FINAL Net+ Need to Know

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

HOSTS file located in __ on Windows systems.

%SystemRoot%\System32\Drivers\Etc

Windows servers store their DNS files in (path)

%systemroot%\system32\DNS

Review ST, SC, LC, MTRJ, and (dion) FC connector images on Google Images.

((*N/A))

********Go over Dion Video Notes flashcards ***

********((((do it ))))**********

******Go over N+ Pocket Prep Flash Cards ****

***DO IT***

Describe the syslog alerts and their severity levels: (7) (describe)

-0 Emergencies: The most severe error conditions, which render the system unusable -1 Alerts: Conditions requiring immediate attention -2 Critical: A less-severe condition, as compared to alerts, that should be addressed to prevent an interruption of service -3 Errors: Notifications about error conditions within the system that do not render the system unusable -4 Warnings: Notifications that specific operations failed to complete successfully -5 Notifications: Non-error notifications that alert an administrator about state changes within a system -6 Informational: Detailed information about the normal operation of a system -7 Debugging: Highly detailed information (e.g., individual packets) that is typically used for troubleshooting

A change management policy should specify the steps to take to implement changes to any of the servers or network devices. An example of what your change management steps may be includes the following: (8)

-Determine the change that is needed. The first step to making a change is identifying that the change is required. -Test the change in a test environment. It is critical to have a test environment that is configured similar to your production environment so that you can test the change. Testing the change allows you to identify issues that arise when the change is made. -Prepare and test a backout plan. Although the change worked in the test environment, always have a plan for how you are going to put the production system back to its original state should the change go bad. -Create a backup before implementing the change. Back up the system or device before making a change on the production system. -Schedule a time for the change. Schedule an appropriate time for the change—this is typically during hours of low network utilization, such as the middle of the night or on the weekend. Notify your users that you have scheduled the change during that time. -Implement the change. During that scheduled time, implement the changes that have been planned and tested. -Verify the state of the system after the change. After the change has been implemented, make sure you verify that the system has not been negatively affected by it. -Document the process and results. Take time to document the process you followed during the change and document the results of the change (whether it was successful or failed).

The following outlines the steps to implement change: (6) (describe)

-Document reason for change: The first step is to identify the need for the change and document the reason why the change is needed. -Change request: After documenting the need for the change, you can create the official request for change. In the change request include the configuration procedures for making the change. You should also include the rollback process you will take should something go wrong with the change. You want to document the potential impact that the change will have on a system or network (be sure to note positive impact and negative impact). Finally, you want to specify in the change request how employees will be notified of the change. -Approval process: After submitting the change request, the request will be reviewed and either approved or denied. -Maintenance window: Assuming the change has been approved, you will want to plan the maintenance window of when the change will occur. Make sure you are clear on your authorized downtime and ensure that you have the system or network operational again within that authorized downtime window. For example, management may say you can have the system down for three hours, so be sure that your change can be implemented and have things operational again within three hours—this takes great planning and testing (never perform the change the first time on a production system)! -Notification of change: It is a good idea to let the employees know when you are implementing a change and what they can expect to see after the change is made. For example, if you are deploying new software, be sure to warn them if the old software they are used to is being removed. After the change is made, you should follow up with a notification of what was changed and the status of the change. -Documentation: As mentioned earlier, it is important to update documentation after the change is completed. This includes any new or modified network configurations, additions to the network (maybe you added a new server), and any changes to the physical location.

There are two common serial link encapsulation protocols: (describe)

-HDLC: The High Data Link Control protocol is a Cisco-proprietary protocol that you can use to connect to another Cisco device at the other end of the serial link. -PPP: The Point-To-Point Protocol is an industry-standard serial link protocol that supports authentication. This protocol can be used to connect to any equipment that supports PPP

Two different protocols can be used for VLAN tagging: (describe)

-ISL The InterSwitch Link (ISL) is the Cisco-proprietary protocol for tagging packets and associating them with a particular VLAN on older switches. -802.1Q 802.1Q is the IEEE standard for VLAN trunking. Newer switches, such as the ones from Cisco, HP, and Juniper Networks, use 802.1Q as the tagging method.

UNIX and Linux also use a number of log files to record activity on the system. The following are some popular log files in Linux: (3) (describe with location)

-Linux system log file: Most system and kernel messages are logged into the/var/log/messages text file. For example, failed logins or newly detected hardware messages show up in this file. -Linux last login file: The/var/log/lastlog file lists the user name, IP address, and date/time of user logins. Use the lastlog command to view this data. -Linux Apache Web Server logs: Apache stores error and access log files under/var/log/apache2. Since these are text files, use any text editor to view them.

The data link layer is divided into two sublayers:(explain)

-Logical link control (LLC): This is responsible for error correction and control functions. -Media Access Control (MAC): This determines the physical addressing of the hosts. It also determines how the host places traffic on the medium—for example, CSMA/CD versus token passing. The MAC sublayer maintains physical device addresses (commonly referred to as MAC addresses) for communicating with other devices on the network. These physical addresses are burned into the network cards and constitute the low-level address used to determine the source and destination of network traffic.

Compare NIC teaming and port aggregation

-NIC teaming: A feature that allows you to combine multiple NICs into a grouping that consolidates the bandwidth of each NIC in the team and an IP address is assigned to the team. The benefit is not only combined bandwidth, but also if one network card fails in the team, the other network card is there to handle the traffic requirements. Many server-based operating systems have a NIC teaming feature such as Windows Server 2016. -Port aggregation: Is a feature of network switches that allows you to consolidate the bandwidth of multiple ports on the switch to provide more throughput to a system or device. Port aggregation is also known as link aggregation, and is part of IEEE 802.3ad and IEEE 802.1AX.

SSL can work only with guaranteed transports—or basically anything using the TCP protocol—and is made up of two protocols: (describe)

-SSL Handshake: is used to create a secure session between the two systems that are communicating. This includes all methods and parameters used for the encryption. -SSL Record: is used to encrypt all data packets, including the SSL Handshake data packets.

On top of the technologies already mentioned in this chapter, IoT could also use (3)(Describe)

-Z-Wave This is a wireless networking protocol that uses a mesh topology to allow home appliances to communicate with one another. Common examples of where this is used is to wirelessly control lights, security systems, windows, and locks. -Ant+ This is an extension to the ANT standard that allows hardware devices to communicate with one another over the 2.4 GHz frequency. The Ant+ extension allows for communication with multiple devices at the same time. -RFID The radio-frequency identification (RFID) technology assigns a tag to an object that then stores information about that object. The RFID tag can later be read through radio waves to obtain the information about that object. An example of where this could be used is on a part in an assembly line—as the part moves through the assembly line, the tag could be read to track the progress of that part.

What nbtstat -a, nbtstat -A, nbtstat -c, nbtstat -n, nbtstat -R, nbtstat -RR, and nbtstat -s do:

-a: Lists the specified computer's name table given thecomputer's name. -A: Nbtstat switch that Lists the specified computer's name table given thecomputer's IP address. -c: Lists the contents of the NetBIOS cache. -n: Lists locally registered NetBIOS names. / Displays the lmhosts file, which is the NetBIOS name table, and is similar to the hosts file. -R: Purges and reloads the cached name table from the LMHOSTSfile. -RR: Releases and then reregisters all names. -s: displays a list of all the current NetBIOS sessions for a machine

What each of these nmap switches do: -sS, -sT, -sU, -p, -sV, -A, -sN, -sF, -sX

-sS: (TCP SYN. TCP SYN port scan (Default). This is a fast technique (also referred to as half-open scanning) asthe scanning host requests a connection without acknowledging it.). -sT: (TCP Connect. TCP connect port scan(Default without root privilege). A half-open scan requires Nmap to have privileged access tothe network driver so that it can craft packets. If privileged access is not available,Nmap must use the OS to attempt a full TCP connection. This type of scan is lessstealthy.). -sU: ( UDP port scan. Scan UDP ports. As these do not use ACKs, Nmap needs to waitfor a response or timeout to determine the port state, so UDP scanning can take along time. A UDP scan can be combined with a TCP scan.). -p: (Port range. By default, Nmap scans 1,000 commonly used ports. Use the -pargument to specify a port range. ). -sV: (Attempts to determine the version of the service running on port). -A: (Enables OS detection, version detection, script scanning, and traceroute. ) -sN: (Use -sN for a NULL scan in which no flags are set in the transport layer header. If the port is closed, then the destination operating system will send back an RST. If the port is open, then nothing is sent back.) -sF: (Use -sF for a FIN scan in which the FIN flag is set in attempt to trick the operating system into responding to closed ports with an RST, similar to a NULL scan. ) -sX: (Use -sX for an Xmas-Tree scan in which the URG, PSH, and FIN flags are set in an attempt to trick the operating system into sending an RST for closed ports.)

Linux system log file: Most system and kernel messages are logged into the __(path) text file.

/var/log/messages

(dion) SONET is what layer?

1

X.25 runs at what layer(s) of the OSI model?

1 2 3

802.11ac transfer rate

1 Gbps

Older versions of WiMax run at 40 Mbps, while newer versions offer speeds of __ and above.

1 Gbps

Bluetooth approximate data transfer rate max

1 Mbps

Frame Relay runs at what layer(s) of the OSI model?

1 and 2

What pins on T1 receive and what pins send?

1 and 2 receive, 4 and 5 send

Bluetooth provides a transfer rate of up to

1 mbps

(official) IR distance about

1 meter

RFID approximate distance limitation

1 meter

With infrared, the two devices will need to be within __(distance) of each other.

1 meter

Size of 1U

1.75 inches

Download speeds of cable modems can reach __, but may differ with different providers.

10 mbps

Bluetooth approximate max range distance

10 meters

FDDI uses a fault-tolerant ring topology and fiber-optic cabling that reaches speeds of __ or more.

100 Mbps

1000BaseSX and 1000BaseLX max distance

1000BaseSX: 550 meters. 1000BaseLX: 3 KM

1000BaseSX and 1000BaseLX max distance, 10gbaseSR, 10gbaseLR, 10gbaseER max distances

1000BaseSX: 550 meters. 1000BaseLX: 3 KM 10GBaseSR: 400 meters, 10GBaseLR: 10 km, 10GBaseER: 40 km

Indicate (Myers) max distances of: 10GBaseSR, 10GBaseLR, 10GBaseER, 10GBaseSW, 10GBaseLW, 10GBaseEW, 1000BaseSX, 1000BaseLX (multimode and singlemode), 1000BaseCX

10GBaseSR: 400 meters, 10GBaseLR: 10 km, 10GBaseER: 40 km, 10GBaseSW: 100 meters, 10GBaseLW: 10 km, 10GBaseEW: 40km, 1000BaseSX: 550 meters, 1000BaseLX MMF: 550m SMF: 5km, 1000BaseCX: 25 meters

CWDM can have up to 16 wavelengths (channels) in a single fiber pair that are spaced apart (allowing the use of cost-effective lasers) enabling data to reach __(distance)

120 KM.

WPA key size

128 bit

AES is a block cipher that supports how many bit encryption?

128-bit, 192-bit, and 256-bit

Number of possible 2.4 GHz channels

13 (channels 1 - 13)

Firewire speeds

1394a: 400 mbps. 1394b: 800 mbps

RIP is limited to __(#) hops

15

RIP max hop count

15

(Dion) A general rule of thumb in home networking says that Wifi routers operating on the traditional 2.4 GHz and 5.0 GHz bands can reach up to about __(distance) indoors and __(distance) outdoors.

150 feet (46 m); 300 feet (92 m)

Indicate the class B private address range:

172.16.0.0 = 172.31.255.255

To allow PPTP traffic to pass through the firewall, you will need to open TCP port __ (control port) and protocol ID __ (carries the data) on the firewall.

1723; 47

1: nbtstat command that displays the lmhosts file, which is the NetBIOS name table. 2: nbtstat command that purges and rebuilds the NetBIOS name cache on the local computer using entries in the lmhosts file. 3: nbtstat command that displays a list of all the current NetBIOS sessions for a machine. 4: nbtstat command that lists the remote machine's name table given its name. 5: nbtstat command that lists the remote machine's name table given its IP address.

1: nbtstat -n 2: nbtstat -R. 3: nbtstat -s. 4: nbtstat -a. 5: nbtstat -A

(dion) ATM is what layer?

2

(dion) what layer is frame relay?

2

How many D channels does E1 have?

2

PPP is what layer?

2

Transparent firewall is what layer?

2

Your network relies on the use of ATM cells. At which layer of the OSI model do ATM cells operate?

2

Don't knowX.25 has transfer rate of

2 Mbps

ATM runs at what layer(s) of the OSI model?

2 and 3

MMF distances up to

2 km

5 GHZ needs how many cells between channel overlap?

2. (2.4 only needs 1).

Class of Service (CoS) is another method of providing QoS, but it is done at layer

2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority).

Does the 2.4 or 5 GHz frequency have better protection against absorption when passing through walls?

2.4 has better protection from absorption through walls

FDDI uses fiber-optic cable operating at 100 Mbps or greater that can cover distances of up to

200 KM

IPv6: global unicast address prefix, Link local address prefix, Unique local address prefix, and Multicast address prefix:

2000::/3. FE80::/10. FC00::/7. FF00::/8

Teredo address start with

2001:0000:/32

6to4 addresses start with

2002

What is the /16 prefix for all 6to4 address?

2002

There are __(#) non-overlapping channels in the 5 GHz frequency.

23

ATM will provide for high bandwidth as needed if enough users are requesting it. ATM bandwidth ranges from slow speeds (around 12.95 Mbps to __ using copper media such as Category-3 UTP cable) to high speeds (around __ using fiber-optic cable).

25 Mbps; 622 Mbps

IGRP hop count

255

Bandwidth of T4

274.176 Mbps

(official) bluetooth speeds up to

3 Mbps

LTE/4G Long-Term Evolution (LTE) is a 4G wireless technology designed to give broadband service to mobile users through the phone. LTE reports a speed of __ in theory, but a practical speed of __is the current speed reached for downloads.

300 Mbps; 100 Mbps

Cats 3 - 7 whether they are recognized by TIA

3: yes 4: no 5: no 5e: yes 6: yes 6A: yes 7: no

What layer are load balancers?

4

What layer is a load balancer?

4

infrared transfer rates up to

4 mbps

10gbaseSR, LR, ER max distances (same as the W versions)

400 meters, 10 km, 40 km

802.11n can have a channel bandwidth of 40 MHz (when running on __ GHz frequency).

5

What OSI layers does SSL VPN use?

5-7

Frame Relay supports transfer rates as high as

50 Mbps

When does a DHCP client renew its IP address lease?

50% of the lease cycle

Satellites provide download speeds as high as

500 Kbps

Don't knowL2TP has been around for quite a few years now, but is a newer VPN protocol than PPTP. L2TP uses the more secure IPSec (Internet Protocol Security) for encryption of traffic instead of MPPE. To allow L2TP traffic through your firewall, you will need to open UDP port __ (for key exchange), UDP port __ (for IPSec NAT), and UDP port __ on the firewall.

500; 4500; 1701

On the job: Also know that Very High Bitrate DSL (VDSL) is a new high-speed Internet technology that, for short distances, can offer a transfer rate of __ and is deployed over copper lines.

52 Mbps

DES uses a block cipher methodology to apply a __(#)-bit symmetric key to each 64-bit block.

56

Exam watch: Remember that the maximum available speed with an analog modem is

56 Kbps

ATM is a WAN technology that allows for speeds of __ or more.

622 Mbps

Class B value of First Octet and number of hosts

65,534

what 802.11 standards has 22mhz bandwidth?

802.11b

Don't knowSTP is known as IEEE __?

802.1d

Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the Priority Code Point (PCP) within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority). This QoS technique is known as IEEE __

802.1p

Class of Service (CoS): This QoS technique is known as IEEE __

802.1p

RSTP is IEEE ___

802.1w

The IEEE __ standard, known as 1000BaseT or 1000BaseTX

802.3ab

gigabit ethernet over twisted pair cabling is IEEE __

802.3ab

Link aggregation standard is IEEE __

802.3ad

The IEEE standard for link aggregation

802.3ad

Compare IEEE 802.3ad and 802.3ab

802.3ad is link aggregation control protocol. 802.3ab is gigabit ethernet over twisted pair

IEEE 10-Gigabit Ethernet standard

802.3ae

PoE is IEEE __

802.3af

What IEEE PoE standard provides 15.4 watts?

802.3af

PoE+ is IEEE __

802.3at

1000BaseSX, LX, CX known as IEEE __

802.3z

HSPA+ offers broadband speeds of __ for downloads and __ for uploads.

84 Mbps ; 22 Mbps

List 2 multimode fiber wavelengths:

850 nm; 1300 nm

Kerberos default port

88

DSL is typically referred to as Asymmetric Digital Subscriber Line (ADSL) and is provided by telecom providers and allows the ADSL subscriber to use the phone and the Internet simultaneously, with download speeds as high as __ and upload speeds around __ (hence asymmetric).

9 Mbps; 1 Mbps

Approximate distance limitation of using NFC

<5 cm

The Event Viewer is an application that reads the binary log files stored in the __ folder.

<windows directory>\system32\config

MIMO: The configuration of 802.11n devices is identified by AxB:C notation. (describe what A,B,C represent)

A is the numberof transmit antennas, B is the number of receive antennas, and C is the number ofsimultaneous transmit and receive streams (spatial streams).

Which protocol and port do you need to configure on the inbound host-based firewall for a DHCP server? A. UDP/67 B. TCP/67 C. UDP/68 D. TCP/68

A. (The DHCP server waits for connection from clients on UDP/67; the clients will send the requests from UDP/68. Therefore, the inbound host-based firewall should be configured to accept traffic from UDP/67.)

(dion) SONET is layer 1 and transports Layer 2 encapsulation (such as __)

ATM

Dense Wavelength Division Multiplexing (DWDM) is a technology used to increase the bandwidth over existing fiber-optic cabling. With DWDM, multiple signals are delivered at different frequencies in the fiber, which allows you to send more data through the fiber cable. DWDM can be used with __(3)networks.

ATM, SONET/SDH, and Ethernet

Thicknet connector used to connect NIC to cable type

AUI

he flaws in WEP allow attackers using WEP crackingtools, such as (2)

Aircrack-NG or AirSnort

Multicast for all IPv6 routers and all IPv6 nodes and solicited nodes

All IPv6 routers(ff02::2:). All IPv6 devices (ff02::1:). Solicited nodes (ff02::1:ffxx:xxxx)

The following is a list of common problems when connecting to wireless: describe bandwidth saturation

Another common issue with larger wireless environments is bandwidth saturation, which is when all the available bandwidth is being utilized. Look to installing additional access points.

(official) A managed router has an interface that is designed to connect to a modem and to provide remote access over a dial-up link. What type of interface provides this function?

Auxiliary port (AUX). (The Auxarilly (AUX) port is designed to connect to a modem and provide remote access over a dial-up link. The console port requires connecting a terminal (a laptop, for instance) to the device via a separate physical interface, using a special console cable.)

Describe BPDU guard and Root guard

Bridge Protocol Data Unit (BPDU) Guard is a feature on Cisco switches, but it can also be found on other vendor switches as well. It is configured in conjunction with STP and RSTP on user-facing access ports. It should never be configured on trunk ports between switches. BPDU Guard will instantly place the switch port into an err-disable state if BPDU frames are detected on the port. When a violation occurs, the port is placed into an err-disable state, and administrator intervention is required to reset the port. BPDU Guard is used to prevent STP switching attacks. Root Guard is a feature on Cisco switches, and variations can be found on other vendor switches as well. The feature is similar to BPDU Guard because it is configured in conjunction with STP and RSTP on user-facing access ports. It should never be configured on trunk ports between switches, similar to BPDU Guard. Root Guard will instantly place the switch port into an inconsistent STP state of listening mode if a lower MAC address and priority combination is shown. This lower MAC address and priority combination would otherwise cause an election in which the new switch would win, thus protecting the current root bridge. This will effectively stop the switch port from forwarding any traffic until the BPDUs are no longer received on the switchport for a period of time. Unlike BPDU Guard, the port does not need administrator intervention. Root Guard is also used to prevent STP switching attacks.

Explain what the Content Addressable Memory (CAM) term refers to

CAM tables is another term for the MAC Address Table

What would you say is the max CAT supported by a 66 block?

CAT 3

A number of Simple Network Management Protocol (SNMP) tools can monitor interfaces on the switches, routers, and servers, such as (2)

Cacti and MRTG.

Be aware of the following event management tools when preparing for the Network+ certification exam: Alerts: Alerts are a great monitoring tool, as you can configure software to send an alert based on certain conditions or thresholds. You can configure the alert to notify you either via e-mail or text messages to your mobile device (SMS). Alerts are a common feature of many monitoring tools such as __(3) that can monitor networks and servers and generate alerts when abnormalities occur.

Cacti, Xymon, and Nagios

What is a rolled/rollover cable used for?

Connecting a host interface to a router COM (console) port

Ports used by DHCP servers and by DHCP clients. Ports used by SNMP managers and by SNMP agents.

DHCP servers: UDP port 67; Clients: UDP port 68. SNMP managers UDP 162. SNMP agents UDP 161

What identifier is used by a frame relay network to refer to a virtual circuit?

DLCI. A Data Link Connection Identifier (DLCI) is used in a frame relay network to distinguish between virtual circuits. Many DLCIs can be associated with one frame relay interface. It is this property that enables frame relay configurations to save over individual leased lines because it can break the connections into multiple circuits.

When does DNS use TCP and when does it use UDP?

DNS uses TCP for zone exchanges between servers and UDP when a client is trying to resolve a hostname to an IP address. See the "Introduction to the Internet Protocol" module for more information.

What is the device that terminates the DSL signal coming from a customer's location?

DSLAM

An ISDN transmission circuit consists of a logical grouping of data channels. With ISDN, voice and data are carried by these channels. Two types of channels, a B channel and a D channel, are used for a single ISDN connection. Each channel has a specific function and bandwidth associated with it. The bearer channels, or B channels, transfer data. They offer a bandwidth of 64 Kbps per channel.The data channel, or D channel, handles signaling at 16 Kbps or 64 Kbps. This includes the session setup and teardown using a communications language known as

DSS1

__ is part of the data link layer of the OSI model and is responsible for identifying a system with a unique 48-bit MAC address.

Data Link Control (DLC)

(DION) Compare administrative distance value (order them. knowing the exact number is not required) of statically configured network, directly connected network, OSPF, RIP, and EIGRP

Directly connected network (0), statically configured network (1), EIGRP (90), OSPF (110), RIP (120)

What netstat -b does

Displays the executable involved in creating each connection or listening port.

In DNS cache poisoning, an attacker targets a DNS server to query an evil DNS server instead of the correct one. The server can in turn tell the target DNS server spoofed DNS information. The DNS server will cache that spoofed information, spreading it to hosts and possibly other servers. To prevent DNS cache poisoning, the typical use case scenario is to add __ for domain name resolution.

Domain Name System Security Extensions (DNSSEC)

WPA has improved upon WEP by offering two key features: Authentication: WPA uses __ as the authentication protocol, which allows for more secure authentication using public key encryption and authentication.

EAP

Identify the ADs of the dynamic routing protocols:

EIGRP: 90. OSPF: 110. RIP: 120.

IPSec uses __ (protocol) to encrypt traffic

ESP

other encryption technologies you should be familiar with: IPSec: The IP Security (IPSec) protocol is used to encrypt all IP traffic once IPSec has been enabled on the system or device. The IPSec protocol uses __ to encrypt traffic, __ protocol for message integrity and authentication, and __ to exchange encryption keys between systems.

Encapsulation Security Payload (ESP); Authentication Header (AH); Internet Key Exchange (IKE)

What is the IPv6 prefix for unique local addresses?

FC00::/7

IPv6 Multicast addresses start with the __ prefix.

FF02

Compare Active FTP and Passive FTP

FTP has two ways to transfer data: active and passive FTP. Traditionally, FTP used the active process—let's see how this works. Remember that FTP uses TCP ports 20 and 21? Well, when your client sends an FTP request, it goes out on port 21. When your FTP server responds, however, it sends the data back using an ephemeral destination port and port 20 as a source port. Active FTP works great unless your client uses NAT. Since your client didn't initiate the incoming port 20, your NAT router has no idea where to send this incoming packet. Additionally, any good firewall sees this incoming connection as something evil because it doesn't have anything inside the network that started the link on port 20. No problem! Good FTP clients all support passive FTP. With passive FTP, the server doesn't use port 20. Instead, the client sends an FTP request on port 21, just like active FTP. But then the server sends back a random port number, telling the client which port it's listening on for data requests. The client, in turn, sends data to the port specified by the FTP server. Because the client initiates all conversations, the NAT router knows where to send the packet. The only trick to passive FTP is that the client needs to expect this other incoming data. When you configure an FTP client for passive, you're telling it to expect these packets.

The IEEE 802.3z standard, known as 1000BaseX, defines Gigabit Ethernet that runs over

Fiber or Coaxial cable

Which WAN technology relies on virtual circuits and point-to-multipoint connections?

Frame relay

PPTP is an older VPN protocol used to encrypt PPP traffic and is common in Microsoft environments. PPTP uses the __ protocol to transport the PPP packets, but the __ protocol to encrypt the traffic. To allow PPTP traffic to pass through the firewall, you will need to open TCP port 1723 (control port) and protocol ID 47 (carries the data) on the firewall.

Generic Routing Encapsulation (GRE); Microsoft Point-to-Point Encryption (MPPE)

How to modify the user rights on a Windows system using local security policy

Go to local security policy in Administrative Tools. Select Security settings > Local Policies > User rights assignment

Don't knowPoint-to-Point Protocol (PPP) is a Data link layer (Layer 2) communications protocol used to establish a direct connection between two nodes. When connecting a Cisco and non-Cisco router, PPP encapsulation is default. If connecting two Cisco routers, then __ encapsulation is default.

HDLC

PPP framing defines the format in which data is encapsulated before it crosses the network. PPP offers a standard framing solution that enables connections to any standard PPP server because all vendors use the same format. PPP uses __ as the basis for its encapsulation framing for serial connections.

HDLC

(dion) __ distribution network is a cable television infrastructure containing both coaxial and fiber-optic cabling

Hybrid Fiber-Coax (HFC)

Does RIP use the concept of an autonomous system?

I don't think so.

Gigabit Ethernet has two standards known as IEEE _ and __

IEEE 802.3z ; IEEE 802.3ab

Differentiated Services Code Point (DSCP) is a field within the __ header known as the DS field that is designed to identify the type of traffic that the IP packet is carrying.

IPv4 and IPv6

The following are default locations in Windows that you can use to find log files: Firewall log: (explain)

If you turn on logging in the Windows Firewall in the Advanced Settings page, you can log dropped packets to the default log file of %windir%\system32\logfiles\firewall\pfirewall.log.

What osi layer does ethernet run at?

Layer 2

Describe the 802.11n WAP modes: (3)

Like 802.11g, 802.11n WAPs can support earlier, slower 802.11b/g devices. The problem with supporting these older types of 802.11 is that 802.11n WAPs need to encapsulate 802.11n frames into 802.11b or 802.11g frames. This adds some overhead to the process. Worse, if any 802.11b devices join the network, traffic drops to 802.11b speeds. (802.11g devices don't cause this behavior on 802.11n networks.) To handle these issues, 802.11 WAPs can transmit in three different modes: legacy, mixed, and greenfield. These modes are also sometimes known as connection types. Legacy mode means the 802.11n WAP sends out separate packets just for legacy devices. This is a terrible way to utilize 802.11n, but it's been added as a stopgap measure if the other modes don't work. In mixed mode, also often called high-throughput or 802.11a-ht/802.11g-ht, the WAP sends special packets that support the older standards yet also can improve the speed of those standards via 802.11n's wider bandwidth. Greenfield mode is exclusively for 802.11n-only wireless networks. The WAP will only process 802.11n frames. Dropping support for older devices gives greenfield mode the best goodput.

What protocol does the IEEE 802.3ad specification represent?

Link Aggregation Control Protocol (LACP)

The following is a list of popular logical issues that cause problems on networks: Discovering neighboring devices/nodes:You may experience problems discovering neighboring devices or nodes if a firewall is preventing discovery protocol traffic or the Windows system has the __(protocol) disabled.

Link Layer Discovery Protocol (LLDP)

What is IEEE 802.3ad?

Link aggregation

3 sample vulnerability scanners

MBSA: A free download from Microsoft's website (www.microsoft.com/downloads). -GFI's LanGuard: A commercial tool that provides a wealth of information about the system being assessed and security-related issues (www.gfi.com). -Nessus: Originating in the Linux environment, Nessus is a common vulnerability assessment tool that also has a Windows version (www.tenable.com/).

PPTP uses __ to encrypt VPN traffic

MPPE

The __connector is a common fiber connector type for small form-factor systems.

Mechanical Transfer Registered Jack

An IPv6 host has just been connected to the Internet. Several ICMPv6 packets are sent between the host, other hosts, and the router on the network segment. Several RS, RA, NS and NA packets are also exchanged. Which protocol was used for this purpose?

Neighbor Discovery Protocol (NDP)

The UNIX and Linux standard directory service is

Network Information Service (NIS), which has been superseded by NIS+ and Lightweight Directory Access Protocol (LDAP)

RADIUS (Remote Authentication Dial-in User Service), which is implemented within Windows Server 2016 as

Network Policy Server (NPS).

IGP dynamic routing protocols that support IPv6

OSFPv3 and EIGRP

(Sequoia) describe metrics that OSPF, RIP, and EIGRP use.

OSPF: Cost. RIP: hop count. EIGRP: EIGRP can utilize multiple metrics such as bandwidth, delay, reliability, load and MTU. By default, however, EIGRP only uses bandwidth and delay as the two metrics.

(Dion) What metrics do OSPF, RIP, IS-IS, and EIGRP use?

OSPF: cost (based on link sped between routers) . RIP: hop count. IS-IS: cost (based on link sped between two routers). EIGRP: bandwidth and delay.

Many forms of RSA encryption are in use today, including the popular

PGP

What ports are opened for PPTP and L2TP (using IPsec)?

PPTP port TCP 1723; L2TP ports UDP 500, 4500 and 1701;

Two technologies make up the overwhelming majority of dial-up connections:

PSTN and ISDN.

What is the Cisco proprietary aggregation protocol for ports on a network switch?

Port Aggregation Protocol (PAgP)

The following are some key issues to watch for that relate to troubleshooting WANs: Interface errors: The WAN interface uses different protocols; for example, if the WAN port is a serial link, you should verify the correct layer-2 protocol is running, such as __ or __

Port-to-Port Protocol (PPP); High-Level Data Link Control (HDLC).

What layer is HTML?

Presentation

What layer is SSL?

Presentation

Class of Service (CoS) is another method of providing QoS, but it is done at layer 2. This QoS technique uses a field known as the __ within the Ethernet frame to specify a priority value from 0 (lowest priority) to 7 (highest priority).

Priority Code Point (PCP)

Frame Relay runs at layers 1 and 2 of the OSI model and supports transfer rates as high as 50 Mbps along with features such as

QoS

What is 802.1p?

QoS / traffic shaping (that is done at Layer 2)

OSPF, RIP, EIGRP hop cont

RIP: 15. EIGRP: 255. OSPF: Unlimited

Does RIP support classless?

RIPv1 doesn't. RIPv2 does. (review guide)

Describe RIP versions and their support for classless addresses

RIPv1 only works with classful addresses because it doesn't send subnet mask information with the routing table. RIPv2 is an update to RIPv1 and does support classless addressing and variable-length subnet masks because it sends the subnet mask information with the routing table.

Identify the classless routing protocols

RIPv2 (and newer), EIGRP, OSPF, IS-IS, BGP. (Not RIPv1 or IGRP)

(official) Historically, these were based on the Gigabit InterfaceConverter (GBIC) form factor, which used __ ports and was designed (as the namesuggests) for Gigabit Ethernet. GBIC was very bulky and has largely been replaced bySmall Form Factor Pluggable (SFP), also known as mini-GBIC. SFP uses __ connectors and is also designed for Gigabit Ethernet.

SC; LC

Unified communication leans heavily on __ and __ protocols, but can also use __ or __.

SIP; RTP; H.323; MGCP

Once the zone is created, you will notice that the __ record and the __ record are created automatically.

SOA; NS

Explain three DHCP options numbers

Select the 003 Router check box. Then type the IP address for your router and click the Add button. 6. Select the 006 DNS Servers check box. Then type the IP address for your DNS server and click the Add button. 7. Select the 015 DNS Domain Name check box

How to get to audit policy on a domain security policy:

Server Manager > Tools > Group Policy Management. Forest > Domains > Practicelabs.com > Group Policy Objects > (edit) Default Domain Policy. Computer configuration > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy

Describe split horizon and poison reverse

Split horizons prevent routing updates from being received on the same interface that a route update was sent from stating that the destination network is down. This creates an artificial horizon where a router cannot be told a path to its own network is available via another router. Poison reverse exploits the maximum hop count of 15 to stop routers from receiving an update to an alternate path to the same network. When a router detects a network that it manages is down, it will adjust the hop count to 16 and continue to populate the route entry. This will poison all the tables in the network for the affected network. When it comes back up, the route entry will be adjusted back.

The following are default locations in Windows that you can use to find log files: Audit logs (explain)

Stores the log entries in the Security Log of the Windows Event Viewer. The files for the Event Viewer are stored in the c:\windows\system32\config folder, but you will use the Event Viewer to view the log entries.

__ monitors network activity from a UNIX system.

System & Network Integrated Polling Software (SNIPS)

In previous versions of Windows, Performance Monitor used to be called

System Monitor

What logs can be seen in Event Viewer?

System, Security, Application

H.323 port

TCP 1720

PPTP uses port

TCP 1723

TACACS+ port

TCP 49

RTSP port

TCP 554

Teredo prefix and 6to4 prefix

Teredo: 2001. 6to4: 2002

Describe the Kerberos process

The Kerberos process starts when the client logs on to the network. The KDC has a component known as the authentication server (AS), which gives the client a ticket-granting ticket (TGT), which gives the client permission to request a service ticket. The service ticket is required to request service from a server on the network. When the client wants to connect to a specific server on the network, it must request a ticket from the ticket-granting service (TGS), which is another component of the KDC. The TGS grants the ticket to the client so the client can access the required server on the network.

What is SLIP?

This encapsulation protocol transmits IP over a serial link. On data networks, PPP is more prevalent (and just as unsecure), but SLIP may still be in use on embedded systems networks.

To review the security log in Windows Server 2016,

Tools > Event Viewer > Windows Logs > Security log

What is needed for WEP devices to use WPA?

Typically, only a software upgrade is needed for WEP devices to use WPA.

RADIUS ports

UDP 1812 and 1813

Identify the Windows version of ping using IPv6 and the Linux version of ping using IPv6

Windows: Ping -6 www.google.com. Linux: ping6 www.google.com.

6to4 addresses start with

a leading 2002

what is tcpdump?

a packet analyzer for Linux

(dion) whenever you hear the word path cable, remember...

a patch cable is a straight through cable

802.11a, b, g, n, and ac range

a: 150 feet, b: 300 feet, g: 300 feet, n: 300 feet, ac: 300 feet

802.11a, 802.11b, 802.11g, 802.11n, 802.11ac range

a: 150 feet; b: 300 feet; g: 300 feet; n: 300 feet; ac: 300 feet;

802.11a, b, and g modulation techniques

a: OFDM. b: DSSS. g: OFDM

SSL can work only with

anything using the TCP protocol

Application-level firewalls operate at the __ layer(s) of the OSI model.

application, presentation, and session

RSA is symmetric or asymmetric encryption?

asymmetric

802.11b, g, and n max distances

b and g: 150 feet. n: 300 feet.

A popular hybrid routing protocol that was built by Cisco is the Enhanced Interior Gateway Routing Protocol (EIGRP), which improves upon IGRP by (2)

being a classless routing protocol that supports VLSM and supports both IPv4 and IPv6. EIGRP also has a maximum hop count of 255 hops.

ATM can be used to enhance __ to allow for the transmission of voice, data, and multimedia packets over the same media simultaneously.

broadband ISDN

Most Windows software logs to the __ folder.

c:\windows\system32\logfiles

The following are default locations in Windows that you can use to find log files: Microsoft FTP Server, web server, Windows Clustering,

c:\windows\system32\logfiles\msftpsvc1 directory, c:\windows\system32\logfiles\w3svc1 directory, c:\windows\system32\logfiles\cluster directory,

(dion) Is ISDN circuit or packet switched?

circuit

Is ISDN circuit switched or packet?

circuit switched

Is IGRP classful or classless?

classful

Connecting a switch to a hub uses straight through or crossover?

crossover

Linux uses the __ feature of IPTables to implement port forwarding

destination NAT (DNAT)

T1 is composed of 24 channels that are made up of 64 Kbps bandwidth each, for a total of 1.544 Mbps. Each 64 Kbps channel is referred to as

digital signal level 0 (DS0)

(myers) RADIUS ports

either UDP 1812 and 1813 or UDP 1645 and 1646

The IP Security (IPSec) protocol is used to encrypt all IP traffic once IPSec has been enabled on the system or device. The IPSec protocol uses Encapsulation Security Payload (ESP) to __, Authentication Header (AH) protocol for__, and Internet Key Exchange (IKE) to __.

encrypt traffic; message integrity and authentication; exchange encryption keys between systems

What is 802.3u?

fast ethernet

IPv6 multicast address to send data to all routers on the network.

ff02::2

(Dion) In __, the server is called initiator and the storage is called target

fibre channel

IPv6: There are two types of unicast addresses: (describe and indicate their values). (Also indicate range for multicast and link local)

global and unique local. The global range is 2000::/3 and the unique local is FC00::/7. Global is used for internet routing and unique local is used within private networks. Packets delivered to a unicast address are sent to a single interface on the network, and this is the same in both IPv4 and IPv6. The multicast range in IPv6 is FF00::/8. In IPv6, the link-local addresses are in the FE80::/10 range and are used similarly to APIPA addresses.

Do switches make decisions in hardware or software?

hardware

Many variations of the EAP have developed over time: EAP-TTLS builds on EAP-TLS by

having the capabilities to authenticate both the client and the server, although the client does not need to use certificates for authentication. The server can authenticate the client after a secure channel is set up using the server's certificate.

(dion)alternative command to nslookup on Linux that just returns one line IP address for specified FQDN

host

TACACS+ has been improved over RADIUS from a security standpoint because

it encrypts all information between the TACACS client and the TACACS server, whereas RADIUS encrypts only the password between the RADIUS client and the RADIUS server.

Another example of a distance vector routing protocol is the Interior Gateway Routing Protocol (IGRP). IGRP is a classful routing protocol that was built by Cisco, so you will only use it on networks where you have only Cisco routers. IGRP was designed to improve on RIP limitations; (describe 2)

it has a maximum hop count of 255 and uses the concepts of an autonomous system (AS). An autonomous system is a grouping of routers that share routing table information. Routers using IGRP will only share the routes with other routers in the AS. Another improvement is that the full routing table is advertised every 90 seconds instead of 30 seconds, as is the case with RIP.

What does dig do in Linux?

it's an alternative to nslookup (and host) and does name resolution

(official) A stateful firewall operates at what layer ofthe OSI model?

layer 5 (Session)

802.11n, and ac transfer rates

n 600 Mbps, ac 1 Gbps

Max # of data streams supported by 802.11n and 802.11ac

n: 4. ac: 8

packet-level firewall controls data at what layer(s)?

network and transport

Does 6to4 work with NAT?

no

What is LC4?

password auditor

The Registry files are stored in the __ folder

systemroot\system32\config

Don't knowPPP uses three subprotocols:

the High-Level Data-Link Control (HDLC), network control protocol (NCP), and Link Control Protocol (LCP). HDLC handles data encapsulation, NCP handles network-layer protocols, and LCP handles connection maintenance and testing.

Identify 2 NIC teaming protocols:

the vendor-neutral IEEE 802.3ad specification Link Aggregation Control Protocol (LACP) and the Cisco-proprietary Port Aggregation Protocol (PAgP).

What kind of VPNs are transport mode and tunneling mode appropriate for?

transport for client to site VPNs, tunneling for site to site VPNs

OSPF hop count

unlimited

Is SLIP secure or unsecure?

unsecure

There are a number of different high-availability protocols that can be used to create a high-availability environment for your routers. Two common protocols are: Virtual Router Redundancy Protocol (VRRP): This is an Institute of Electrical and Electronics Engineers (IEEE) protocol that provides high availability to your routers. Because it is an IEEE standard, it is not specific to one router vendor. With VRRP, you create a

virtual router group, and each router performs a role in that group. The active router is known as the master router with VRRP, and one of the benefits of VRRP is that you can have multiple backup routers in the group (HSRP only has one standby router)

(official) in Microsoft's Hyper-V virtualization platform,three types of virtual switches can be created:

• External—Binds to the host's NIC to allow the VM to communicate on the physicalnetwork via a bridge. • Internal—Creates a bridge that is usable only by VMs on the host and the host itself.This type of switch does not permit access to the wider physical network. • Private—Creates a switch that is usable only by the VMs. They cannot use the switchto communicate with the host.

(dion) Application log severity levels:

• Information, Warning, and Error

Describe port types in STP: (3)

▪ Root Port: Every non-root bridge has a single root port. .Port closest to the root bridge in terms of cost .If costs are equal, lowest port number is chosen, -▪ DesignatedPort: .Every network segment has a designated port .Port closest to the root bridge in terms of cost .All ports on root bridge are designated ports -▪ Non-Designated Port: Ports that block traffic to create loop-free topology


Kaugnay na mga set ng pag-aaral

Principles of Supply Chain Management - 3e - Wisner-Tan-Leong

View Set

ASTB Personal Study Guide part 1!

View Set

Head & brain injuries - Chap 45, 946-957

View Set

Google for Education Level 1 Unit 6

View Set

05.00 Thinking Globally Pre-Assessment

View Set

The Entire National Academic Quiz Bowl's "You Gotta Know" List

View Set