CSC 190 LABS

4.9.9 Practice Questions

4.9.9 Practice Questions

You are a network technician for a small consulting firm. Many users have reported issues with accessing the network. After some initial troubleshooting, you discover that devices are not receiving their IP configurations. You look into the issue and discover that the network is being targeted by a denial-of-service attack. Which of the following is your network MOST likely experiencing?

DHCP starvation attack Explanation The network is most likely experiencing a DHCP starvation attack. This attack exhausts all addresses in the DHCP scope, which leads to users being unable to receive their IP configurations. This attack might be a denial-of-service mechanism, or it may be used together with a rogue server to redirect traffic to a malicious computer. DNS is responsible for translating hostnames to IP addresses. A rogue DNS server would not lead to devices not receiving their IP configurations. If a host cannot contact the DHCP server, it's assigned an IP address using Automatic Private IP Addressing (APIPA). This would be a consequence to devices affected by the DHCP starvation attack, but it would not be the cause. An on-path attack occurs when a malicious user intercepts traffic between two devices. This would not lead to devices not receiving their IP configurations.

LESSON 5

LESSON 5

You are the IT administrator for a small corporate network. The company has obtained the registered, globally unique IPv6 /48 network address 2620:14F0:45EA. You need to configure your server with this address so you can begin testing IPv6 in your internal network. This is your first network, so you will use a subnet address of 0001. Your network router is not configured for IPv6 yet, so you must manually configure the address for now. To simplify the configuration, use the server's IPv4 address to create the interface ID. In this lab, your task is to: Configure the external vEthernet network adapter with the following IPv6 address: -Prefix: 2620:14F0:45EA:0001 -Interface ID: 192:168:0:10 -Subnet prefix length: 64 Use ipconfig to verify the information.

1. Access the Network Connections window. -Right-click Start and then select Settings. -Select Network & Internet. -From the right pane, select Change adapter options. 2. Configure the external vEthernet network adapter. -Right-click the vEthernet (external) adapter and select Properties. -Select Internet Protocol Version 6 (TCP/IPv6). -Select Properties. -Select Use the following IPv6 address and configure the settings as follows: IPv6 address: 2620:14F0:45EA:0001:192:168:0:10Subnet prefix length: 64 -Select OK. -Select Close. 3. Verify the IPv6 address. -Right-click Start and select Windows PowerShell (Admin) to verify the address configuration. -At the prompt, type ipconfig /all and press Enter view the IPv6 Address. (*important between ipconfig and /all is a space.

6.2.5 Configure Network Security Appliance Access You are the security analyst for a small corporate network. You are currently using pfSense as your security appliance. In this lab, your task is to complete the following: Using Google Chrome, sign into pfSense using the following case-sensitive information: URL:http://198.28.56.22 Username: admin Password: pfsense -Change the password for the default pfSense account (admin) to P@ssw0rd (0 = zero). -Create a new administrative user with the following parameters: Username: lyoung Password: C@nyouGuess!t Full name: Liam Young Group membership: admins Set a session timeout of 20 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP.

1. Access the pfSense management console. -From the taskbar, select Google Chrome. -Maximize the window for better viewing. -In the Google Chrome address bar, enter 198.28.56.22 and then press Enter. -Enter the pfSense sign-in information as follows: Username: admin Password: pfsense Select SIGN IN. 2. Change the password for the default (admin) account. -From the pfSense menu bar, select System > User Manager.as t -For the admin account, under Actions, select the Edit user icon (pencil). -For Password, change to P@ssw0rd (0 = zero). -Enter P@ssw0rd in the Confirm Password field. -Scroll to the bottom and select Save. 3. Create and configure a new pfSense user. -Select Add. -Enter lyoung as the username. -Enter C@nyouGuess!t in the Password field. -Enter C@nyouGuess!t in the Confirm Password field. -Enter Liam Young in Full Name field. -For Group membership, select admins and then select Move to "Member of" list. -Scroll to the bottom and select Save. 4. Set a session timeout for pfSense. -Under the System breadcrumb, select Settings. -For Session timeout, enter 20. -Select Save. 5. Disable the webConfigurator anti-lockout rule for HTTP. -From the pfSense menu bar, select System > Advanced. -Under webConfigurator, for Protocol, select HTTP. -Scroll down and select Anti-lockout to disable the webConfigurator anti-lockout rule. -Scroll to the bottom and select Save.

6.2.6 Configure a Security Appliance You are an IT security administrator for a small corporate network. To increase security, you have installed the pfSense security appliance on the network. Now you need to configure the device. In this lab, your task is to configure pfSense as follows: Sign in to pfSense using the following case-sensitive information: -Username: admin -Password: P@ssw0rd (0 = zero) Configure the DNS servers as follows: Primary DNS server: 163.128.78.93 - Hostname: DNS1 Secondary DNS server: 163.128.80.93 - Hostname: DNS2 Configure the WAN IPv4 information as follows: Enable the interface. Use a static IPv4 address of 65.86.24.136/8 Add a new gateway using the following information: Type: Default gateway Name: WANGatewayI P address: 65.86.1.1

1. Access the pfSense management console. a. Sign in using the following case-sensitive information: -Username: admin -Password: P@ssw0rd (zero). b. Select SIGN IN or press Enter. 2. Configure the DNS servers. a. From the pfSense menu bar, select System > General Setup. b. Under DNS Server Settings, configure the primary DNS server. -Address: 163.128.78.93 -Hostname: DNS1 -Gateway: None c. Select Add DNS Server to add a secondary DNS server and then configure it. Address: 163.128.80.93 Hostname: DNS2 Gateway: None d. Scroll to the bottom and select Save. 3. Configure the WAN settings. -From pfSense menu bar, select Interfaces > WAN. -Under General Configuration, select Enable interface. -Use the IPv4 Configuration Type drop-down to select Static IPv4. -Under Static IPv4 Configuration, in the IPv4 Address field, use 65.86.24.136 -Use the IPv4 Address subnet drop-down to select 8. -Under Static IPv4 Configuration, select Add a new gateway. Configure the gateway settings as follows: -Default: select Default gateway -Gateway name: WANGateway -Gateway IPv4: 65.86.1.1 -Select Add. -Scroll to the bottom and select Save. -Select Apply Changes.

7.4.9 Secure Access to a Switch You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by restricting access management. In this lab, your task is to: Create an access profile named MgtAccess and configure it with the following settings1.

1. Create and configure an Access Profile named MgtAccess -From the left pane, expand and select Security > Mgmt Access Method > Access Profiles. -Select Add. -Enter the Access Profile Name of MgtAccess. -Enter the Rule Priority of 1. -For Action, select Deny. -Select Apply and then select Close. 2. Add a profile rule to the MgtAccess profile -From the left pane, under Security > Mgmt Access Method, select Profile Rules. -From the right pane, select the MgtAccess profile and then select Add. -Enter a Rule Priority of 2. -For Management Method, select HTTP. -For Applies to Source IP Address, select User Defined. -For IP Address, enter 192.168.0.10. -For Mask, enter a Network Mask of 255.255.255.0. -Select Apply and then select Close. 3. Set the MgtAccess profile as the active access profile. -From the left pane, under Security > Mgmt Access Method, -select Access Profiles. -Use the Active Access Profile drop-down list to select MgtAccess. -Select Apply. -Select OK. 4. Save the changes to the switch's startup configuration file. -At the top, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK.

7.1.6 Secure a Switch You are the IT security administrator for a small corporate network. You need to secure access to your switch, which is still configured with the default settings. Create a new user account with the following settings: Username: ITSwitchAdmin Password: Admin$only1844 User Level: Read/Write Management Access (15) Edit the default user account as follows: Username: cisco Password: CLI$only1958 User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file.

1. Log in to the CISCO switch -From the taskbar, select Google Chrome. -In the URL field, enter 192.168.0.2 and press Enter. -Maximize the window for easier viewing. -In the Username and Password fields, enter cisco (case sensitive). -Select Log In. 2. Create a new user account. -Under Quick Access on the Getting Started menu, select Change Device Password. -Select Add. -For the username, enter ITSwitchAdmin (case sensitive). -For the password, enter Admin$only1844 (case sensitive). -For Confirm Password, enter Admin$only1844. -For User Level, make sure Read/Write Management Access (15) is selected. -Select Apply. -Select Close. 3. Edit the default user account. -Under the User Accounts table, select cisco (the default user) and then select Edit. -For Password, enter CLI$only1958. -For Confirm Password, enter CLI$only1958. -For User Level, select Read-Only CLI Access (1). -Select Apply. 4. Save the changes to the switch's startup configuration file. -From the top of the switch window, select Save. -Under Source File Name, make sure Running configuration is selected. -Under Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done.

7.4.6 Disable Switch Ports - GUI As an important IT initiative, you are exploring opportunities to decrease the vulnerability of your network. You wish to harden your switch by disabling any unused ports. om Google Chrome, access the switch console as follows: Site: 192.168.0.2 Username: cisco Password: cisco

1. Log in to the CISCO switch. -In the Google Chrome URL field, enter 192.168.0.2 and press Enter. -Maximize the window for better viewing. -In the Username and Password fields, enter cisco (case sensitive). -Select Log In. 2. Disable port GE15. -From the left navigation bar, expand and select Port Management > Port Settings. -Select GE15 (port 15) and then select Edit. -For Administrative Status, select Down. -Select Apply. -Select Close. 3. Copy GE15 port settings to ports 18 and 21-27. -Select GE15 and then select Copy Settings. -Type 18,21-27 in the To: field. -Select Apply. 4. Save the changes to the switch's startup configuration file. -From the upper right of the switch window, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done.

7.3.12 Configure Port Mirroring As a network administrator, you need to mirror (copy) all network traffic received on a particular port on your switch so you can analyze the traffic using your intrusion detection system (IDS) for any abnormalities. In this lab, your task is to complete the following: From Google Chrome, access the switch console as follows: Site: 192.168.0.2 Username: cisco (case-sensitive) Password: cisco (case-sensitive) Assign port GE26 to VLAN 1. Mirror the received traffic from port GE28 to port GE26. Save the changes to the switch's startup configuration file.

1. Log in to the Cisco switch -Maximize the Google Chrome window for better viewing. -In the Username and Password fields, enter cisco (case---sensitive). -Select Log In. 2. Assign port GE26 to VLAN 1 -From the left pane, expand and select VLAN Management > Port VLAN Membership. -Select GE26 and then select Join VLAN. -From the left pane, under Select VLAN, select 1 (for VLAN 1). -Select > to move VLAN 1 from the available pane to the attached VLAN pane. -Select Apply and then select Close. 3. Mirror the received traffic from port GE28 to port GE26. -From the left pane, expand and select Administration > Diagnostics > Port and VLAN Mirroring. -Select Add. -For the Destination Port, use the drop-down list to select GE26. -For the Source Interface, use the drop-down list to select GE28. -For the Type, make sure that Rx only is selected. This allows you to only mirror the incoming packets. -Select Apply and then select Close. 4. Save the changes to the switch's startup configuration file. -From the upper right of the switch window, select Save. -For the Source File Name, make sure Running configuration is selected. -For the Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done.

7.2.4 Configure Switch IP and VLAN - GUI After installing your Cisco switch, you would like to assign it a static IPv4 address and change the default VLAN used. In this lab, your task is to: Access the switch console using Google Chrome and the following: information: Site: 192.168.0.2 Username: cisco Password: cisco (case-sensitive) Configure an IPv4 static IP address for VLAN 1 using the following: IP address: 192.168.45.72 Network mask: 255.255.255.0 Administrative default gateway: 192.168.45.1 Change the switch's default VLAN ID to 16. Save the changes to the switch's startup configuration file. Reboot the switch

1. Log in to the Cisco switch. -In the Google Chrome URL field, type 192.168.0.2 and press Enter. -Maximize the window for better viewing. -In the Username and Password fields, enter cisco (case-sensitive). -Select Log In. 2. Assign a static IPv4 address to VLAN 1. -From the left navigation pane, expand and select Administration > Management Interface > IPv4 Interface. -From the right pane, for IP Address Type, select Static. -Configure the IPv4 interface as follows: IP address: 192.168.45.72 Mask: 255.255.255.0 Administrative Default Gateway: 192.168.45.1 -Select Apply. -Select OK. The switch will automatically log you out. 3. Log in to the Cisco switch. -In the Username and Password fields, enter cisco (case-sensitive). -Select Log In. 4. Change the default VLAN ID for the switch to VLAN 16. -From the left pane, expand and select VLAN Management > Default VLAN Settings. -Set Default VLAN ID After Reboot to 16. -Select Apply and then select OK. 5.Save the changes to the switch's startup configuration file. -From the upper right of the switch window, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done. 6. Reboot the switch for changes to take effect. -From the left pane, expand and select Administration > Reboot. -From the right pane, select Reboot. -Select OK. -Wait for the switch to restart. -From the upper right, select Score Lab.

7.4.8 Harden a Switch You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet. Shut down the unused ports. Configure the following Port Security settings for the used ports: Interface Status: Lock Learning Mode: Classic Lock Action on Violation: Discard

1. Shut down the unused ports. -Under Initial Setup, select Configure Port Settings. -Select the GE2 port. -Scroll down and select Edit. -For Administrative Status, select Down. -Scroll down and select Apply. -Select Close. -With the GE2 port selected, scroll down and select Copy Settings. -In the Copy configuration field, enter the remaining unused ports. Use the examples shown in the UI as a guide. -Select Apply. From the Port Setting Table in the Port Status column, you can see that all the ports are down now. 2. Configure the Port Security settings. -From the left menu, expand and select Security > Port Security. -Select the GE1 port. -Scroll down and select Edit. -For Interface Status, select Lock. -For Learning Mode, make sure Classic Lock is selected. -For Action on Violation, make sure Discard is selected. -Select Apply. -Select Close. -Scroll down and select Copy Settings. -Enter the remaining used ports. Use the examples shown in the UI as a guide. -Select Apply.

6.4.4 Implement Intrusion Prevention You work as the IT security administrator for a small corporate network. In an effort to protect your network from security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface. In this lab, your task is to use pfSense's Snort to complete the following: Sign in to pfSense using the following:Username: adminPassword: P@ssw0rd (zero) Configure the following rules to be downloaded:Snort free registered User rulesOinkmaster code: 992acca37a4dbd7Snort GPLv2 Community rulesEmerging Threats Open rulesSourcefire OpenAppID DetectorsAPPID Open rules Configure rule updates to happen every 4 days at 12:10 a.m.Hide any deprecated rules. Block offending hosts for 1 day. Send all alerts to the system log when Snort starts and stops. Assign Snort to the WAN interface using Snort-WAN as the description.Include:Sending alerts to the system log.Automatically blocking hosts that generate a Snort alert. Start Snort on the WAN interface.

1. Sign in to the pfSense management console. -In the Username field, enter admin. -In the Password field, enter P@ssw0rd (zero). -Select SIGN IN or press Enter. 2. Access Snort Global Settings. -From the pfSense menu bar, select Services > Snort. -Under the Services breadcrumb, select Global Settings. 3. Configure the required rules to be downloaded. -Select Enable Snort VRT. -In the Snort Oinkmaster Code field, enter 992acca37a4dbd7. You can copy and paste this from the scenario. -Select Enable Snort GPLv2. -Select Enable ET Open. 4. Configure the Sourcefire OpenAppID Detectors to be downloaded. -Under Sourcefire OpenAppID Detectors, select Enable OpenAppID. -Select Enable RULES OpenAppID. 5. Configure when and how often the rules will be updated. -Under Rules Update Settings, use the Update Interval drop-down menu to select 4 DAYS. -For Update Start Time, change to 00:10 (12:10 a.m. in 24-hour format). -Select Hide Deprecated Rules Categories. 6. Configure Snort General Settings. -Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 Day. -Select Startup/Shutdown Logging. -Select Save. 7. Configure the Snort Interface settings for the WAN interface. -Under the Services breadcrumb, select Snort Interfaces and then select Add. -Under General Settings, make sure Enable interface is selected. -For Interface, use the drop-down menu to select WAN (CorpNet_pfSense_L port 1). -For Description, use Snort-WAN. -Under Alert Settings, select Send Alerts to System Log. -Select Block Offenders. -Scroll to the bottom and select Save. 8. Start Snort on the WAN interface. -Under the Snort Status column, select the arrow to start Snort. -Wait for a checkmark to appear, indicating that Snort was started successfully.

7.6.4 Configure NAT You are the IT administrator for a small corporate network. One of your assignments is to manage several computers in the demilitarized zone (DMZ), or screened subnet. However, your computer resides on the LAN network. To manage these machines remotely, you have decided to configure your pfSense device to allow several remote control protocols to pass through the pfSense device using NAT port forwarding.

1. Sign in to the pfSense management console. -In the Username field, enter admin. -In the Password field, enter P@ssw0rd (zero). -Select SIGN IN or press Enter. 2. Configure NAT port forwarding for the administrator's PC. -From the pfSense menu bar, select Firewall > NAT. -Select Add (either one). -Configure or verify the following settings *Interface: LAN *Protocol: TCP *Destination type: LAN address *Destination port range (From and To): MS RDP *Redirect target IP: 172.16.1.100 *Redirect target port: MS RDP *Description: RDP from LAN to Admin -Select Save. 3. Configure NAT port forwarding for the Kali Linux ---server. -Select Add (either one). -Configure or verify the following settings: *Interface: LAN *Protocol: TCP *Destination type: LAN address *Destination port range (From and To): SSH *Redirect target IP: 172.16.1.6 *Redirect target port: SSH *Description: SSH from LAN to Kali -Select Save 4. Configure NAT port forwarding for the web server. -Select Add (either one). -Configure or verify the following settings: *Interface: LAN *Protocol: TCP *Destination type: LAN address Destination port range (From and To): Other *Custom (From and To) 5151 *Redirect target IP: 172.16.1.5 *Redirect target port: MS RDP *Description: RDP from LAN to web server using custom port -Select Save. -Select Apply Changes.

6.3.4 Configure a Screened Subnet (DMZ) You are the IT administrator for a small corporate network. You want to make a web server that runs services accessible from the internet. To help protect your company, you want to place this server and other devices in a screened subnet, or demilitarized zone (DMZ). This DMZ and server need to be protected by the pfSense Security Gateway Appliance (pfSense). Since a few of the other devices in the DMZ require an IP address, you have also decided to enable DHCP on the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console: -Username: admin -Password: P@ssw0rd (zero) Add a new pfSense interface that can be used for the DMZ. -Use DMZ as the interface name. -Use a static IPv4 address of 172.16.1.1/16. Add a firewall rule for the DMZ interface that allows all traffic from the DMZ. -Use Allow DMZ to any rule as the description. Configure and enable the DHCP server for the DMZ interface. -Use a range of 172.16.1.100 to 172.16.1.200.

1. Sign into the pfSense management console. -Enter admin in the Username field. -In the Password field, enter P@ssw0rd (0 = zero). -Select SIGN IN or press Enter. 2. Configure an interface for the DMZ From the pfSense menu bar, select Interfaces > Assignments. Select Add. Select OPT1. Select Enable interface. Change the Description field to DMZ Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4. Under Static IPv4 Configuration, change the IPv4 Address field. to 172.16.1.1 Use the Subnet mask drop-down menu to select 16. Select Save. Select Apply Changes. (Optional) Verify the change as follows *From the menu bar, select pfsense COMMUNITY EDITION. *Under Interfaces, verify that the DMZ is shown with the correct IP address. 3. Add a firewall rule to the DMZ interface that allows all traffic from the DMZ. From the pfSense menu bar, select Firewall > Rules. Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.) Select Add (either one).For the Action field, make sure Pass is selected. For the Interface field, make sure DMZ is selected. For the Protocol, use the drop-down menu to select Any. Under Source, use the drop-down menu to select DMZ net. Under Destination, make sure it is configured for any. Under Extra Options, enter Allow DMZ to any rule as the description. Scroll to the bottom and select Save. Select Apply Changes. 4. Configure pfSense's DHCP server for the DMZ interface. From the menu bar, select Services > DHCP Server. Under the Services breadcrumb, select DMZ. Select Enable to enable DHCP server on the DMZ interface. Configure the Range field as follows: From: 172.16.1.100 To: 172.16.1.200 -Scroll to the bottom and select Save.

Configure NTP You are a network technician for a small corporate network. You would like to use NTP to synchronize time on you network. You are currently logged in as the root user. On the CorpData server, your task is to: -Use the dnf package manager to install the NTP service. -Use the systemctl utility to verify that the NTP service is running. -Answer Question 1. Find the IP address of the NTP server. -Answer Question 2. On the Exec computer, your task is to: -Add the NTP server as a time source using the following command:w32tm /config /manualpeerlist:[servers_ip_address],0x8 /syncfromflags:MANUAL /update -Verify that the Exec computer is using the NTP server for time synchronization using the following command:w32tm /query /status

1.Install the NTP service on the CorpData server. -Under Networking Closet, select CorpData. -In the console, type dnf install ntp and then press Enter to begin the installation process. -Type y and press Enter to install the NTP package. 2. Verify that the NTP service is running. -Type systemctl status ntp and press Enter. From the top left, select Answer Questions. Answer Question 1. (answer is Active (running). 3. Find the NTP server's IP address. -Type ip addr show | more to view the NTP server's IP address. -Answer Question 2. (answer is 192.168.0.24) 4. Add the NTP server as a time source for the Exec computer. -From the top left, select Floor1. -Under Executive Office, select Exec. -Right-click Start and select Windows PowerShell (Admin). -Configure Exec to use the NTP server with the following command:w32tm /config /manualpeerlist:192.168.0.24,0x8 /syncfromflags:MANUAL /update (important * place space before / any slash) 5. Verify that the Exec computer is using the NTP server for time synchronization. -In the console, type w32tm /query /status and then press Enter. (important * place space before / any slash) -Select Score Lab.

You administer a network with Windows Server 2016, UNIX servers, and Windows 10 Professional, Windows 8, and Macintosh clients. A Windows 8 computer user calls you one day and says that he is unable to access resources on the network. You type ipconfig on the user's computer and receive the following output: 0 Ethernet adapter: IP address. . . . . . . . . : 169.254.1.17Subnet Mask . . . . . . . . : 255.255.0.0Default Gateway . . . . . . : You also check your NIC and see that the link light is on. What might the problem be in this scenario?

An unavailable DHCP server Explanation If a Windows 8 client computer is configured to use DHCP and can't locate one to receive IP addressing information, it assigns itself an IP address from the APIPA (Automatic Private IP Addressing) range of IP addresses. APIPA addresses include IP addresses from 169.254.0.0 to 169.254.255.254 and are reserved for this purpose. A lit link light on your NIC indicates a connection to the network.

You are the network administrator for a consulting firm. Your network consists of: 40 desktop computers Two servers Three network switches Two network printers You've been alerted to an issue with two desktop computers that are having problems communicating with the network. When only one computer is on, everything is fine. But when both computers are connected, the network connection is randomly dropped or interrupted. Which of the following would be the MOST likely cause for this?

Duplicate MAC Addresses Explanation The most likely cause for the issue in this scenario is that both computers have the same MAC address. This address is unique, so there shouldn't be duplicate addresses on a network. However, it is possible for two hosts to have the same MAC address due to spoofing, a mistake during manufacturing, or if users choose a self-assigned address instead of the vendor-assigned hardware address. If two computers have the same MAC address, reaching either host will be inconsistent and can cause other problems as well. DNS is responsible for translating hostnames to IP addresses. A rogue DNS server would not cause the issues experienced in this scenario. Exhausted DHCP scope means that all the addresses within the DHCP scope were depleted. Consequently, a legitimate user is denied an IP address requested through DHCP and isn't able to access the network. This would not cause the issues experienced in this scenario. The gateway is responsible for routing traffic between networks. This would not cause the issues experienced in this scenario.

LAB 5.1.5 Reconnect to an Ethernet Network

EXPLANATION Complete this lab as follows: 1. Add the 1000Base TX adapter to the Office 2 computer. a. Above the computer, select Motherboard to switch to the motherboard view of the computer. b. Under Shelf, expand Network Adapters. Identify the network adapter that has the fastest Ethernet speed. c. Under Shelf, drag the Network adapter, Ethernet 1000BaseTX, PCIe network adapter to a free PCIe slot on the computer. 2. Connect the computer to the network. a. Above the computer, select Back to switch to the back view of the computer. b. Drag the RJ45 Shielded Connector from the motherboard's NIC to the port of the 1000BaseTX network adapter. 3. Verify the connection to the local network and the internet. a. Above the computer, select Front to switch to the front view of the computer. b. Select the power button on the computer case. Wait for the operating system to start. c. Right-click Start and then select Settings. d. Select Network & Internet. The diagram should indicate an active connection to the home network and the internet.

You are a network technician for a small consulting firm. One of your users is complaining that they are unable to connect to the local intranet site. After some troubleshooting, you've determined that the intranet site can be connected to by using the IP address but not the hostname. Which of the following would be the MOST likely reason for this?

Incorrect DNS settings Explanation In this scenario, the most likely cause would be incorrect DNS settings. Since you can connect to the intranet site using the IP address but not the hostname, this points to a DNS issue. None of the other options would be an issue here since you're able to connect to the intranet site with the IP address.

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation cannot communicate with any other host on the network. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix. : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled. . . . . . . : NoAutoconfiguration Enabled . . : YesIPv4 Address. . . . . . . : 192.168.2.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.2.20 What is the MOST likely cause of the problem?

Incorrect IP address Explanation In this example, the IP address assigned to the host is on the wrong subnet. The host address is on the 192.168.2.0/24 subnet, but the other devices are using addresses on the 192.168.1.0 subnet (the scenario states that you're connecting the workstation to this subnet).

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask . . . . . . . : 255.255.255.0Default Gateway. . . . . . . . . : 192.168.2.1DNS Servers. . . . . . . . . . . : 192.168.2.20 What is the most likely cause of the problem?

Incorrect default gateway Explanation In this example, the default gateway address is incorrect. The default gateway address must be on the same subnet as the IP address for the host. The host address is on the 192.168.1.0/24 subnet, but the default gateway address is on the 192.168.2.0 subnet.

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet. This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following: Ethernet adapter Local Area Connection:Connection-specific DNS Suffix . : mydomain.localDescription . . . . . . . : Broadcom network adapterPhysical Address. . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4 Address . . . . . . . : 192.168.1.102(Preferred)Subnet Mask. . . . . . . . : 255.255.0.0Default Gateway . . . . . . : 192.168.1.1DNS Servers . . . . . . . : 192.168.1.20192.168.1.27 What is the MOST likely cause of the problem?

Incorrect subnet mask

7.3.8 Enable Jumbo Frame Support As a network administrator, you have just implemented a SAN storage device on your network, and you would now like to enable your switch to handle jumbo frames. From Google Chrome, access the switch console as follows: Site: 192.168.0.2 Username: cisco Password: cisco (case sensitive)

Q1 How many combined Undersize Packets, Oversize Packets, Fragments, Jabbers, and Collisions are there? 0 Q2 True or False: Now that Jumbo Frames is enabled, network devices should also be configured to use Jumbo Frames or have a frame size larger than 1500 bytes. True 1. Log in to the CISCO switch -Maximize the Google Chrome window for better viewing. -In the Username and Password fields, enter cisco (the password is case sensitive). -Select Log In. 2. Enable Jumbo Frames. -From the left pane, expand and select Port Management > Port Settings. -For Jumbo Frames, select Enable. -Select Apply. 3. Save the changes to the switch's startup configuration file. -From the upper right of the switch window, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done. 4. Reboot the switch. -From the left pane, under Administration, select Reboot. -Select Reboot to reboot the switch immediately. -Select OK. 5. Log in to the Cisco switch and check switch statistics for any errors. -In the Username and Password fields, enter cisco (the password is case sensitive). -Select Log In. -From the left pane, expand and select Status and Statistics > RMON > Statistics. -For Interface, use the drop-down list to select GE28. -Review the statistics for Undersize, Oversize, Jabbers, and Collisions. -From the top right, select Answer Questions. -Answer the questions. -Select Score Lab.

7.3.14 Configure PoE You have purchased a new Power over Ethernet (PoE) security camera and have plugged it in to port 23 on your Cisco switch. You need to make sure that this security camera has power and has critical priority on the switch. In this lab, your task is to complete the following:

Q1 How many watts of power is the security camera currently using? 10 Q2 How many watts of power are available in the switch for PoE devices? 170 1. Log in to the Cisco switch. -Maximize the Google Chrome window for better viewing. -In the Username and Password fields, enter cisco (case-sensitive). -Select Log In. 2. Examine the Power over Ethernet (PoE) switch settings. -From the left pane, expand and select Port Management > PoE > Properties. -Select Class Limit. -From the top right, select Answer Questions. -Select Apply. -Answer the questions. -Minimize the Lab Questions dialog. 3. Configure the PoE priority for port GE23 to be Critical. -From the left pane, under PoE, select Settings. -From the right pane, select port GE23 and click Edit. -For Power Priority Level, select Critical. -Select Apply. -Select Close. 4. Save the changes to the switch's startup configuration file. -From the upper right of the switch window, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done. 5. Score the lab. -From the top right, select Answer Questions. -Select Score Lab.

7.3.4 Configure Trunking As a network administrator, you are setting up a new switch, and you need to configure trunking. You need to secure access to your switch, which is still configured with the default settings. In this lab, your task is to complete the following: From Google Chrome, access the switch console using the following: Site: 192.168.0.2 sername: cisco Password: cisco Examine the default settings of all your ports. Answer Question 1. Set ports GE1 - GE26 to Access Mode. Set ports GE27 and GE28 to a port VLAN ID (PVID) of 2. Add VLANs 22, 44, and 67 to ports GE27 and GE28. Save the changes to the switch's startup configuration file.

Q1 What is the default Interface VLAN mode? trunk 1. Log in to the CISCO switch -From the taskbar, select Google Chrome. -In the URL field, enter 192.168.0.2 and press Enter. -Maximize the window for better viewing. -In the Username and Password fields, enter cisco (the password is case sensitive). -Select Log In. 2. Examine the switch port defaults -From the left navigation bar, expand and select VLAN Management > Interface Settings. -Using the interface shown in the right pane, examine the settings for all ports. -From the upper right, select Answer Questions. -Answer Question 1. -Minimize the Lab Questions dialog. 3. Set ports GE1 through GE26 to Access Mode -From the Interface Settings pane, select GE1. -Select Edit. -Maximize the window for better viewing. -For Interface VLAN Mode, select Access. -Select Apply and then select Close. -With GE1 still selected, click Copy Settings. -In the to field, type 2-26 and then select Apply. Notice that under the Interface VLAN Mode column, ports GE1-GE26 are now set to Access. 4. Set the port VLAN ID (PVID) for ports GE27-GE28 to the value of 2. -Select the desired port and then select Edit. -For the Administrative PVID, enter 2. -Select Apply and then Close. -Repeat steps 4a - 4c for the second port. 5. Add VLANs 22, 44, and 67 to ports GE27 and GE28. From the left pane, under VLAN Management, select Port VLAN Membership. Select port GE27 and then select Join VLAN. -From the new window, hold down the Shift key and select VLANs 22, 44, and 67; then select the > button to assign the VLANs. -Select Apply and then select Close. -Repeat steps 5b - 5d for port GE28. 6. Save the changes to the switch's startup configuration file. -From the top of the switch window, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done. 7. Score the lab. -From the upper right, select Answer Questions. -Select Score Lab.

7.5.10 Configure QoS You are the IT administrator for a small corporate network. Several employees have complained of slow internet bandwidth. You have discovered that the user stations on the guest Wi-Fi network are consuming much of your company's bandwidth. You have decided to use pfSense's Traffic Shaper wizard to create the various rules needed to better control the bandwidth usage and to fine-tune the priority for the type of traffic used on your guest Wi-Fi network. Your network has one LAN and one WAN. In this lab, your task is to complete the following:

Q1How many firewall rules were created? 7 1. Sign in to the pfSense management console -In the Username field, enter admin. -In the Password field, enter P@ssw0rd (0 = zero). -Select SIGN IN or press Enter. 2. Create a high bandwidth usage alias -From the pfSense menu bar, select Firewall > Aliases. -Select Add. -Configure the Properties as follows: *Name: HighBW *Description: High bandwidth users *Type: Host(s) -Add the IP addresses of the offending computers to the host(s) configuration as follows: *Under Host(s), in the IP or FQDN field, enter 172.14.1.25 for Vera's system. *Select Add Host. *In the new IP or FQDN field, enter 172.14.1.100 for Paul's system. -Select Save. -Select Apply Changes. 3. Start the Traffic Shaper wizard for dedicated links -From the pfSense menu bar, select Firewall > Traffic Shaper. -Under the Firewall bread crumb, select Wizards. -Select traffic_shaper_wizard_dedicated.xml. -Under Traffic Shaper wizard, in the Enter number of WAN type connections field, enter 1 and then select Next. 4. Configure the Traffic Shaper. -Make sure you are on Step 1 of 8. -Using the drop-down menu for the upper Local interface, select GuestWi-Fi. -Using the drop-down menu for lower Local interface, make sure PRIQ is selected. -For the upper Upload field, enter 8. -Using the drop-down menu for the lower Upload field, select Mbit/s. -For the top Download field, enter 50. -Using the drop-down menu for the lower Download field, select Mbit/s. -Select Next. 5. Prioritize voice over IP traffic -Make sure you are on Step 2 of 8. -Under Voice over IP, select Enable to prioritize the voice over IP traffic. -Under Connection #1 parameters, in the Upload rate field, enter 10. -Using the drop-down menu for the top Units, select Mbit/s. For the Download rate, enter 20. -Using the drop-down menu for the bottom Units, select Mbit/s. -Select Next. 6. Enable and configure a penalty box. -Make sure you are on Step 3 of 8. -Under Penalty Box, select Enable to enable the penalize IP or alias option. -In the Address field, enter HighBW. This is the alias created earlier. -For Bandwidth, enter 3. -Select Next. 7. Continue to step 6 of 8. -For Step 4 of 8, scroll to the bottom and select Next. -For Step 5 of 8, scroll to the bottom and select Next. 8. Raise and lower the applicable application's priority. -Make sure you are on Step 6 of 8. -Under Raise or lower other Applications, select Enable to enable other networking protocols. -Under Remote Service / Terminal emulation, use the: *MSRDP drop-down menu to select Higher priority. *VNC drop-down menu to select Higher priority. -Under VPN: *Use the PPTP drop-down menu to select Higher priority. *Use the IPSEC drop-down menu to select Higher priority. -Scroll to the bottom and select Next. -For step 7 of 8, select Finish. Wait for the reload status to indicate that the rules have been created (look for Done). 9. View the floating rules created for the firewall. -Select Firewall > Rules. -Under the Firewall breadcrumb, select Floating. -From the top right, select Answer Questions. -Answer the question and then minimize the question dialog. 10. Change the port number used for the MSRDP outbound rule. -For the m_Other MSRDP outbound rule, select the edit icon (pencil). -Under Edit Firewall Rule, in the Interface field, select GuestWi-Fi. -Under Destination, use the Destination Port Range drop-down menu to select Other. -In both Custom fields, enter 3391. -Select Save. -Select Apply Changes. -From the top right, select Answer Questions. -Select Score Lab.

7.3.6 Configure Port Aggregation As a network administrator, you have decided to implement port aggregation and combine multiple ports on your switch to increase throughput and provide redundancy with automatic fail-over and fail-back. From Google Chrome, access the switch console using the following: Site: 192.168.0.2 Username: cisco (case-sensitive) Password: cisco (case-sensitive) Create a new Link Aggregation Group (LAG1) named windows_server. Enable the Link Aggregation Control Protocol (LACP). Assign ports GE1 and GE2 as LAG members. Configure LAG1 to the VLAN mode of access. Join LAG1 to VLAN13. Verify the status of the new LAG1 group. Answer the questions. Save the changes to the switch's startup configuration file.

Q1What is the current link state for LAG1? Link Up Q2What are the active members of LAG1? GE1, GE2 1. Log in to the Cisco switch -In the Username and Password fields, enter cisco (case-sensitive). -Select Log In. 2. Create a new Link Aggregation Group (LAG1) -From the left pane, expand and select Port Management > Link Aggregation > LAG Management. -From the right pane, select LAG 1 and then select Edit. -In the LAG Name field, type windows_server. -Select LACP to enable the Link Aggregation Control Protocol (LACP). -Under Port List, press and hold the Shift key; then select GE1 and GE2. -Select > to add the ports to the LAG Members pane. -Select Apply. -Select Close. 3. Configure LAG1 to the VLAN mode of access. -From the left pane, expand and select VLAN Management > Interface Settings. -Using the Filter: Interface Type equals to drop-down menu, -select LAG and then select Go. -Select LAG1 and then select Edit. -For Interface VLAN Mode, select Access. -Select Apply. -Select Close 4. Join LAG1 to VLAN13. -From the left pane, expand and select VLAN Management > Port VLAN Membership. -Using the Filter: Interface Type equals to drop-down menu, ---select LAG and then select Go. Select LAG1 and then select Join VLAN. -Under Select VLAN, from the right pane, select 1U and then select < to remove VLAN1. -From the left pane, select VLAN13; then select > to add the VLAN to the selected VLANs pane. -Select Apply. -Select Close. 5. Verify the status of the new LAG1 group -From the left navigation bar, expand and select Port Management > Link Aggregation > LAG Management. -From the top right, select Answer Questions. -Answer the questions. This connection is now ready to use LACP. -Minimize the Lab Questions window. 6. Save the changes to the switch's startup configuration files -From the upper right of the switch window, select Save. -For Source File Name, make sure Running configuration is selected. -For Destination File Name, make sure Startup configuration is selected. -Select Apply. -Select OK. -Select Done. -From the top right, select Answer Questions. -Select Score Lab.

You are a network technician for a small consulting firm. Many users have reported issues with accessing the network. After some initial troubleshooting, you discover that many devices have the same IP address assigned or incorrect IP configurations. Which of the following would be the MOST likely cause for this?

Rogue DHCP server Explanation In this scenario, a rogue DHCP server would be the most likely cause for the duplicate and incorrect IP configurations. A rogue DHCP server is an unauthorized DHCP server. When a rogue DHCP server exists on a network, some hosts will receive configuration information from the correct DHCP server and others from the rogue one. This will lead to conflicting and incorrect IP configurations. Exhausted DHCP scope means that all the addresses within the DHCP scope were depleted. Consequently, a legitimate user is denied an IP address requested through DHCP and isn't able to access the network. This would not cause duplicate or incorrect IP configurations. The gateway is responsible for routing traffic between networks. This would not cause duplicate or incorrect IP configurations. DNS is responsible for translating hostnames to IP addresses. This would not cause duplicate or incorrect IP configurations.

You are a network technician for a small consulting firm. One of your responsibilities is to manage the intranet site and configuration. You recently had to update the site's IP mapping due to a server upgrade. A user is having an issue with connecting to the intranet site now. When the user attempts to connect through their web browser, they receive a message that the page cannot be displayed. If you type in the IP address, the page loads fine. Which of the following commands should you use to fix this issue?

ipconfig /flushdns Explanation In this scenario, the best option is to run the ipconfig /flushdns command. This will remove all entries from the device's DNS resolver cache and force the computer to update the DNS mappings the next time the user attempts to connect to the intranet site. ipconfig /registerdns refreshes all DHCP leases and re-registers DNS names. This command would not fix this user's issue. ipconfig /displaydns displays the contents of the DNS resolver cache. This command would not fix this user's issue. ipconfig /release clears the current IP configuration. This command would not fix this user's issue.

Which two commands do you use to force a new IP configuration?

ipconfig /renew ipconfig /release Explanation To force a computer to receive a new IP configuration, you use the ipconfig /release command followed by the ipconfig /renew command. ipconfig /flushdns removes all entries from the DNS resolver cache. ipconfig displays basic IP configuration information. ipconfig /all displays a detailed list of the current IP configuration.