your applications can read. Another holdover from back when data would be brought into the system in a format which could not initially be read. 5 - Session: connection between two systems like server & client on remote system; TCP, email, file sharing; what's taking place? This is a holdover from older times when OS's and applications were not network aware. The session layer helped us connect to a remote system 4 - Transport: the assembly/disassembly area for the data; if it's going out, chop it up into chunks and if it's coming in as chunks, put them back together so it makes sense; make sure data gets where it's going 3 - Network: logical addresses; IPs, routers, multilayer switches 2 - Data Link: anything that works with a MAC address; NICs, switches, and bridges 1 - Physical: easiest part. What type of cables do you use and stuff like that

What are the 7 layers of the OSI model?

- T1 is 24 channels @ 1.544 Mbps - T3 is 672 channels @ 44.736 Mbps - E1 is 32 channels @ 2.048 Mbps - E3 is 512 channels @ 34.368 Mbps

What are the T1, T3, E1, and E3 channels & speeds?

- 802.11a: 54 Mpbs, 5 Ghz, OFDM - 802.11b: 11 Mbps, 2.4 Ghz, DSSS - 802.11g: 54 Mpbs, 2.4 Ghz, OFDM, First widely-used standard - 802.11n: 600 Mpbs, 2.4 or 5 Ghz, OFDM, Introduced MIMO and Greenfield mode whiich meant all devices on network were running on 802.11n - 802.11ac: 6.93 Gbps, 5 Ghz, Introduced MU-MIMO (Multi-User MIMO)

What are the different versions of 802.11? What speeds & bands do they support and what forms do they use for data transfer?

Class A = 1-126, 255.0.0.0/8 Class B = 128-191, 255.255.0.0/16 Class C = 192-223, 255.255.255.0/24 Class D = 224-239, —— Class E = 240-255, ——

What are the first octet ranges of IP address classes and their classful masks?

- A Private Cloud is where you can generate your own VMs whenever you want, would be just for use inside your own organization. - A Public Cloud is the exact opposite: they are open for business and anyone with a credit card can purchase usage of them. - A Hybrid Cloud is a little of both; a private cloud with contracted management. It is one, big cloud but some is segregated as private but other areas are classified as public. This could be if the total capacity is more than your organization needs, you could separate a section away from your private cloud and make it public and charge outsiders for use. - A Community Cloud is when multiple organizations pool resources to create a joint cloud they can all share.

What are the four types of Cloud ownership?

1. IP Phone: telephone with an integrated Ethernet connection. Digitizes the spoken voice, packetizes it, and sends it out over a data network 2. Call Agent: repository for a VoIP network's dial plan. When a user dials a number from an IP phone, the call agent analyzes the dialed digits and determines how to route the call toward the destination. 3. Gateway: acts as a translator between two different telephony signaling environments, such as between PBX and VoIP 4. PBX: A Private Branch Exchange is a privately owned telephone switch traditionally used in corporate telephony systems 5. Analog Phone: traditional telephone, like you might have in your home. Can connect to VoIP through adapter or PBX 6. SIP (Session Initiation Protocol): signaling, setup, management, and tear-down protocol used with voice and video sessions over IP networks 7. RTP (Real-time Transport Protocol): protocol that carries voice (and interactive video)

What are the seven parts of a VoIP network?

- The Preamble's job is to let a NIC know that a frame is coming. - Next is the Destination MAC - Next is the Source MAC - Next is the Data Type or Ether Type; lets us know what type of data is being hauled - Then is the Data, can be up to 1522 bytes, min of 64 bytes or 8 bits (octets) - A Pad will be added between the Data and FCS if the data chunk is small - Last is the FCS (Frame Check Sequence) which is used for error detection

What are the seven parts of an ethernet frame?

1. Identify the Problem 2. Establish a theory of probable cause 3. Test the theory to determine the cause 4. Establish a plan of action 5. Implement the solution or escalate as necessary 6. Verify full system functionality & implement preventative measures 7. Document findings, actions, & outcomes

What are the seven troubleshooting steps?

- Best effortBest-effort treatment of traffic does not truly provide QoS to that traffic because there is no reordering of packets. Best effort uses a first-in, first-out (FIFO) queuing strategy, where packets are emptied from a queue in the same order that they entered the queue. - Integrated Services (IntServ)IntServ is often referred to as "hard QoS" because it can make strict bandwidth reservations. IntServ uses signaling among network devices to provide bandwidth reservations. Resource Reservation Protocol (RSVP) is an example of an IntServ approach to QoS. Because IntServ must be configured on every router along a packet's path, the main drawback of IntServ is its lack of scalability. - Differentiated services (DiffServ)DiffServ, as its name suggests, differentiates between multiple traffic flows. Specifically, packets are marked, and routers and switches can then make decisions (for example, dropping or forwarding decisions) based on those markings. Because DiffServ does not make an explicit reservation, it is often called "soft QoS". Most modern QoS configurations are based on the DiffServ approach

What are the three QoS categories?

- IBSS (independent basic service set): works in an ad hoc fashion. Useful for temporary connections between wireless devices like connecting two laptop computers to transfer a few files. - BSS (Basic Service Set): a WLAN with only one WAP. This is a typical SOHO setup and is considered infrastructure mode - ESS (Extended Service Set): a WLAN with more than one WAP. Typical office environment and also infrastructure mode.

What are the three main types of WLANs?

- Any address with 10.x.x.x - Any address in the range from 172.16.x.x to 172.31.x.x - Any address with 192.168.x.x

What are the three types of Private IP Addresses?

- Cold Site takes weeks to bring online. Basic office space with a building, chairs, AC. No operational equipment. Benefit is that it's cheapest option - Warm Site will take days to bring online. Cold site with some operational equipment but little to no data. - Hot Site takes only hours to bring online. Has real-time synchronization, usually done with mirroring. Downside is they are very expensive.

What are the three types of backup sites for contingency planning?

- Version 1 had no encryption - Version 2 enacted basic encryption and also expanded the command set - Version 3 uses robust TLS encryption

What are the three versions of SNMP?

1. MAC (Media Access Control) sublayer - Physical Addressing - Logical Topology - Method for Transmitting Data 2. LLC (Logical Link Control) sublayer - Connection Services: feedback to the sender. Includes Flow Control, which limits the amount of data a sender can send, and Error Control. - Synchronizing Transmissions: coordination of when a frame should be transmitted and received

What are the two sublayers of the OSI Layer 2 Data Link layer and what are their characteristics?

- Host-to-gateway: The remote clients use IPSec to connect to the VPN gateway. Any communication between the VPN gateway and the internal hosts on behalf of the remote clients does not use IPSec. Only the traffic over the Internet uses IPSec. - Host-to-Host: Each host must deploy IPSec. This mode would require that any internal hosts that communicate with the VPN clients would need to deploy IPSec. - Gateway-to-Gateway: Gateways at each end of the connection provide IPSec functionality. The individual hosts do not. For this reason, the VPN is transparent to the users. This deployment best works when a branch office or partner company needs access to your network.

What are three IPSec modes for VPNs?

- PAP (Password Authentication Protocol): one-way, client authenticates to server. Not secure b/c everything is sent in plaintext - CHAP (Challenge-Handshake Authentication Protocol): three-way handshake between server & client allows a client to be authenticated w/out exchanging credential information - MSCHAP: Microsoft version of CHAP which includes 2-way authentication

What are three approaches for PPP authentication?

- Dedicated Leased Line: A logical connection between two sites. This might physically connect through a service provider's facility or a telephone company's central office (CO). The expense of a dedicated leased line is typically higher than other WAN technologies offering similar data rates because with a dedicated leased line, a customer does not have to share bandwidth with other customers. - Circuit-switched connection: A connection that is brought up on an as-needed basis. In fact, a circuit-switched connection is analogous to a phone call, where you pick up your phone, dial a number, and a connection is established based on the number you dial. Can be cost saving since it's not always on. - Packet-switched connection: Like a dedicated leased line, because most packet-switched networks are always on. However, unlike a dedicated leased line, packet-switched connections allow multiple customers to share a service provider's bandwidth.Even though bandwidth is being shared among customers, customers can buy a service-level agreement (SLA), which specifies performance metrics (for example, available bandwidth and maximum delay) guaranteed for a certain percentage of time. Frame relay is an example.

What are three categories of WAN connections?

- MAC (Mandatory Access Control): Uses labels like "Top Secret". It is when a group decides who get access to information rather than the owner of the resource. Example is in government or military. - DAC (Discretionary Access Control): When the owner of the resource gets to decide who has access. For example, if you create a network share folder, you choose who can access it. - RBAC (Role-Based Access Control): similar to Least Privilege; a user can only access the bare minimum of resources required to perform his role and no more. This is where groups come into play. Remember that you first assign users to groups, then you grant groups rights & permissions for the network.

What are three methods of access control?

- NDA (Non-Disclosure Agreement): signed when one body doesn't want another body talking about something now or in the future. - License Restriction: type of rule set which handle things like software usage. Also can you transfer a license to another entity? Also license renewal: what's the cost, time frame, etc - International Export Controls: how certain types of information is sent outside US borders, especially things like military or DOD information. Nuclear, as well. Also, license/encryption keys.

What are three terms to know for the exam which are loosely related to security but don't have a great home inside any particular topic?

- Wiring Diagram is important. Needs to show types of horizontal runs, types of cables used, where the network room is, etc. Emphasizes the flow of the network. It includes equipment symbols and lines that indicate the flow - IDF/MDF Diagram shows the hierarchy of how your server rooms are linked as well as where each one is located. - Rack Diagram is what physically charts out what it on a server rack.

What are three types of Physical Diagrams?

- Bluejacking: The sending of unauthorized messages over a Bluetooth connection to a device - Bluesnarfing: Provides unauthorized access from a wireless device through a Bluetooth connection - Bluebugging: Creates unauthorized backdoor access to connect a Bluetooth device back to the attacker

What are three types of attacks that devices with Bluetooth are vulnerable to?

- Full backup; backs up everything then clears the bit for all files. - A Differential Backup means to backup all of the changes since the last full backup. If you did a full backup on Monday and a differential backup every day after that but Friday's backup got corrupted, the differential backup from Thursday would have all changes done since Monday's full backup. To restore the system, you would only need Monday's full backup and Thursday's differential backup. Less backup sets, but they get bigger. Does not clear the bit after. - Incremental Backup only backs up changes from last backup of any type. Following the same example above with a full backup on Monday, an incremental backup done each day would only document changes done on those days. So if Friday's backup failed again, to restore the system you would need Monday's full backup, plus each day's backup from Tues, Wed, and Thurs to restore the system. More backup sets, but they get smaller. Clears the bit.

What are three types of backup methods other than creating a system snapshot?

1. RG-58 (50 Ohms): one of the oldest types of coax used in networking. Has a BNC connector which is the older, bigger, plunger-style coax connector. It is not threaded but has a little lock which you rotate to stick into place. - Two types of coax connectors which are classically used with cable modems: 2. RG-59 (75 Ohms): this type of cable is older and not very robust. Has a threaded or F-type connector which is your regular coax plug. 3. RG-6 (75 Ohms): this is the one you will see most often nowadays. Thicker than RG-59.

What are three types of coaxial cable connectors and which ones are classically used with cable modems?

- MTTR (Mean Time To Repair) is basically how long something is down. If a box fails, how long does it take to get back up? - MTTF (Mean Time To Failure) is the time from when something is repaired until it fails again. This could also go from the point you first brought the box online until it failed the first time. - MTBF (Mean Time Between Failures) is the time from a failure, all the time to repair, and the time until it fails again

What are three types of failure terms for mission critical equipment?

- Plenum-rated: highest fire rating; is designed to be run through drop ceilings and raised floors - Riser-rated: less fire resistant than plenum; designed to run between floors in a building - PVC: regular cable, no fire resistance at all, can also make noxious fumes

What are three types of fire ratings for UTP cable?

- Serial Ports use a language called RS-232. Has connections of DB9 (smaller, turquoise port below) or DB25 based on # of pins - Parallel Ports or IEEE 1284 are the large, purple ones above and were typically used with printers - One legacy technology is still used on a lot of high-end routers and that is a Rollover/Yost Cable. On one end it looks like an RJ-45 cable but it is actually a serial connection. It has a flat cable, not round, and the other end is a regular 9-pin DB9 plug. If you plug a laptop or something into the switch or router, it provides a low-end connection to the device which allows you to reset it or whatever if something bad has happened.

What are three types of legacy cables which are still on the exam?

- Ad Hoc or P2P: devices freely connect to each other - Infrastructure: specialized wireless equipment for permitting the wireless communications to take place. - Mesh: more sophisticated than the ad hoc in that specialized nodes help move the traffic throughout the topology, but not as fancy as Infrstructure

What are three types of wireless topologies?

- Isochronous: network devices look to a common device in the network as a clock source, which creates fixed-length time slots; least amount of overhead - Asynchronous: network devices reference their own internal clocks, and network devices do not need to synchronize their clocks; can error check with parity bits - Synchronous: two network devices that want to communicate between themselves must agree on a clocking method to show the beginning and ending of data frames; can error check with CRC (Cyclic Redundancy Check)

What are three ways of synchronizing transmissions in the LLC sublayer of the Data Link layer of the OSI model?

- Dual PSUs (Power Supplies) on things like critical servers, switches, etc that are on the server racks. This gives you time to power down & save data and replace if one unit fails. Downside is if they are connected to the same electrical circuit; if the circuit fails, they will both still go down. - Redundant Circuitry helps with that issue. Each of the dual PSUs could be connected to separate circuit breakers so if a fuse blows on one, the other could still operate.

What are two backup power management solutions typically used in an enterprise environment?

- Reflective: With this attack, a third-party system is used to help carry out the attack; oftentimes this third party is not compromised, making this attack very difficult to track down. - Amplified: A DNS server is often used in an amplification attack, but other services could be used in the exploit as well. With these attacks, legitimate servers are tricked into flooding responses at a target system; the forged request tends to be small but results in large responses hitting the target. Note that these can be tough to mitigate against because the "reflector" server is a legitimate device.

What are two categories of DoS attacks?

- RIP (Routing Information Protocol): A Distance Vector protocol. Uses hop count as part of the metrics with a max allowed of 15 hops. Can delete redundant routing paths with larger hops (for example, if router Z can get to Network A through router Y or also get there by traveling through router X and then router Y). Downside is that it could take a while to get Convergence b/c it uses a set interval for communication between routers. The first version of RIP also could only handle strict Class A, B, or C networks and couldn't understand CIDR subnetting. RIP version 2 added support for CIDR and also added security. - OSPF (Open Shortest Path First): This is the #1 dynamic routing protocol today. It is a pain to configure. Used Link State protocol. As soon as you plug OSPF routers together, they begin sending out Link State Advertisements. Uses metric of "cost" which is based on link speed between two routers. Downside is that we have to set them up so there is a boss or Designated Router. Each router is configured to be in an Area ID. Big advantage is that Convergence happens much quicker. Also totally compatible with CIDR and works very well with BGP.

What are two examples of IGPs and how are they different?

- Distance Vector: the old granddaddy of dynamic routing protocols. Any type of this will be sending their entire routing table to all of their neighbors. The neighbors compare the new routing to their own and determine the best routes to use. A big problem with distance vector, though, is it leans heavily on hop count. It also uses a set interval for relaying information so if a router goes down, you will have to wait through the rest of the interval before getting back into convergence. - Link State is the other option and is an improvement over Distance Vector. One big reason is that it sends out "Hello" or Link State Advertisements (LSAs) which are basically pings to make sure known routers are still there. If they detect any difference, they will advertise that something has changed with how they are connected and send out a Link State Advertisement about it. This keeps it so you do not always have to send out entire routing tables and it also doesn't always happen at some set interval.

What are two groups of Dynamic Routing Protocols?

- Active-active: Both NICs are active at the same time, and each has its own MAC address. This makes troubleshooting more complex, while giving you slightly better performance than the active-standby approach. - Active-standby: Only one NIC is active at a time. This approach allows the client to appear to have a single MAC address and IP address, even in the event of a NIC failure.

What are two modes of NIC redundancy?

- Super Frame (SF): Combines 12 standard 193-bit frames into a super frame - Extended Super Frame (ESF): Combines 24 standard 193-bit frames into an extended super frame

What are two popular approaches to grouping T1 frames?

- Nessus - nmap

What are two popular vulnerability scanners?

- Whitelisting: when you manually add approved MAC addresses and only those devices are allowed on the network - Blacklisting: when you manually add MAC addresses of devices which are forbidden network access.

What are two types of MAC filtering?

- Forward: more old school. The client is aware of the proxy. The proxy servers forward the request as a representative of the client. Usually a dedicated box or software, like how school networks are usually set up. Provides caching, content filtering, & firewall functions. They are application specific, meaning whatever type of application you have, there is a specific proxy for it. - Reverse: represents a web server instead of a client. Its main job is to protect the web server. They are high security and designed to handle things like DoS attacks. Also used for Load Balancing, encryption acceleration, and caching. - Remember: forward proxies hide the clients and reverse proxies hide the server

What are two types of Proxy Servers?

- MMF (Multimode Fiber): designed to be used with LEDs and usually orange - SMF (Single-mode Fiber): designed to be used with lasers and usually yellow, intended for longer distances

What are two types of fiber optic cables and how can you tell them apart?

- Stateless firewalls are ones you just turn on. They look at whatever packets that come in and make decisions on it. For example, if they see one ICMP packet they will probably ignore it but if they see a whole bunch coming in at once they will take action. - Stateful firewalls look at the state of the connection & every single packet and inspect them. They will usually work off of something like an IP-based ACL. Creates a state table. Can also shut down individual ports. Can also be context-and application aware, running at Layer 7 of the OSI (DPI or Deep Packet Inspection).

What are two types of firewalls?

1. DNS, which has two subtypes: - Round Robin via DNS. This puts a special DNS server in front of your web servers and it will do an even rotation of how the servers receive traffic. However, one shortcoming is that after clients establish a connection, they will cache the IP address and next time they visit go directly to the web server and not even use the DNS server. - Delegation: helps with a possible issue of web servers on different continents by having reverse lookup zones with different PTR records for each web server. 2. Server-side Load Balancing involves a smart device that is physically at the location of your servers. This makes Clustering possible where your machines have a private network on the back end.

What are two types of load balancing?

RJ-45

What connector is used with twisted pair cabling?

A port and an IP address

What do sockets consist of?

DHCP Relay

What enables a single DHCP server to service more than one broadcast domain (i.e. remote networks)?

- RTP - SIP - H.323 - MGCP

What four protocols are used with Unified Communications & Medianets?

- Blocking: The port remains in the blocking state for 20 seconds by default. During this time, the nondesignated port evaluates BPDUs in an attempt to determine its role in the spanning tree. - Listening: The port moves from the blocking state to the listening state and remains in this state for 15 seconds by default. During this time, the port sources BPDUs, which inform adjacent switches of the port's intent to forward data. - Learning: The port moves from the listening state to the learning state and remains in this state for 15 seconds by default. During this time, the port begins to add entries to its MAC address table. - Forwarding: The port moves from the learning state to the forwarding state and begins to forward frames

What four states does a nondesignated port transition through if it needs to switch to a forwarding state?

NID (network interface device)

What hardware is located at the demarcation point?

224.x.x.x and it is Class D

What is a Multicast Address and what Class is it?

ICA (Independent Computing Architecture)

What is a is a Citrix Systems® proprietary protocol that allows applications running on one platform (for example, Microsoft Windows®) to be seen and controlled from a remote client, independent of the client platform (for example, UNIX)?

169.254.x.x

What is the APIPA address?

IPSec with IKEv1

What is the best method of securing VPN connections?

Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have very narrow beamwidth. For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12-degree radiation pattern.

What is the difference in beamwidth between high-gain and smaller-gain antennas?

n(n-1)/2, where n is the number of nodes. For example, a full mesh of 5 sites would be: 5(5-1)/2, so the answer is 10 connections

What is the formula for determining how many connections are required in a full mesh network?

1. Once devices on a network are connected and have Link Local addresses, they can begin a NS (Neighbor Solicitation) message. This is not propagated as a broadcast but as a multicast and they use a specific protocol called ICMPv6. 2. The other devices on the network which see the NS will then begin sending NA (Neighbor Advertisement) messages back. These say, "this is who I am, this is my MAC address, and this is my link local address". 3. To get out on the internet, devices have to send out a RS (Router Solicitation) message. This does a lot of stuff. 4. When routers hear an RS, they will send back a RA (Router Advertisement) which is the cornerstone of what makes IPv6 work. The routers use stateless autoconfiguration to provide all the info that computers need to get on the internet. They will get their internet address, the subnet mask (always /64), gateway info, and also any DNS information.

What is the four step process computers & routers use to connect with each other in IPv6?

1. Reserved client options 2. Class options 3. Scope options 4. Server options

What is the order of precedence for DHCP options?

128; keep halving it until you get down to 1. The result will be: 128 64 32 16 8 4 2 1 Whichever binary position has a value of 1, add the numbers. If it is a zero, do not add the numbers. For example, 11000101 comes out to 197

What number do you need to remember for converting base 10 to binary and what do you do with it?

- PPPoE; it encapsulates PPP frames within Ethernet frames. Would be used between a home/business and the service provider.

What protocol is very popular with DSL and how does it work?

Out-of-band management

When network management traffic is kept on a separate network from where user traffic occurs.


Kaugnay na mga set ng pag-aaral

Quiz: Administering a Large-Volume Cleansing Enema

View Set

Arithmetic Sequences, Geometric Sequences

View Set

Campbell AP Biology Mastering Biology Chapter 23 Work

View Set

Ch 15: Animation: Autonomic Nervous System

View Set

THEA 2013 Quiz Reviews (Modules 1-7)

View Set

History & Geography 808: Twentieth Century World Power - Cost of Conflict

View Set