Network+
GRE
Generic routing encapsulation (GRE) is a communication protocol used to establish a direct, point-to-point connection between network nodes. Being a simple and effective method of transporting data over a public network, such as the Internet, GRE lets two peers share data they wouldn't be able to share over the public network itself. Paired with IPSEC to carry data over layer3
Protecting Networks - Vulnerbilities - Zero Day - Attack
Getting data with attack after exploiting.
Malware (Malicious Software)
Hostile or intrusive software designed to cause intentional harm.
What is confidentiality?
How do I keep things confidential? Via Encryption
Patching - OS Updates
• All devices need updates, even mobile devices • Device patches - security updates • Operating system updates - New features, bug fixes
IOT
(Internet of Things) refers to a network of physical objects of things that are embedded with electronics, sensors, software, and network creativity. These physical objects can exchange data with each other
What is Root Guard
- An STP feature that is enabled on a port-by-port basis. - Prevents a downstream SW (often misconfigured or rogue) from becoming a RB in a topology. - Functions by placing a port in an ErrDisabled state if a superior BPDU is received on a configured port.
Disaster Recovery and Backup - Disaster Recovery Plan - Two Data Types - Configuration Data
-All customized settings for routers Switch Firewall IPS Allows replace and restore of failed device.
Subnet Masks Whacks and Hosts CIDR
/24 - 254 /25 - 126 /26 - 62 /27 - 30 /28 - 14 /29 - 6 /30 - 2
The smallest ipV6 subnet is what?
/64
What wavelength is an SMF Cable?
1310nm to 1550 nm of light generated by a laser.
Which of the port numbers listed below are reserved for NetBIOS services
137-139
What does a Class C start with and what is its whack?
192 /24
What does baseline provide to the Network Administrator
A baseline helps identify irregular activity that needs to be investigated.
Protecting Networks - Physical Security - Detection Methods - Asset Tag
Allows identity of who it belongs to or where it was.
Extensible Authentication Protocol (EAP)
Allows transactional based authentication systems to identify what type capability of authenticatiosns. Wireless Networks
What is needed for encryption?
Alogrithm and a Key
Protecting Networks - Wireshark
Application that captures and analyzes network packets
Infrastructure as Code
Automation Orhestration
BIDI
Bidirectional Single Mode Fiber using different color lasers. Future of fiber otptic.
What is bidi?
Bidirectional. Single Mode Fiber using different colored lasers to increase throughput.
Interference
Biggest problem Can disrupt or slow down connection. Channel being stomped on. Changes made to WAP loose connection Reboot
Forward Proxy
Client speaks to proxy and forwards the data. Dedicated Box or Software Caching Content filtering Acts like a firewall. More detailed parameters than Firewall.
True or false? The DHCP server in the SOHO router assigns an IP address to the WAN interface automatically.
False—the DHCP server in the SOHO router assigns IP addresses to the hosts on the local network. The WAN address is likely to be assigned by DHCP, but a DHCP server is managed by the access provider.
True or false? The WAN port on a SOHO router is connected to the LAN ports by an internal switch?
False—the LAN ports and access point are connected by a switch. The WAN port is separate. Packets must be routed between the LAN and WAN segments.
Points of Failure - Critical Assest - High Availabiltiy - Failover - Redundancy - Fault Tolerance
Fault Tolerance is the ability for one system to continue functioning in the event of failure of one of its components.
Patching - OS Updates - Manufacturer
Feature Changes Updates Security Vulnerability
Protecting Networks - Physical Security - Physical Controls - Preventative Controls
Fence and Gates Barricades K Ratings
Difference between Forward and Reverse Proxys
Forward Proxy hides the clients Reverse Proxy hides the servers.
Data Center:SDN
Forwarding Plane/Layer - Forwards packets Infrastructure Plane - sends data frames to Control Plane - Sets up ACLs and routing info Application Plane - API, Code Interfaces of SDN Managment Plane Layer.
OSI Data Link Layer or Layer 2 PDU is known as:
Frame
Network Monitoring System Monitoring - Utilization - Error Rates
Frames and or packets that are malformed, broken etc. What percentage are bad?
Protecting Networks - Purpose of Man In The Middle
Garner data - Exfiltration
Which copper Ethernet standard meets the bandwidth requirements for clients in an office network while minimizing costs?
Gigabit Ethernet. Provisioning 10 GbE would require upgrading the network adapters in most client devices, as well as potentially requiring upgraded cable installation.
Hardening IOT Devices at home
Give it a seperate SSID Do not broadcast SSID Cameras in seperate VLAN PSK Use long one. Routine Queries for firmware updates. User Name ACL
What is the order of colors for the 568A standard?
GrW, Gr, OrW, Blu, BluW, Or, BrW, Br
Data Center:Hot and Cold Isles
Help regulate the cooling in data centers with multiple rows of cabinets (The back of all cabinets in one row will face the back of all cabinets in an adjacent row to create a hot isle, and vice versa (front to front) to create a cold isle)
Reverse Proxy
High security Handle DoS attacks Load balancing Caching Encryption acceleration
Protecting Networks - Social Engineering - Phising
Hoax email to click on website to get information
What is non-repudiation?
I have no doubt what I am getting is from the acutal person I expect it to be.
Protecting Networks - Physical Security - Prevention Methods
ID Badge Reader
Network layer protocol that specifies the format of packets and addressing scheme in network communications.
IP
IPAM
IP Address Managment - track and manage allotted IP addressses, maintaininig address needs for servers and VM farms.
anycast
IP delivery mechanism whereby a packet is addressed to a single host from a group sharing the same address.
authentication header (AH)
IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.
Quadruple A
IPv6
STP - Spanning Tree Protocol
If a loop is detected, the root switch will shut of the port that is looping.
What is Bridge protocol data units (BPDU) Guard?
If it detects a BPDU being sent, the port is disabled. Allows only non-switch devices to connect to port.
Default Route
If the IP address is not otherwise in the table it will be sent to the default route, always starts with 0.0.0. has the gateway and the nic to use.
If there is a long string of zeros how can hou shorten it
If there is a group of 4 zeros, such as 0000:0000 they can be concatenated to 0:0 which can further be shortened to :: (double colon) Leading 0s can also be dumped
Mail Ports TLS
Imap 144>993 TLS POP 110>995 TLS SMTP 25 > 465 TLS
BSSID (basic service set identifier)
In IEEE terminology, the identifier for a BSS (basic service set).
Client Isolation
Keeps users on the same wirelwess network from seeing each other
The Presentation Layer is which Layer in the Open Systems Arc hitecure model?
Layer 6
Protecting Networks - Defense in Depth
Layered system of security measures. -Permieter -Network -Host/Endpoint -Application -Data
Protecting Networks - Network Hardening - Port Security - Router Advertisement (RA)
Let neighboring nodes that the router is available. Uses NDP Neighbor Discovery Protocol. Detects Neighbors.
Which of the following answers does not refer to the characteristics of twinaxial cabling?
Long-distance cable runs
We add DNS records in what ?
Lookup Zones
Protecting Networks - Malware - Trojan - Ransomware/crypto-malware
Lose use of computer until you pay. Crypto encrypts software
What is the name of ability for a switch to be with an uplink data port to work with a straight through cable when directly connected to another switchh?
Medium Dependent Interface Crossover MDI-X. If the switch does it automatically it is Autmatic MDI-X
Standard Business Documentation - MOU
Memorandum of Understanding Between organizations that cannot make a standard legal contract. -Definition of agreed duties -Time Frame
Which type of network topology provides the highest level of redundancy?
Mesh
MAN
Metropolitan Area Network; a geographic network that covers a larger geographic area such as a city or community; may be used to connect computers in libraries, government agencies, etc. together - no more than 30 miles in size
Data Center:Active/Passive
No load balancing, just if one goes down how do we get to the other?
Which of the following would be considered firewall technology?
Port filtering Packet filtering Proxy server Network Address Translation (NAT)
A technician configures a switch port with a list of approved MAC addresses. What type of feature has been enabled?
Port security.
Virtualization
Power Saving Hardware Consolidation System Recovery Research -- Testing
Data Center:Wiring Diagram
Power connections Not where they are but what they are connected to. Also for cable runs.
PSK
Pre-shared key. A secret shared among different systems. Wireless networks support Personal Mode, where each device uses the same PSK. In contrast, Enterprise Mode uses an 802.1x or RADIUS server for authentication.
Risk Managment - Security Assessment - Assets
Routers Firewalls Servers Files Databases
SAML
Security Assertion Markup Language
Server-Side load balancing.
Software at Server location Can use clustering. Systems have own private network Keeps systems identical Some clustering will update froma a single server. Load balancing is now in the cloud
What is a U?
Standarized Height = 1 3/4" on 19" Rack
SOA
Start of Authority - Top level DNS Server for Zone
SOA
Start of Authority DNS Server. Big cheese server.
Protecting Networks - Firewalls - Stateless
Stateless and stateful exist on same firewall.
Which document defines services, products, and time frames for support provided by a vendor?
Statement of Work
Standard Business Documentation - SOW
Statement of Work Legal contract between two parties (Vendor and customer) -Defines services to be performed/supplied -Defines time frame/deliverables -Defines milestones/defines progress
MAC Reservation
Static IP Not needed but ip is, Gives highest priority to make sure the device has an IP
TOR
TOR creates a VPN to a proxy but it randomly creates a path.
Business Continuity Plan - Annual Excercises
Table top go through order Fire Drill, servers get moved etc. Fail Over - Make it happen to test
Formatting data translation, data compression, encyrption/decryption takes place at what layer?
The Presentation Layer or Layer 6
MU-MIMO (Multi User-Multiple in, Multiple Out)
The ability to communicate with up to four devices simultaneously. Introduced in 802.11ac WiFi Routers operating on older standards such as Wireless-A, B, G, and N do not have it.
If you are provided with an ip address block of 192.104.32.0 /24 How many hosts can you use?
The total hosts is 256. Your range would be usable for 254 hosts due to 2 reserved for routing and broadcast, that leaves you with a range from 192.104.32.1-192.104.32.254
EUI-64 creates the Link Local address from the MAC address, what is used to protect the privacy so that your MAC can not be compromised?
The use of a randomizer
Protecting Networks - CIA Protecting Data - CIA Protecting Data - 3 Things that can go wrong.
Threat Vulnerability Exploit
Protecting Networks - CIA Protecting Data - CIA Protecting Data - Unholy Trinity
Threats can create vulnerabilities, vulnerabilities create exploits and exploits can give unauthorized users access to your network.
6TO4
Tunneling adapter software to go to IPv6
Asymmentric encryption
Two keys, a public key and a private key. Public encrypts and private decrypts. Two people need to exchange public keys to decrypt.
Site to Site
Two networks acting as the same network.
Port Bonding - combine ports to add bandwidth.
Two ports on each device act as one port. Two ports are put into a group #int port-channel 1 = a group #switchport mode trunk #int fa0/23 #chann #channel-group 1 mode active #show interface prot-channel 1
Hypervisor Types
Type 2 Runs ontop of OS Hosted Hyper Visor Type 1 - Bare metal
International Export Control
US is very strict Military information Nuclear Information License keys
Protecting Networks - Social Engineering - Masqurading
Urgency and scaring you while imitating someone.
How do you find which connection in patch panel is your wall jack?
Use a Fox and Hound-Tone Generator and Tone Probe
Jill wants to connect multiple devices into a network but has been cautioned not to segment her collision domain. What device would enable her to accomplish this goal?
Use a Hub. A switch will segment a collision domain.
WAN Troubleshooting
Use ping, ipconfig and netstat to test connectivity. -Check Lan Interface Connected? Router giving proper info Can you access the router. Modem lights Power, Link activity LED fix with Modem reset. Choosing a DNS Server Add DNS yourself 8.8.8.8
Variable-length subnet mask VLSM
Used by large internet providers routers.
Fiber Distribution Panel
Used to distribute fiber-optic networks.
Firewall internally
Used to provide stircter rules than external. Implemented for DMZ applications.
Stateful DHCP v6
Used to redirect DNS for local use.
Protecting Networks - Password Attacks - Stopping Attacks
User Education Social Engineering
Leased Office Demarc
Uses Demarc extensions. The Demarc comes into a multi-plexer/splitter. The individual cables then go to the respective tenant to the cable modem in that office.
Windows Naming Process if off network
Uses NETBIOS ports 137-138-139
Dynamic DNS
Uses client that talks to DNS Server
Are all computers in a hub in the same collision domain?
Yes, a hub repeates the data to all ports.
Can you safely connect a server to a PoE+ enabled port or should you disable PoE first?
You can connect the server. PoE uses a detection mechanism to determine whether to supply power.
Protecting Networks - Defense in depth - Networking layer - Network Segmentation Enforcment
You must create seperate vlans and for efficient flow of traffic.
Data Center:Three-tier architecture
a design of user computers and servers that consists of three categories, or tiers
Data Center:Fiber Channel (FC)
a high-speed serial architecture that can operate over optical fiber or over a four-conductor copper cable.
What does it take to use a remote VNC?
client and server.
adhoc mode
configuring the wireless network adaptor to connect to other computers who are also using wireless network adapters directly
OFDM (Orthogonal Frequency Division Multiplexing)
employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission -the modulated signals are perpindicular (orthogonal) and do not cause interference with each other -requires smaller freq set (channel bands) -offers greater throughput
Wireless Access Point (WAP)
enables devices to connect to a wireless network to communicate with each other
Flush DNS
ipconfig /displaydns Displays DNS Cache
A network technician determines that two dynamically assigned workstations have duplicate IP addresses. What command should the technician use to correct this issue?
ipconfig /release | ipconfig /renew
ou need to verify whether a switch port is misconfigured by checking the number of collisions being reported. What general command could you use at a CLI to report this information?
show interface
You are wanting to make a short straight-through cable to connect a router to a switch in your MDF. Your company uses the 568B wire pattern. Which color pairs will be crimped down on the outer pins of the RJ-45 connector? (Select two.)
white/brown, brown white/orange, orange
What is used to splice Fiber Optic Cable?
Fusion Splicer
First Generation MSA was what?
GBIC - Gigabit interface converter.
What introduced the SIM card?
GSM
Horizontal Run - Stranded or Solid Core?
Solid
Virtualization Components
1. Computer 2. Hypervisor - Sits between hardware and virtual machine 3. Virtual Machine 4. VHDx Virtual Hard Drive
802.11g
2.4ghz 54mbs OFDM
ISM Band
2.4ghz/5ghz (Medical Band)
Most internet addresses in IPv6 start with what?
2000
With a /24 I have how many hosts?
254
A server has a four-port gigabit Ethernet card. If a switch supports port aggregation, what bandwidth link can be achieved?
4 x 1 gigabit or 4 gigabit.
What is the wavelength range of an MMF Cable?
850nm - 1300nm
How long can a horizontal run be?
90m Meters (Don't forget about patch cable lengths.)
If there is no MX Record what record will be used for mail transfer?
A
What is a common port for https traffic?
443
STARTTLS
465 NO PORT SWITCH
The Session Layer is which Layer in the Open Systems Architecture model?
5
802.11A
5 ghz 54mbps OFDM
What port does DNS user?
53
WHAT IS A 3 WAY HANDSHAKE
A TCP method of sending data. A SYN Packet is sent by client SYN/ACK is sent back by server /ACK sent from client and connection is created.
Protecting Networks - Firewalls - Stateful
A firewall aware of state of communication. Creates a State Table Uses a hierarchy of account roles/permissions. If it recognizes communication it allows it.
Firewall, IDS Instrusion Detection System and Intrusion Protection System
A firewall filters, an IDS notifies and an IPS Acts to stop.
Disaster Recovery and Backup - MTBF (Mean Time Between Failures)
A measure of the average time between failures in a system - the higher the amount, the more reliable the thing is.
Tunneling
A program that sends data from your computer throught 'the tunnel' to another system running a client.
What component performs signal amplification to extend the maximum allowable distance for a media type?
A repeater.
NDA (Non-Disclosure Agreement)
A signed agreement between a company and an agency or person in which the agency or person promises they will not disclose or share confidential information.
Global System for Mobile Communications (GSM)
A standard created to replace first generation (1G) analog cellular networks and was first used with second generation (2G) networks, allowing digital cellular data communication for mobile devices. TDMA was used.
POE+ (802.3at)
A standard that enables systems to pass electric power along with data on twisted pair Ethernet cabling. 25.5 W of DC power.
Protecting Networks - Password Attacks - Users
Avoid common names Shoulder Surfing Change default password
A home user reports to a network technician that the Internet is slow when they attempt to use their smartphone or laptop with their Wi-Fi network. The network administrator logs into the admin area of the user's access point and discovers that multiple unknown devices are connected to it. What is MOST likely the cause of this issue?
A successful WPS Attack has occured
Port Tagging
A technique of adding a VLAN ID into an Ethernet frame. The tag identifies which VLAN the frame is coming from or going to. A tagged frame is called an 802.1q frame or a Dot1q frame.
Which of the following answers refer to the characteristic features of bus topology? (Select 3 answers)
A terminator at each end of the main network cable prevents collisions caused by signal bounce The main network cable becomes a single point of failure All network nodes connect to a single central cable (a.k.a. backbone or trunk)
heat map
A two-dimensional representation of data in which values are represented by colors. Created on a Network Managment Station
Hash
Binary value fixed in size.
Protecting Networks - Replay attack
A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.
Web Proxy
A type of proxy that is used to act on behalf of a web client or web server.
DSSS (Direct Sequence Spread Spectrum)
A type of radio transmission in which a single data signal is converted into multiple digital data signals called chips.
MPLS (Multiprotocol Label Switching)
A type of switching that enables any one of several Layer 2 protocols to carry multiple types of Layer 3 protocols. One of its benefits is the ability to use packet-switched technologies over traditionally circuit-switched networks. MPLS can also create end-to-end paths that act like circuit-switched connections. Lower Cost
RIR (Regional Internet Registry)
ARIN= North America APNIC = Asia Pacific AfriNIC = Africa LACNIC = Latin America RIPE NCC = Europe
infrastructure mode
A wireless configuration that uses one or more WAPs to connect wireless workstations to the cable backbone.
WPA2
AES-CCMP is the encryption protocol
How do I list the ARP addresses on my network?
ARP -a
Points of Failure - Critical Assest - High Availabiltiy - Failover
Ability for master systems to detect the failure and then take over.
Protecting Networks - Firewalls - Stateless - ACL
Access Control List
Security Information and Event Managment (SIEM) - Tools
Aggregate and correlate data allowing organization into valuable information. SPLUNK ArcSight ELK - Elasticsearch, Logstash, Kibana
Security Information and Event Managment (SIEM)
Aggregation - Collecting and storing Data Coorelation - Look at and understand analysis
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Cables
Air Gap - Seperate important cabling network distribution cables from others.
Protecting Networks - Physical Security - Detective Physical Control
Alarms Cameras Infrared
Security Information and Event Managment (SIEM) - Correlation
Alerts - For notification if something goes bad - Triggering Exheeding threasholds
What does netstat -a provide?
All connections and listening ports.
Business Continuity Plan - Cloud site backup location
All data and resources available at new location.
Protecting Networks - Defense in depth - Host/Endpoint
All hosts on network -Prevent malware -Make sure software is updated.
Points of Failure - Critical Assest - High Availabiltiy - Failover - Virtual IP - Method
All servers from cluster to recieve data from Common IP.
Client to Site VPN
Also known as a remote-access VPN, a client-to-site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.
Network Monitoring SNMP (Simple Network Management Protocol)
An Application-layer protocol used to exchange information between network devices. UDP 161 TLS 10161 (encrypted)
What is an Ethernet?
An Ethernet is a single network segment, or layer 2 broadcast domain.
Protecting Networks - Session Hijacking
An attack in which an attacker attempts to impersonate the user by using his session token.
Protecting Networks - IP Spoofing
An attack that changes the source IP address. Uses Arp Poisining.
Protecting Networks - DHCP spoofing attack
An attacker configures a fake DHCP server on the network to issue IP addresses to clients. Creates new DNS server ip.
What is a digital signature
An encrypted hash of the web page and a private key.
Source Port is created where?
At the web client/browser, it is serial and emphemeral
Business Continuity Plan - 3 Parts
BCP Risk to Critical Systems Cost to repair or replace How to implement in a tiemly fashion
Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?
BGP
How does Border Gateway Protocol Function?
BGP Breaks Internet up into abt 20,000 Autonomous Systems.. Each AS has an ASNumber. BGP
What does MPLS connect?
Back office or satellite locations via public facing router at central office - Back Haul Connection, Slower, expensive. Keeps security.
Disaster Recovery and Backup - Methods- Differential
Backup all changes from last full backup
Disaster Recovery and Backup - Methods- Incremental
Backup only changes from last backup
No Connection - Usually check another port.
Bad Ports - if a short, the link light on the NIC will blink but on the switch port it is not. Switch ports. Replace switch Transmit and Receive reverse - Check link lights. Lable cables, keep good inventory. No need to lable straight through as such. Horizontal Cabling - Check for bent pin in cable or switch. Switch ports Open and shorts - Check other port
Multimeter
Basic voltage meter
Symmentric Encryption
Both ends have the same key to encrypt and decode.
What is a BPDU
Bridge protocol data units. - Negotiation of STP for CISCO devices.
Bridge the NIC
Bridging the hardware NIC to the Virtual NICs
What is a DHCP Discover?
Broadcast Sent out to Broadcast Domain to the network DHCP Server.
address resolution protocol (ARP)
Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.
Change Managment - Change Managment Team
Business Analyst Marketing Operations Managment
How is the decimal value 12 expressed in hex?
C (this might be written 0xC for clarity). Values above 9 are expressed as letters (10=A, 11=B, 12=C).
Canonical Name
C Name and aliasfor and FQDN
Cnonical Name
C Name, a pointer to an A Record
What is CSMA/CD
Carrier Sense Multiple Access/Collision Detection
A type of network that interconnects multiple LANs within a limited geographical area is known as:
CAN
What is 1000BaseT
CAT 6 100 Meters
What is 10GBaseT
CAT 6 55m CAT 6A 100 Meters.
IPSec (L2TP/IPsec)
CISCO Security for VPN
Define Carrier Sense Multiple Access/Collision Detection
CSMA/CD is a technology used for devices to listen and see who is communicating. When a collision occurs, each MAC address randomly selects a number that is the number of ms to wait before sending again.
Multiplex
CWDM
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Workstation
Cable Locks Screen Filters
nbtstat -c
Cache view, Registered names on network.
RADIUS Server
Can authenticate users to database on another server
Internal Firewalls purpose.
Can be uisedd to block specific access for areas that may need additional restirictions but, still function within the main domain.
The 802.11 2ghz and 5ghz ISM Bands are broken up into?
Channels
When a NIC checks to see if another NIC is transmitting data what process is it called?
Carrier Sense. Collision Detection occurs after a collision has occured.
CSMA (Carrier Sense Multiple Access/CA)
Carrier-sense multiple access with collsion avoidance. A collision detection and prevention method used to ensure proper data communication in a bus network
What cable did 100BaseT4 use?
Cat 3 using all 4 pairs. Full Duplex
What cable is used by 100BaseTX?
Cat 5e
Which categories of U/UTP cable are certified to carry data transmission faster than 100 Mbps?
Cat 5e and Cat 6/6A. Cat 7 and Cat 8 are screened/shielded types.
Troubleshooting Structured Cable issues
Check windows network - Connected or not Link Light - active or not Device Manager - Is network card disabled? Loopback Address - 127.0.0.1 use loopback adapter to check NIC Health. Loose wires - Cleaning crews etc. Check wall plate maybe have to punch down the connection. CHECK WORK AREA FIRST
Protecting Networks - System Life Cycle - Asset disposal ITAD (IT Asset Disposal)
Check with ordiances Security issue. Chain of Custsody Use Asset Tags. Logged in Asset Magmet System Secure Disposal Certificate of Data Destruction
nbtstat -r
Clear Cache
Protecting Networks - Vulnerbilities - CVE
Common Vulnerabilities and Exposure list List of publically disclosed security flaws. Each CVE gets and ID Number
Real Time Video
Communication that offers both audio and video via unicast messages.
Protecting Networks - VLAN Hopping - Port Isolation
Community Ports - Talk with everyone Private Ports - Directed communication
Deployment Models - BYOD - Policy
Company has certain control of some aspect of your device May limit device type User must sign an AUP - Acceptable Use Policy
Data Center:Baseline configurations
Comparitive tool
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Compensating & Corrective Control
Compensating is simply making up for a failed control.
Network Operations - Security Policy - Password Policy
Complexity Password Age Lockout Policy
What is CIA?
Confidentiality, integrity adn availability
What are Patch Cables used for connecting?
Conmnect switches to patch panels and computers to wall outlets.
Which would be the BEST example of an on-path attack?
Connecting a laptop to an access point to sniff packets and intercept them
Encrypted Tunnel
Connection to Proxy.
What does a router do?
Connects different network ids
Digital Certificate
Contains Public Key, digital Signature and third party digital signature.
Traffic Shaping
Control traffic based on serveral parameters. Uses Quality of Service.
Mandatory Access
Control- Lable on resorce, you have to have same lable.
DHCP
DORA Discover, Offer, Request and ACK
DLC
Data Link Control protocols; mac address on ethernet
Lyer 2 is also call the _______ Layer
Data Link Layer
deauthentication attack
Denial-of-service (DoS) strike that disconnects a wireless host from WAP, so that the victim is forced to reconnect and exchange the wireless key multiple times; an attacker can then perform an offline brute-force cracking of the password.
A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones: ZONE INTERFACE, IP address --------------------------------------- PUBLIC, eth0, 66.13.24.16/30 INSTRUCTORS, eth1, 172.16.1.1/24 STUDENTS, eth2, 192.168.1.1/24 What rule on the firewall should the technician configure to prevent students from accessing the Internet?
Deny all traffic from eth2 to eth0
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Fence K Ratings
Department of State K4 - Stopped 15K Pound Vehicle at 30mph K8 - Stopped 15K Pound Vehicle at 40mph K12 - Stopped 15K Pound Vehicle at 50mph
Data Center:East/West Traffic
Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).
What is an access point (AP)?
Device that provides a connection between wireless devices and can connect to wired networks, implementing an infrastructure mode WLAN. Also called wireless access point (WAP).
Points of Failure - Critical Node
Devices needed to maintain the network.
Reverse lookup zones.
Different PTR records for all servers in Zone DNS requires DNS/BIND
Disaster Recovery and Backup - Methods
Differential - Less backup sets but they get bigger Incremental - More backup sets but they get smaller.
Protecting Networks - Network Hardening - Port Security - DHCP Snooping - Mitigation
Disable Network Ports not needed Disable Protocols not needed.
Protecting Networks - CIA Protecting Data - CIA Protecting Data - Internal Threats
Disgruntled Employee -Deactivate Account
netstat -n
Displays addresses and port numbers
What does netstat -b provide?
Displays the executable involved in creating each connection or listening port. Needs elevated prompt
netstat -o
Displays the owning process ID associated with each connection
netstat -r
Displays the routing table.
Short-hand for IPv6
Dump leading 0s
Protecting Networks - Cisco Dynamic Trunking Protocol (DTP)
Dyanically assigns a trunk link.
DNAT
Dynamic Network Address Translation - Has limited number of internal ips to give to devices.
Protecting Networks - System Life Cycle - Asset disposal - Update IT Inventory
End of life details Manner of disposal Value Date
Data Center:Fire Protection System, Redundancy Protocols, load balancing, clustering, uniterruptivle power supplies UPSs and generators
Ensure High Availability.
Network Monitoring - System Monitoring - Utilization
Establish baseline If CPU gets above a certain point send a notification
Business Continuity Plan - Disaster Recovery Plan
Evacuation -Backup site - Cold weeks to bring online. Lowest cost recovery site. -Warm Site takes a few days to bring up. Operational equipment but little or no data -Hot Site Take hours to bring online --Real-time synchronization --Almost all data ready to go
Protecting Networks - Password Attacks - Dictionary Attack
Every word in the dictionary is used until the right word is found.
Switch Down impacts who?
Everyone connected to the switch.
Rouge Access Point with same SSID
Evil Twin
Risk Managment - Security Assessment- Threat Assessment
External Threats Internal Threats Theft Sabatoge Natural Events Water Main Break, Leak, Fire etc Disasters.
A Record
FQDN and matching IP Host Record
netstat -f
FQDN of forgein addresses
What is an important part of a monitoring program?
File Integrity
Protecting Networks - Firewalls
Filters traffic based on criteria.
Protecting Networks - Vulnerbilities - Zero Day - Vulnerability
Finds flaw first before Vendor
Protecting Networks - Firesheep
Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks
You need to provision a fiber patch panel to terminate incoming cabling with green LC connectors. What type of ports should be provisioned on the patch panel?
Green connector color-coding indicates angled physical contact (APC) finishing. This type of finishing is incompatible with PC or UPC ports. The patch panel must be provisioned with Lucent Connector ports with APC finishing type.
100BASE-T transmit pins are 1 and 2. What color code are the wires terminated to these pins under T568A and T568B?
Green/White (pin 1) and Green (pin 2) for T658A or Orange (pin 1)/White and Orange (pin 2) for T568B.
Federated Systems
Group of computers that have had kerberos setup on them for a domain.
autonomous system (AS)
Group of network prefixes under the administrative control of a single organization used to establish routing boundaries.
Name Server
Has domain names. Subordinate to SOA
Data Center:Logical Network Diagram
How things are connected
Business Continuity Plan - Alternative business practices
How to process credit cards Accounting sofware Sales tax if you move
Wirewrap
How wires are connected on the cable. Bad Wiremap will show as problem on a wire pair.
Network Operations - Security Policy - Remote Access Policy
How you can connect to the internal network from outside infrastructure. Might include VPN and Authentication
The Physical Layer- Layer 1 consists of what components?
Hub, Cabling, Repeater
Disaster Recovery and Backup - Disaster Recovery Plan
Hurricanes Floods Acts of War
IPS/IDS PLacement
In line.
Stateless auto configuration
In the router advertisement phase to provide IPv6 clients with IPv6 address, submet mask, default gateway and DNS servers.
How does a switch know which port a device MAC address is ?
In the router is the Content Addressable Memory or CAM table. It stores the MAC and associated Port on the switch.
802.3af Power over Ethernet (PoE)
Industry-standard method of supplying power over an Ethernet cable to attached devices.
Protecting Networks - Command and Control (C&C or C2)
Infect computer with virus Computer then sends info to my server (zombie) I reply with complete control Malicous code is executed creating a botnet.
Stateless router solicitation
Information provided to hosts in IPv6 such as Gateway, IP, DNS etc.
Cloud Services
Infrastructure as a Service Iaas Platform as a Service Paas Software as a Service SaaS
IaaS
Infrastructure as a Service. A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers. Compare to PaaS and SaaS.
HMI (Human Machine Interface)
Input and output controls on a PLC to allow a user to configure and monitor the system
Data Center:A SAN uses multipathing
Instead of one network card there are 2 or more.
Data Center:Distribution/Aggregation Layer
Interconnects the Layer 1 switches.
netstat -e
Interface statistics
Environmental obstacles to WIFi
Interference reflection abosortion
DEMARC issues
Interference, Failures due to storm
IGP
Interior Gateway Protocol. Autonomus systems are controlled by IGP.
IDF
Intermediate Distribution Frame
Protecting Networks - CIA Protecting Data - Confidentiality, integrity, availability
Internal threats external threats Vulnerabilities Exploits Spoofing
What is ICMP?
Internet Control Message Protocol - Works at IP level Layer 3 not Transport Layer Apps that use ICMP are ping and arp No Data just checksum and type.
DMZ
Internet Router to Switch 1 - Firewall Router DMZ Servers (Web etc.) to Switch Switch 1 to Switch 2 WAN - Firewall Router (Stricter Rules no Port 80 incomming) To Switch 3 internal network router
Data Center:IScsi
Internet Small Computer System Interface. A lower-cost alternative to traditional SANs. It supports sending traditional SCSI commands over an IP network.
Bandwidt Speed Tester
Internet Speed test type apps.
IDS
Intrusion Detection System - Detects potential threats. out-of-band does montioring and alerts
Authoritative DNS Server
It is the authority of its zone.
What type of connector is shown in this picture?
LC or Local Connector or Lucent Connector
10GBaseSR
LED Muiltimode 26m-400m
Name resovle in Windows Home
LLMNR Linked Local Multicast Name Resolution protocol that allows hosts to name resolution for hosts on the same local link
RADIUS Supplacant
Laptop, phone or other resource trying to get on the network
Risk Managment - Security Assessment
Like an Audit to find vulnerabilities.
Network Monitoring - Interface statistics or Interface Data
Link State Speed and Duplex Send and recieve traffic Giants and Runts Cycliclic Redundancy errors
5G
LowMedium and High. Upto 1gbps.
access/edge layer
Lowest tier in a hierarchical network topology acting as the attachment point for end systems.
Which type of fiber optic cable would you use for a LANs?
MMF - Less expensive optics, less expnesive to deploy.
How is MMF graded
MMF is graded by Optical Multimode (OM) categhories
QSFP (quad small form-factor pluggable)
MSA Transcievcer for 40gb Ethernet
MDF
Main Distribution Frame - Where outside connections connect to local distribution.
Patching
Maintenance or updating software. Software patches may be more limited in impact than firmware updates.
Change Managment - Strategic Change
Major change that will substantially effect the business of the infrastructure. Moves to another country or location Changing out All Computers. Not made by Change Managment Committee.
Business Continuity Plan - Alternative Processing Sites
Make Cross agreements with other organizations
SAML ia used to ...
Manage multiple apps using a single account
Software Defined Networking
Management plane/layer Control plane/layer data plane/layer Control of a device remotely
Access Control List
Mandatory Access Control- Lable on resorce, you have to have same lable. Discretionary ACL - Readers, owners, editors. Role Based ACL -- Groups
Protecting Networks - VLAN Hopping - VLAN Spoofing Protection
Manually configure trunk ports not automatic.
Protecting Networks - Denial of Service - DoS - Distributed Denial of Service Attack
Many computers sending attack to server. Malware sent out creates a botnet.
What mechanisims can be used to mitigate routing loops?
Max Hop Count TTL Split Horizon Route Poisoning Hold Down Timer
What is an MTU?
Maximum transmission unit—the maximum amount of data that a frame can carry as payload.
Disaster Recovery and Backup - MTTF, MTTR, MTBF
Mean Time To Fail Mean Time To Recover Mean Time Between Failure
Protecting Networks - Physical Security -
Measures you can take to provide physical security.
What type of connector is shown in this picture?
Mechanical Transfer Registered Jack - MTR. small-form-factor duplex connector with snap-in design for Multi-Mode networks.
automatic private IP addressing (APIPA)
Mechanism for Windows hosts configured to obtain an address automatically that cannot contact a DHCP server to revert to using an address from the range 169.254.x.y. This is also called a link-local address.
What is MDI-X
Medium dependent interface crossover. Takes a straight through cable and performs the cross-over automatically for switch to switch communication and daisy chaining.
Risk Managment
Mitigate risk to an acceptable level
Protecting Networks - Vulnerbilities - CVE - Source
Mitre Corp cve.mitre.org CNA - Numbering Authority
Disaster Recovery and Backup - Methods- Differential - Method
Monday - Full Backup Tuesday - Friday Differential Backup Only two backups to restore fully
Disaster Recovery and Backup - Methods- Incremntal - Method
Monday - Full Backup Tuesday - Friday Incremental Backup If there is a failure on Friday all backups will be needed to restore network for the week
WAN
More than one broadcast domain or two or more networks joined by a router.
Network Monitoring - SNMP - Versions - NMS
Most Network Management Systems can adjust between versions. If device 1 has version 3 and device 2 has version 1 it can talk to them.
Protecting Networks - Physical Security - Detection Methods - Motion Detection
Most common is passive infrared Radio or Microwaves
Protecting Networks - Physical Security - Tamper Detection
Motherboard alarm when case open
Trunking
Moves all VLAN traffic between switches. Uses Port Tagging. Enables VLANs to span more than one switch.
Standard Business Documentation MSA
Multi-Source Agreement -Used in place of a standard.
802.11n
Multi-antenna 2.4gh and 5ghz 108 mbs-300mbs MIMO Channels introduced
What is 224. address?
Multicast
What does MMF refer to?
Multimode Fiber
Most SAN solutions provide more than one connection between the SAN and the server. What is this called?
Multipathing
Multi-Tenancy
Multiple on same device or service.
Switch Loop
Multiple switches are connected in a circuit causing a loop.
What is MSA
Multisource Agreement - Allows you to use Fiber connectors in standard switch via plug-in modules.
Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on?
NAC and GPS Location The name "Network Access Control" is almost self-explanatory. At its simplest, NAC solutions provide a way to manage access to network resources. It makes all devices and users visible to network managers and allows technicians to enforce security policies across every part of corporate networks.
Network function Virtualization
NFV - Archetecture. Patterns. Describe the network. Hardware to virtual switch
Which device works on both Data Lin and Physical Layer
NIC
Protecting Networks - Wired Man in the Middle - Purpose is to Gather Data
Names Passwords
External DNS Server
Recognized by DNS System.
What is NEXT and FEXT?
Near-end crosstalk, far-end crosstalk
Data Center:Generators, HVAC
Needed for Data Center
Windows Active Directory
Needed for SSO
Managed Switch
Needs Configuration Must be on same subnet Change default password
What naming resolve services does Windows 10 use?
NetBios and LLMNR
Data Center:NAS
Network Attched Strorage- File Level
Jason is a network manager leading a project to deploy a SAN. He is working with the vendor's support technician to set up and configure the SAN on the enterprise network. To begin SAN I/O optimization, what should Jason provide to the vendor support technician?
Network Diagrams
Which grade or grades of fiber have a 62.5 micron core?
OM1.
OTDR
Optical Time Domain Reflectometer
What is the order of colors for the 568B standard?
OrW, Or, GrW,Blu,BluW,Gr,BrW,Br
What color is a Multi-Mode Fiber Optic Cable?
Orange
Structured Cabling
Organization for cabling. Telecommunications Closet, Horizontal Runs, Work Area
Network Monitoring - SNMP - Community
Organization of Managed Devices
Protecting Networks - Firewalls - Stateless
Original type of firewall. Looks at data filters on IP address and Port number.
Authentication
Password
APIPA 169.254.x.x
Password forgotten
Equpment Rack Parts
Patch Panel, Cable Managment, Primary Switch, Router, Server
Risk Managment - Security Assesment - Vulnerability Assessment - Pen Testing
Penetration Testing
Network Monitoring - Tools
Performance Metrics Network Metrics Environmental Factors Presentation of Data
PAN
Personal Area Network Bluetooth, tethering etc.
Layer 1 is also called the _______ Layer.
Physical
At which layer of the OSI model is no header encapsulation applied?
Physical.
For Kerberos to work, it needs what?
Synched Time
Network Operations - Disaster Planning
Plan that is put in place to move to site or cloud.
Change Managment
Planning, implementing, controlling and reviewing the movement of an organisation from a current state to a new one.
Why is plenum-rated cable used when cable is run in an area where building air is circulated?
Plenum-rated cable produces minimal amounts of smoke if burned, must be self-extinguishing, and must meet other strict fire safety standards.
Interference
Problems that could occur during certain times. Intermittent issues.
Forensics - Four Steps - Interface with Authorities - Forensic Reports - Legal Hold
Process of Organization to preserve or organize data to a pending legal in reaction to a pending legal issue.
Forensics - Four Steps - Interface with Authorities - Forensic Reports - e-Discovery
Process of requesting data and providing it in a legal way.
Deployment Models - BYOD - Policy - Onboarding
Process to bring user into network on their device. The policy on what you agree to when getting on the network. Malware scans, apps etc.
Risk Managment - Security Assesment - Vulnerability Assessment - Vulnerability Scanner
Program that will inspect areas of vulnerability.
DMZ purpose?
Protect public-facing servers by creating an isolated area for those devices.
Protecting Networks - Firewalls - Network firewall
Protects the network. Hardware firewall Hardware Firewall
Link Aggregation Control Portocol LACP
Protocol for port bonding.
Open VPN and SSH
Protocols for a VPN
What MSA device is used for 40 Gigabit Ethernet?
QSFP - Quad small form-factor Pluggable
Role-based ACL
RBAC - Groups
Which of the following terms represents the maximum amount of data, as measured in time, that an organization is willing to lose during an outage?
RPO
Disaster Recovery and Backup - Disaster Recovery Plan - Recovery Point Objective
RPO - State of backup when data is recovered. How much data will be lost if backup used.
What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?
RST
Enterprise Security in WAP
Radius server uses WPA2 WPA2 Enterprise
Network Monitoring - SNMP - Cinfguration - RO
Read Only - You can only read
Discretionary ACL
Readers, owners, editors.
nbtstat -RR
Rebroadcast status.
RSSI
Received Signal Strength Indicator Estimated Measurement of the power level that a wireless client device is receiving from an Access Point.
Network Operations - High Availability
Redundancy and fault tolerance implemented to prevent network from going down. Includes backup startegies.
Forensics - Four Steps - Interface with Authorities - Forensic Reports
Report any findings to authorities
Network Monitoring - SNMP - Get
Request to query for information on a network entity.
Layer 2 attack
Requires physical connection to network. Creates flood.
Patching - Process
Research - Verify that patch will do what you want to do, and is working for others. Testing - Test on VM Configuration Backups -
What type of Fiber optic cable would you use for WANs?
SMF - Better optics than MMF but more expensive to deploy Supports higher signaling speeds (Upt to 100 gbs)
Your data center requires as much speed as possible for a short range. What type of optic cable should you use?
SMF - The repeaters are nearly the price of MMF repeaters and it is able to handle higher speeds of 40 gbs and 100 gbs Ethernet standards.
Server Record
SRV Record. Used in voice over IP Allows me to create a record for a specific service.
Connection Methods
SSH, VPN
What does this picture refer to ?
ST or Straight Tip Connector. It is an early bayonet-style connector that uses a push-and-twist locking mechanisim. Used for Multi-Mode networks but very common for Ethernet installations.
What protocol provides protection against broadcast storms
STP
Protecting Networks - Denial of Service - DoS - Attacks - Volume Attack-Protocol Attack
SYN Flood TCP/SYN Most common form
Disaster Recovery and Backup - Offsite
Safer Not as acessible.
Protecting Networks - Physical Security - Physical Controls - Preventative Controls -
Safes Locked Cabinets Enclosures Faraday Cage
Deployment models: Corporate-owned/issued, personally enabled (COPE)
Same as COBO but recieve approved apps
Know the 4 things of basic cloud computing
Scalability Elasticity Multi-tennancy Security Implications
Protecting Networks - Defense in depth - Networking layer - Network Access Control
Scan Hardware VLAN to isolate network Seperate SSIDs
Protecting Networks - Denial of Service - DoS - Attacks - Amplification Attack - Smurf Attack
Send ICMP Attacker spoofs IP of server Hosts all send packets to imposter.
SPF
Sender Policy Framework - Email Authentication A public list of senders ok to send from your domain.
Patching - OS Updates
Seperate Machine for Patches and Updates Download and Install on the Test machine first.
Points of Failure - Critical Assest - High Availabiltiy - Failover - Virtual IP
Single IP shared by multiple systems.
Protecting Networks - Firewalls - Stateless - Dynamic Ports in Apps
Some apps change port numbers. They keep searching for a port that is open. Need firewall that is contex and application aware.
Hybrid Cloud
Some of the cloud is private, some is public.
SNAT
Static Network Address Translation - Sends specific traffic to one Internal address.
nbstat -r
Statistics.
Network Monitoring - Documenting Logs
System Logs or General Logs
Neighbor Discovery Protocol.
Systems talk to each other and self configure.
Telnet
TCP 23
UC Ports - RTP Real-Time Transport Protocol
TCP 5004 and 5005
Which port enables the FTP's Data Connection for sending file data?
TCP Port 20
nbtstat -a <computer name>
Tells me info on other system
Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?
Telnet
Protecting Networks - Defense in depth - Application
Test applications to be sure no negative impact
TXT Record
Text Record - Anything you want. DKIM and SPF
IANA
The Internet Assigned Numbers Authority is the agency that assigns IP addresses to computer networks
Disaster Recovery and Backup - Mean time to failure (MTTF)
The average amount of time expected until the first failure of a piece of equipment.
What is a Subnet ID
The bits borrowed from the Host ID of the original IP Network address.
Distributed Switching
The centralized installation, configuration, and handling of every switch in a virtualized network.
RADIUS Client
Wireless access point for example to get you to the RADIUS Server.
What is the cost differerence between an SMF repeater and an MMF repeater?
The cost of an SMF repeater is only silightly higher lowering the cost to deploy SMF.
What is the effect of cladding having a different refractive index to the core?
The different refractive index creates a boundary that causes the light to bounce back into the core, facilitating the process of total internal reflection that guides the light signal through the core.
What function or service prevents an Internet host from accessing servers on the LAN without authorization?
The firewall.
What is the lowest layer (bottom layer) of a bare-metal virtualization environment?
The hardware
With CSMA/CD, what will happen if a host has data to transmit and there is already data on the cable?
The host will wait for a random backoff period before attempting to transmit again.
You need to run UTP cable between two switches at opposite ends of a warehouse that is 140 m (459 feet) long. What additional device (if any) is required for the installation to be compliant with 1000BASE-TX Ethernet standard?
The maximum link length is 100 m (328 feet) so a repeater will be needed.
What is the process to verification of public key source?
Third party creates a digital signature from the third party. That digital sig is attached to the digital sig provided from source and compared for accuracy.
Protecting Networks - Man in the Middle - 2 parts
Third-party interception between a two-part conversation Third party uses the information to their advantage.
WiFi Analyzer
Tool for checking/diagnosing issues on a wireless network.
What layer uses ports?
Transport Layer. Layer 4
At which OSI layer is the concept of a port number introduced?
Transport or Layer 4
Protecting Networks - Malware - Trojan - Remote Access Trojan - Logic Bomb
Triggered upon an action. For instance when account is disabled.
Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device?
UTM - Unified Threat Managment
You need to provision modular SFP+ transceivers to support a 10 gigabit link between two switches using an existing fiber cable. What two characteristics must you check when ordering the transceivers?
Use an appropriate Ethernet standard and wavelength for the type and grade of fiber and link distance (10GBASE-SR versus 10GBASE-LR, for instance) and match the connector type of the existing cable (LC or SC, for instance).
MFA
Use more than one attribute to log in.
automation
Using scripts and APIs to provision and deprovision systems without manual intervention.
arp
Utility to display and modify contents of host's cache of IP to MAC address mappings, as resolved by address resolution protocol (ARP) replies.
Protecting Networks - VLAN Hopping Types
VLAN Spoofing and Double Tagging
CISCO VLAN trucnking?
VLAN Trunking Protocol - VTP
What is a hash used for?
Verified that data has not been changed.
How do I know the keys came from the right place?
Verifiying both keys by using a third key from a seperate relationship
What is a VLAN
Virtual local area network. A VLAN can logically group several different computers together, or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch. Creates seperate Broadcast domains from one switch
What is a native VLAN?
Vlan1 it is the default Vlan for all switches
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?
WPA Personal
Protecting Networks - Firewalls - Edge of Network
Want firewall at the edge of the network.
WPA
Wireless Protected Access
What are the first 1024 ports known as?
Well known ports
Authorization
What can you do on the network once authenticated
Network Monitoring - Documenting Logs - History log
What has changed over time.
Metric
What is the best way to go with more than one option.
While setting up your wireless network, you want to have certain users access the Internet, but block them from accessing other wireless clients or wired network itself. What do you need to setup?
Wireless client isolation
Desktop as a Service
Workstation in a Cloud
Antenna Problems
Wrong type - Plan Placement - Change antennas keep cable short as possible. Dipoles out of alignment
Expired Certificate
can be viewed then fixed by getting a new certicate from its issuer or accepting the certificate in its current state
Data Center:FHRP (First Hop Redundancy Protocol)
is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address
Tool that gives us state of network right now
nbt stat
Protecting Networks - New name for Man-in-the-middle
on-path attacks
Unified Communication
the integration of communication channels into a single service. Teams in software, phone device. Collaborative Collaborative Tools/Workflow Presence Information Video Conferencing/Real Time
How do you find the path to a destination
tracert or traceroute (Linux) pathping if tracert does not work.
What port is RDC
3389
What port does LDAP use
389
What is the OM3/OM4 Specification?
50 Micron cable but designed for 850 nm Vertical-Cavity Surface-Emitting Lasers (VCSEL), also referred to as laser optimized MMF (LOMMF).
Which of the following ports is assigned to the Domain Name System (DNS)?
53
What maximum distance is defined in standards documentation for 1000BASE-LX running over MMF?
550 m (1804 feet). Note that 1000BASE-LX can run over MMF or SMF. SMF has much higher range.
EAP-TLS
"EAP-Transport Layer Security--Uses PKI, requiring both server-side and client-side certificates."
Web app focused
1.Identity Provider. is signed on. 2. Web apps are service providers. 3. IDP provides provider with a token that can be used to access any resource
The oldest version of 100 mb ethernet is 100BaseT4. How many hubs could it support? It supported how many nodes per hub?
100 and each hub could handle 1024 nodes per hub.
Full Duplex became popular at what point of speed eveloution?
100 mb
What is the typical cable segment length for a copper twisted-pair Ethernet cable?
100 meters
How many meters could a 100BaseT4 hub be from a node?
100 meters.
Which of the following answers describe(s) the characteristics of Category 5e (Cat 5e) cabling?
100-meter cable segment length ( -Twisted-pair copper cabling ( RJ45 connecto -1 Gbps transfer rate over all 4 cable pairs (1000BASE-T networks)
Data Center:Data Center
A facility used to house management information systems and associated components, such as telecommunications and storage systems
Autonomlus System
A group of one or more networks under control of a single entity. The Govermnet, big university etc.
What port is TightVNC?
5900
802.11ac
5ghz 2.4ghz 1gps MU-MIMO
How many ghz is 803.11ac
5ghz only Won't work on 2.4ghz router.
/26 is how many hosts?
62
What is OM1/OM2 spcification?
62.5 Micron cable is OM1, 50 Micron Cable is OM2
What is the size range of an MMF cable?
62.5 or 50 Microns
You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?
77.81.12.12
Windows default lease is __ days.
8
How many groups in an IPV6 address
8 groups of 4 Hex numbers each in 7 columns
What is the size range of an SMF cable?
8 to 10 microns Core
Protecting Networks - Man in the Middle - Get in the Middle
802.11 Wireless with no encryption Bluetooth susceptable NFC
Protecting Networks - Denial of Service - DoS - Attacks - Volume Attack-Application Attack
Apache 1.10 Slow Loris Attack Client iniates a conversation but then becomes very slow to respond.
Protecting Networks - Malware - Virus
Attaches itself to a file or program and propogate to other files or programs.
Protecting Networks - Vulnerbilities - Zero Day
Attacker finds flaw before vendor can find it.
Protecting Networks - Network Hardening - Port Security - ARC Poisoning
Cisco Dynamic ARP Inspection (DAI) Keeps list of known and good IP and MAC Addresses
Protecting Networks - and VLAN Hopping
Ciscoo Dynamic Trunking Protocol (DTP)
Independent Computing Architecture (ICA)
Citrix Proprietary protocol. Others used for remote are TightVNC and RDP
IP Class License
Class A 0-126 /8 = 16.7 Million Class B 128-191 /16 = 65,534 Hosts Class C 192-223 /24 = 254 Hosts
CIDR
Classless Inter-Domain Routing
Business Continuity Plan - After Action Reports
Clear documentation of everything that happnend
Proxy Server Placement Server is obscured.
Client knows Forward Proxy, this will be a reverse proxy.
SSID (Service Set Identifier)
A unique character string used to identify an access point on an 802.11 network.
Network Monitoring - SNMP - Walk
An SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information. Big batch of Gets.
Protecting Networks - Man-in-the-middle
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
Protecting Networks - Malware - Root Kit
Difficult to detect Gets privlages to take actions on computer
Business Continuity Plan - Considerations
Distance Level of Internet Activity Housing Entertainment Legal issues - Secure Data Cloud Data must be within the same country in which you are doing business.
Does a router have only one ip address?
Each port has a seperate ip address.
Data Center:Spine and Leaf
Each top-of-rack switch is connected to the layer three switches on the spine layer.
Disaster Recovery and Backup - Disaster Recovery Plan - Recovery Time Objective
How long it will take from the time of failure to the time the organization returns to function.
Disaster Recovery and Backup - Disaster Recovery Plan - Backup Plan Assessment
How much data might be lost and how long to restoer it.
Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?
Hybrid
BGP (Border Gateway Protocol)
Hybrid of Linkstate and Distance Vector.
IP Reservation
IP Addresses out of the IP scope/range. Reduce scope as much as possible. Range issues are common as far as DHCPis concerned.
Dual Stack is what
IPv4 and IPv6 on same host.
Router prefix
IPv6 DHCP Allows router to know what network ID the network is.
Data Center:Core
Out to Internet Routers that take data out of the local network. Fastest part of data center is line that connects the switches. This is the Backbone.
Data Center:North bound traffic
Outbound traffic.
slow Wireless network
Over capacity, basically don't have enough wireless access points. Make new SSIDs, speedup the network, New WAP Jitter, there is no simple fix and need to increase capacity Chops, stops breakup of signal.
Protecting Networks - Denial of Service - DoS
Overwhelm the server.
Data Center:SAN controller
Own special controller for Network Attached Storage. Allows connection over high speed cabling (FCoE, Fiber Channel, ICSI)
IXP (internet exchange point)
IXP physical infrastructure enables different Internet Service Providers (ISPs) to exchange Internet traffic between networks through mutual peering agreements .
Which of the following answers does not refer to the OSI TCP segment header?
Layer 3 header
The Transport Layer is which Layer in the Open Systems Architecture model?
Layer 4
Protecting Networks - Social Engineering - Eves Dropping
Listening to others and writing down the info.
nbstat -n
Lists Registered Name
Network Monitoring - SNMP - Cacti
Open Source SNMP app
No acces to Wireless Network
Open WiFi properties Shows all the info on Network. Changed Security -- Lose Connection have to login in again.
authoritative name server
DNS server designated by a name server record for the domain that holds a complete copy of zone records.
Temporary IPv6 address
Created for security easily supported by IPv6.
What is an I/G bit?
Determines whether a frame is addressed to an individual node (0) or group (1). The latter is used for multicast and broadcast.
Network Monitoring - SNMP - Managment Information Base (MIB)
Device specific Download MIB for each device
Which of the following answers provides the BEST example of two-factor authentication?
Smartcard and PIN
Protecting Networks - Firewalls - Host Firewall
Software Firewall
Protecting Networks - Malware - Trojan
Software that seems innocent.
MX Record
Special host record for a Mail Server.
What does a host use to know if the destination is on the local network or a remote network?
Subnet Mask - if the Network number is different then the host arps the defalut gateway to route the packet.
Disaster Recovery and Backup - Media - Local Backups
Tapes Hardrives Usually onsite
Forensics - Four Steps - Document Scene
Preserve state of equipment Find anything that needs to be inspected forenscically Take pictures or use video camera --Screen --Switches --Screens
Demarc
Seperates Telecom Company equipment from my equipment
Protecting Networks - Dmilitarized Zone (DMZ)
Seperates public from private hosts.
srv record
Server Record. There are many services. SRV records can be configured for any service.
Standard Business Documentation - SLA
Service Level Agreement -Between a customer and service provider -Scope, quality and terms of service to be provided. -- Denfinition of service provided --Equipment --Technical support
What is SMF
Single Mode Fiber
What type of fiber optic cable is suited for long distance links?
Single mode fiber (SMF).
SSO
Single sign-on. Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federated database for different operating systems.
10GBaseER
Single-Mode (laser) 1550nm 40 KM
10GBaseLR (Long Range)
Single-Mode 1310nm 10 Kilometers
SFP or SFP+
Small Form Factor Pluggable MSA Designed for smaller form factor connectors. Like and LC
110-Punchdown Tool
This tool is used to permanently connect wires to patch panels and RJ-45 wall jacks
What is TCP
Transmission Control Protocol - Trasport Layer Protocol. On top of IP
Data Center:HSRP (Hot Standby Router Protocol)
This is exclusive to Cisco and allows a default router address to be configured to be used in the event that the primary router fails.
ad hoc network
Type of wireless network where connected devices communicate directly with each other instead of over an established medium. Also called Independent Basic Service Set (IBSS).
The admin just added 462 Meter Run of fiber-optic cable to the network. What should be done next?
Update the wiring schematics
Licensing Restrictions
Usage Transfer Renewal
Key Exchange for https process
Use private key to encrypt the hash of the webpage 2. Attach digital sig to Public Key 3. Using public key, decrypt web page. 4.Has the page at the client if the hash matches, youo can be sure the keys are good.
Change Managment - Committee or Team
Used for changes that do not impact the whole infrastructure. Infrastructure level changes. Not Global Changes.
Elasticity
When demands are higher it gets bigger when demand diminishes it shrinks. Creates a new instance in a seperate VM
Forensics - Four Steps - Collect Evidence
When handling anything anything, document all evidence. -
Continuity
Wheather connected at all.
Bridging Loop
When two switches are connected to each other and the main switch.
When should you escalate a problem?
You might also escalate if you do not have authorization to perform the necessary changes or if the system is under some sort of warranty.
What does '8.3 micron core/125 microcladding single mode glass' refer to?
a single mode cable with an 8.3 Micron Core a 125 microcladding and it is glass.
Data Center:SDN Software Defined Networking
aims at separating the infrastructure (hardware) layer from the control layer -directly programmable from a central location, flexible, vendor neutral, based on open standards. -basically just "network virtualization"- allows data transmission paths, comm decision trees, flow control to be virtualized
A user has a system that is unable to connect to his file server on the network. Which of the following utilities should he run first to try to determine the problem?
ipconfig
Deployment Models - BYOD - Policy - MDM
(Mobile Device Management) a group of applications and/or technologies used to manage mobile devices. MDM tools can monitor mobile devices and ensure they are compliance with security policies.
A Wireless Controller Can Provide
- centralized authentication form wireless clients - load balancing - channel management - detection of rogue access points - wireless technology can be used to connect two different parts of a LAN or two separate LANs
Network Monitoring - SNMP -
-Apply an agent in the device and it becomes Managed Device -SNMP Manager on a system that becomes the Network Managment Station NMS UDP 162 if encrypted 10162 - Listening ports.
Troubleshooting steps
-Identify the problem -Establish a theory of probably cause -Test the theory to determine the cause -Establish a plan of action -Verify the solution -Document the solution
Which of the following statements apply to Peer-to-Peer (P2P) networking?
-In P2P networks, a network node can only request resources -Less stable and secure than client-server networking model -In P2P networks, each node can at the same time serve and request resources
How big is an IPv6 Address?
128 bit you can have 2 to the 128th power.
Which of the following TCP ports is used by the Internet Message Access Protocol (IMAP)?
143
Symptom - Web Page Not available - Error 105 net::ERR__NAME_NOT_RESOLVED
1; If website acessab le
802.11b
1st standard 11 mbs 2.4ghz DSSS 14 Channels US had 11 Channels Channels overlap. 1, 6 or 7 and 11 do not overlap
66 Punchdown Block
1st type of unshielded twisted pair patch panel. Made for phone lines.
DWDM (Dense Wavelength Division Multiplexing)
A multiplexing technology that uses light wavelengths to transmit data. 51.8 Mbps OC-1 line x150 signals = 7.6 Gbps
Layer 7 is the ____ Layer.
Application Layer
Which step has been omitted from the following list of activities related to identifying the problem? Gather information • Duplicate the problem, if possible • Question users • Identify symptoms • Determine if anything has changed
Approach multiple problems individually.
Authentication
Are you able to access the network via ID and Password?
Which type of clients connect to a VPN server using a Web browser without any specific client-based software, and are secured using TLS?
Clientless VPN clients
Points of Failure - Critical Assest - High Availabiltiy - Failover - Redundancy - Fault Tolerance - Clustering
Clustering -- Multiple servers that appear to user as one device. Share High speed network, data, stores applications and configured for redundancy if a single member of the cluster fails.
In the context of the OSI model, the term "Data encapsulation" is used to describe a process where each layer of the OSI model adds its own control information to the original data that is being passed across the layers from the physical layer up to the application layer.
False
True or False? A computer with a 10BASE-T Ethernet adapter cannot be joined to a 100BASE-T network.
False. Fast Ethernet is backwards-compatible with 10BASE-T (and Gigabit Ethernet is backwards-compatible with Fast Ethernet).
True or false? A bridge does not forward broadcast traffic.
False. Segments on different bridge ports are in separate collision domains but the same broadcast domain.
True or False? The CRC mechanism in Ethernet allows for the retransmission of damaged frames.
False. The CRC indicates only that a frame may be corrupt.
What is 1000 Base SX
Fiber - LED Multi-Mode Fiber Optic Cable 500 meters
What is 1000 BaseLX?
Fiber Laser Single Mode up to 5 Kilometers
Protecting Networks - MAC Spoofing
Fool the switch to think that you are one of the devices on the network. Gaining access.
Protecting Networks - Arp Poisining
Fooling hosts but not router into having them route to you. Confuses ARP cache.
What is a forward lookup zone?
Forward lookup zones are used to map a host name to an IP address.
What port configuration feature allows a server to smooth incoming traffic rates?
IEEE 802.3x flow control.
OSPF (Open Shortest Path First)
IGP, Link State Protocol, Lets other routers know the routes it takes. Uses Area IDs. One router is elected designated and backup designate in the same Area ID
What is used to protect the fiber optic cable from excessive bending or kinking when pulling the cable to install it?
Kevlar (Armaid) strands and sometimes fiverglass rods or strength members.
What is a KDC
Key Distribution Center. A special server service for Kerbros. When you setup a Windows Domain server it becomes a KDC.
How do I know that my public key is from a site I https to?
Key Exchange - Either public or private key can encrypt or decrypt.
Data Center:High Availability
Load Balancing - Make servers look like a single server. Balances usage Clustering - X number of servers, have own backend network servers sync all data, if on e goes down, another can take over. Active Active -Internet high availability FHRP First Hop Redundancy Protocol.
Protecting Networks - Password Attacks - Stopping Attack
Local Security Policy
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Cables
Lockdown systems for cabling Protected Distribution Systems
Protecting Networks - Physical Security - Smart Locker
Locks up items and use your phone app to open
Protecting Networks - CIA Protecting Data - CIA Protecting Data - Confidentiality
Making sure the data stays the same from souce to destination
Protecting Networks - CIA Protecting Data - CIA Protecting Data - Vulnerabilities
Malware Social Engineering Firewall misconfiguration Outdated Firmware
administrative distance (AD)
Metric determining the trustworthiness of routes derived from different routing protocols.
Port Mirroring
Mirrors data going through port to another port. #montior session 1 source interface fa0/22 #montior session 1 destination interface fa 0/23
DNS Troubleshooting
Misconfiguration: IPCONFIG/ALL Get DNS server IP Go to Network Connections. > NIC > IPV4 > PROPERTIES
Can I have moare than one DHCP Server in a Broadcast Domain?
No
Can I rename a VLAN to Joe's VLAN?
No VLANs always use a number.
Transparent Proxy
No client configuration. Grabs everything Must be inline
Protecting Networks - Defense in depth - Data
No user should be given rights that could bring down the system Seperation of duties installer different than uninstaller.
The accounting department just setup a 100 mb Ethernet network. To save costs, they decided to use Hubs instead of the more expnesive Switch. Is this a workable solution?
No, 100 mb Ethernet will not work on a Hub.
In the OSI model, the layer 3 PDU is known as:
Packet
Forensics - Four Steps - Collect Evidence - Chain of Custody
Paper trail of access or control of a given peice of evidence from the time brought into custody to the time it is resolved. -What you took under control -When you took it under control -What you did with the evidence -When and who you passed it onto the next person in line.
Data Center:MDF - Main distribution fram/Intermdieat Distribution Frame
Part of the documentation of your data center.
What does an Ethernet Frame consist of?
Preamble Destination MAC - 48BIT Source MAC - 48 BIT Datatype/Ethertype 2 BYTES Data:Min 64 Bytes Max 1522 Use Pad if not at 64Bytes FCS - Frame Check Sequence
Security Implications
Principle of least privelage. Limit permissons to only what someone needs. Cloud providers enable seperate crendentials. you to setup explicit limited permissions
What is an access control vestibule?
Secure entry system with two gateways, only one of which is open at any one time. Previously known as mantrap, though this terminology is now deprecated.
Network Operations - Security Policy
Statement of how the organization defines goals and motivations in terms of security
What are the IP Protocol types and Version number?
TCP/6 and UDP/17 work in the transport layer. Internet Control Message Protocol (ICMP/1) is used for status messaging and connectivity testing. Internet Group Messaging Protocol (IGMP/2) is used with multicasting. Generic Routing Encapsulation (GRE/47) is used to tunnel packets across an intermediate network. This is used (for example) in some virtual private network (VPN) implementations. Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51) are used with the encrypted form of IP (IPSec). Enhanced Interior Gateway Routing Protocol (EIGRP/88) and Open Shortest Path First (OSPF/89) are protocols used by routers to exchange information about paths to remote networks.
Disaster Recovery and Backup - Media - Cloud
Take up alot of time to get the backups going. Continous ongoing incremental backups
Protecting Networks - Social Engineering - Whaling
Targeting higher up people.
Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera's security concerns? (Select TWO)
The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network.
Which of the following are characteristics of a TCP connection when working with upper layer protocols?
The ability to segment data Delivery of data using error recovery methods
What two Services are built into the KDC
Ticket Granting Service and Authenticaton Server
Data Center:What are the three tiers to a Data Center
Tier 1, Core Layer Tier 2 Distribution /aggregation layer Tier 3 Access/edge layer
Distance
Time Domain Reflectometer (TDR)
Security Information and Event Managment (SIEM) - Aggregation
Time synchronization - All systems have to be in synch with time. Event de-Duplication - Same event from different devices. Normalization - Allows analysis tools to be more efficient by creating more tables. Logs - Put logs together WORM - Write Once Read Many Correlation - Alerts
Where would you normally connect a straight through cable from the uplink port of a switch?
To a regular port on another switch.
True or false? A managed switch should have auto MDI/MDI-X enabled by default.
True
True or false? The more subnets you have the less hosts are available?
True
Data Center:Rack Diagram
U Space and Device name and model.
What is 1000BaseCX?
Uses TwinAx at 25 meters.
Load balancing
Using multiple servers to provide the same data.
Data Center:Network Function Virutalization
Virtual Network Hardware
VPC
Virtual Private Cloud
Inter-VLAN Routing
a process for forwarding network traffic from one VLAN to another using a router
What makes up an IPv6 Link Local address?
fe80:0000:0000:0000 or fe80:: [4 grups generated by MAC address] Usin EUI-64 the 48 bit MAC Address is changed to the 2nd half of the number by - splitting the MAC and adding ff-fe between the split. -The 7th bit is flipped. For instance a 2a changes to 29. -the ff and fe are the last last 2 and first 2 of the associated numbers.
Platform as a Service (PaaS)
supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model. For Coding. Obsficates all the infrastructure. Access to software development platformwithotu the need to personally host it.
Write the command to use tcpdump to capture traffic from the IP address 172.16.16.254 on the interface eth0 and output the results to the file router.pcap.
tcpdump -i eth0 -w 'router.pcap' src host 172.16.16.254
Network Monitoring - SNMP - Versions
v1 - RFC 1157 - uses community strings (plain text) No Encryption v2c - RFCs 1901-1908 - uses community strings (plain text) encryption. Expanded Command set. v3 - RFCs 2273-2275 - authentication and encryption TLS. Robust
Data Center:Co-location
when a firm purchases or leases a Web server (and has total control over its operation) but locates the server in a vendor's physical facility. The vendor maintains the facility, communications lines, and the machinery
Deployment models: Corporate-owned, Business Only (COBO)
• The company owns the device • And controls the content on the device • The device is not for personal use • You'll need to buy your own device for home • Very specific security requirements • Not able to mix business with home use
ARP
A broadcast that needs a MAC for an IP address.
Forensics - Four Steps - Secure the Area
Be at the scene Block from prying eyes or disturbances Define area of scene
WDM (wavelength division multiplexing)
Bidirecitional wavelength division multiplexing or BWDM
OSI Physical Layer PDU is known as:
Bit
Types of EAPs
EAP pre-shared key (EAP PSK)-Common key Protected Extensible Authenticatio0n Protocol (PEAP) - Standard username and password. EAP-MD5 - Uses Hash EAP-TTLS - client and service need key Used in wireless networks
What routing algorithm does OSPF (Open Shortest Path First) use?
EIGRP Enhanced Intereior Gateway Routing Protocol Link-State Routing Protocol. To converge, sends out LSAs
Shielded Twisted-Pair (STP) cabling reduces what kind of interference?
EMI
What is needed to install a wireless network?
Floor Plan Analyze area Antenna Placment
10GBaseSW, 10GBaseEW, 10GbaseLW
For working on SONET
What 2 kinds of proxy servers are there
Forward and reverse
What is the primary defining characteristic of a loopback interface?
It is always on.
Protecting Networks - Malware - Trojan - Remote Access Trojan
Remote actions
Deployment Models - BYOD - Policy - Offboarding
Removal of data Deleting proprietary apps
In the OSI model, the layer 4 TCP PDU is known as:
Segment
Protecting Networks - Password Attacks - Brute Force
Submits every possible letter combination
UDP Port 69
TFTP (Trivial File Transfer Protocol)
Which is faster FTP or TFTP
TFTP uses UDP which has lower overhead than TCP.
Protecting Networks - CIA Protecting Data - CIA Protecting Data - Exploits
Take advantage of a Vulnerability -Spoofing - Remote macine acts like a node on your network -Accessing with default password
Policy vs. Procedure
policy are the rules Goals and Aims procedure is how you do it.
How is the IP of 192.168.4.6 show that it is on a 16 bit submask?
192.168.4.6/16
LTE
300 mbs up, 75 mbs down. Nano SIM
Which of the answers listed below refer(s) to the characteristic feature(s) of Category 5 (Cat 5) cabling? (Select all that apply)
-100 Mbps transfer rate over 2 cable pairs (100BASE-T networks) -1 Gbps transfer rate over all 4 cable pairs (1000BASE-T networks) -100-meter cable segment length -Twisted-pair copper cabling -RJ45 connector
Load Balancing
-Load balancer can communicate to servers. -Can be a certificate server -Can be configured as cleint-side or server-side high availability. -Routes by configured list (Round Robin) or least response time. -Server Side uses sophisticated device in server.
Which of the following answers can be used to describe client-server architecture?
-More stable and secure than peer-to-peer architecture -Centralized network type -Less reliable than peer-to-peer architecture
Which of the following answers can be used to describe the characteristics of ring topology?
-Network nodes are daisy-chained in a closed loop -Data is passed through each intermediate node until the receiver node is reached -Each network node connects to exactly two other nodes
Disaster Recovery and Backup - Disaster Recovery Plan - Two Data Types - State
-Once restored when will the device or directory become usable in the system.
Protecting Networks - Denial of Service - DoS - Attacks - Volumemetric Attack
-Ping Flood -UDP Flood -Routers designed to keep this from happening.
Which of the following answers refer(s) to mGRE?
-Point-to-multipoint network links -Tunneling protocol -Enables delivery of various data packet types over the same network link -Used in Dynamic Multipoint VPN (DMVPN)
Business Continuity Plan - Order of Restoration
-Power -Wired Lan running -ISP Link -- Routers ok -Active directory -Sales and accounting workstations -Production -Wireless access -Peripherals, printers etc.
Protecting Networks - Network Hardening - Port Security - DHCP Snooping -Setup
-Snoop based on VLAN -Interface Configuration for Trust to Port for DHCP Server -Static Bindings - Static IP for each MAC
Which of the following answers refer(s) to the characteristic features of MPLS?
-Used for connecting devices on a WAN -Unencrypted network traffic -Enables sending packets over a single, faster network path (routing decisions based on labels) -Enables delivery of various data packet types over the same network link
Business Risk Assessment - Process Assesment Two Types
-Vendor Assessment How does Vendor handle security? -Process Assessment Codifies and Ranks essential process and examines the likelyhood of a weakness in the process.
C (this might be written 0xC for clarity). Values above 9 are expressed as letters (10=A, 11=B, 12=C).
0xAB. To work this out, divide 171 by 16 (144) and write the remainder (11) as the least significant hex digit (B). Note that the quotient 10 (the integer part of the sum, where 171/16=10.6875) is less than 16. Convert the quotient to hex (10=A) to derive the second hex digit and complete the conversion.
Slow or poor connection issues.
1. Attenuation - Degrading signal over distance. 2. Jitter - VOIP & Video j- Increase throughput, increase speed., buffering. 3. Incorrect cable type- Patch cable rating difference. Switch speed light keeps trying to negotiate. Keep good invetory
kerberos process
1. Client sends hash with username and password 2. The Authentication service sends back to the client a TGT which is time stamped. 3. Client sends TGT over to TGS (Ticket Granting Service) 4. TGT timestamps a token and sends it back to the client 5. Token is used to communciate to resources over the network.
Protecting Networks - Two steps to Man in the middle/on path attacks
1. Get in the stream 2. Get the data
Windows DNS Process
1. If in domain will go to domain controller 2.Uses DNS Server on Domain Controller
Which Ethernet standard works at 100 Mbps over Cat 5 or better copper cable?
100BASE-TX
What superceded 100BaseT4?
100BaseTX
Which fiber Ethernet standard is best suited to implementing backbone cabling that does not exceed 200 m (656 feet) and can achieve at least 4 Gbps throughput?
10GBASE-SR.
Which types of distribution frame are best suited to 100 MHz or better operation?
110, BIX, and Krone blocks.
With a /25 subnets
126 Hosts
What does a Class B start with and what is its whack?
128 /16
How do you convert binary to decimal?
128 64 32 16 8 4 2 1
What does a Class A start with and what is its whack?
160 /8
Multi-Mode has how many connectors?
2
What was the distance between a hub and node allowed for 100BaseFX?
2 kilometers using multimode fiber.
How do I know what the number of subnets will be?
2 to the number of remaining host bits after the whack. Take 2 away for Network number and Broadcast
What is the subnet mask of 192.168.4.6/16
255.255.0.0
If you are provided with an ip address block of 192.104.32.0 /24 How many hosts can you use?
256 Total, 254 Usable. Always one for broadcast and one for switch/routing.
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps?
802.11a
Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps?
802.11ac
What has the slowest maximum wireless speed?
802.11b was before 802.11a
Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps
802.11g
Whart is a lose format Buffer?
A Fiber Optic protective plastic coating that has a form of lubricant between the strand and the sheath. The buffer may take the form of a miniature conduit, contained within the cable and called a "loose buffer"
PPTP (Point-to-Point Tunneling Protocol)
A Microsoft VPN layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets and uses the same authentication methods as PPP.
Data Center:Virtual Router Redundancy Protocol (VRRP)
A TCP/IP RFC protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails.
What provides an increase in speed over a MMF LED based fiber cable?
A VCSEL is not as powerful as the solid-state lasers used for SMF, but it supports higher modulation (transmitting light pulses rapidly) than LED-based optics.
IKEv2 (Internet Key Exchange version 2)
A VPN encryption protocol that handles request and response actions. It makes sure the traffic is secure by establishing and handling the SA (Security Association) attribute within an authentication suite.
CDMA (Code Division Multiple Access)
A cellular standard that uses spread-spectrum technology, in which a signal is spread over a wide bandwidth so that multiple users can occupy the same channel. A cellular device on a CDMA network does not require a SIM card because, on a CDMA network, devices are compared against a white list, which is a database of subscribers that contains information on their subscriptions with the provider. Not compatible with GSM.
Remote Terminal Unit (RTU)
A device installed at a key location in an industrial system, which can sense attributes of the physical system and convert this analog data to digital data.
PoE injector (power over ethernet)
A device that adds power to an Ethernet cable so the cable can provide power to a device.
wireless range extender
A device that amplifies your wireless signal to get it out to parts of your home that are experiencing poor connectivity.
Actuator
A device to produce physical movement based on output from a computer system.
Patch Antenna
A directional antenna that has a planar surface and is usually mounted on a wall or column.
What type of address is used by the switch to forward transmissions to the appropriate host?
A media access control (MAC) address. This is a layer 2 address. It is also referred to as a hardware or physical address.
Neighbor Solicitation (NS)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask a neighbor to reply with a Neighbor Advertisement, which lists the neighbor's MAC address.
Router Solicitation (RS)
A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask any routers on the link to reply, identifying the router, plus other configuration settings (prefixes and prefix lengths).
ICMP v6
A multicast protocol used to send Neighbor Solicitation and Neighbor Discovery messages.
ICS (Industrial Control System)
A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).
Medianet
A network that has been optimized for media transmissions.
Mesh Network
A network that uses multiple access points to link a series of devices that speak to each other to form a network connection across a large area.
What type of distribution frame is best suited to cabling wall ports to Ethernet switches in way that best supports futures changes?
A patch panel allows wall ports to be connected to switches via patch cords. If a switch is replaced or if a wall port needs to be connected to a different switch port, the change can be made easily by moving a patch cord.
What is Wireshark?
A protocol analyzer
IGMP (Internet Group Management Protocol)
A protocol in the TCP /IP suite that supports multicasting in a routed environment.
What is ICMP (Internet Control Message Protocol)?
A protocol that gets application data from one machine to another in a connectionless environment
Neighbor Discovery Protocol (NDP)
A protocol that is part of the IPv6 protocol suite, used to discover and exchange information about devices on the same subnet (neighbors). In particular, it replaces the IPv4 ARP protocol.
What tool is used to terminate wiring at a 110 block?
A punchdown tool is used to connect wires via insulation displacement connectors (IDCs). You must use a suitable blade for the IDC format (110, Krone, or BIX).
Smartjack (sometimes called NIU, Network interface unit)
A remote-line diagnostic device placed at the joining point between an ISP's line and customer's on-premises wiring
When more than one switch is connected what happens?
A root bridge is established.
Gateway Router
A router that acts as a default gateway in a TCP/IP network.
TKIP (Temporal Key Integrity Protocol)
A security protocol created by the IEEE 802.11i task group to replace WEP. WPA
ICS Server
A server in an ICS or SCADA system that might include an acquisitions server, which collects and stores raw data, a supervisory server, which controls the physical system, or a historian, which is a centralized database of collected and analyzed data and control activities.
Points of Failure
A single point of failure is one system that, if it fails, will bring down an entire process, workflow, or the whole organization.
PLC (Programmable Logic Controller)
A solid-state control system that has a user-programmable memory to store instructions.
ESSID (extended service set identifier)
A special identifier shared by BSSs that belong to the same ESS. A Basic Service Set (BSS) forms an ad hoc self-contained network with station-to-station traffic flowing directly, receiving data transmitted by another station, and only filtering traffic based on the MAC address of the receiver. An extended service set (ESS) is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point.
Enhanced Data Rates for GSM Evolution (EDGE)
A technology that does not fit neatly into the 2G/3G/4G spectrum. It is technically considered pre-3G but was an improvement on GSM (2G)
What is an AUP
Acceptable use policy (AUP)—An AUP defines acceptable use of systems. It identifies what a user can and cannot do on a system. It is sometimes referred to as Rules of Behavior
Protecting Networks - Malware - Backdoor
Access an application through the programmers backdoor.
Wireless MAC ACL
Access control based on MAC Addresses
Protecting Networks - VLAN Hopping - VLAN Spoofing
Act as a switch in order to trick a legitmate switch to create a trunk link betwqeen them. Happens when a switch is configured to negotiate a trunk. Dynamic Desired, Dynamic Auto or Trunk Mode
Passive vs Active ports in LACP
Active - sends LACP traffic Passive waits to hear port sending LACP traffic. You can have Passive/Active and Active/Active you cannot have Passive/Passive
Network Monitoring
Activities that use tools to observe network performance in an effort to minimize the impact of incidents.
Protecting Networks - VLAN Hopping - Double Tagging
Add or modify tags on a frame to send them to any VLAN. Attacker has to belong to the native VLAN of the trunk. Most switches strip off tag. This exploit puts attacker tag in outer frame and victims tag inner on switch 1. Attacker tag gets stripped, victims remains to be sent to switch two to his VLAN. One directional attack.
Routing Table At least has 4 pieces of information which are...
Address Subnet Gateway Interface
Protecting Networks - Network Hardening - Control Plane Policing
Adjust QoS features to protect against DoS Throttle traffic of protocols
At what layer of the OSI model does a fiber distribution panel work?
All types of distribution frames work at the physical layer (layer 1).
Deployment Models - BYOD - Policy
Allow users to use their device on a campus or company network.
MAC Address Clone
Allow you to use router on your cable modem network. Cable modem thinks the router is a pc.
Deployment models: Choose Your Own Device (CYOD)
Also like COBO but user can choose device.
What is the measurement standard for wire thickness?
American Wire Gauge (AWG).
Network Monitoring - System Monitoring - Packet Drops
Amount of packets a device cannot handle. Buffer Overflows.
Active IDS
An IDS that detects a security breach according to the parameters it has been configured with, logs the activity, and then takes the appropriate action to block the user from the suspicious activity.
Encapsulating Security Payload (ESP)
An IPsec protocol that provides authentication, integrity, and encryption services.
Protecting Networks - Downgrade Attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
Coarse Wavelength Division Multiplexing (CWDM)
An optical multiplexing technology in which a few signals of different optical wavelength could be combined to travel a fairly short distance. 60 KM, Simpler than DWDM Higher end lans with 10BaseGLX Lower cost than competitors.
Dense wavelength division multiplexing (DWDM)
An optical multiplexing technology in which a large number of optical signals of different optical wavelength could be combined to travel over relatively long fiber cables.
A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?
Analyze packet captures.
A network designer wants to run a 10 gigabit backbone between two switches in buildings that are 75 m (246 feet) apart. What is the main consideration when selecting an appropriate copper cable?
At that distance, some type of shielded or screened cat 6A or better cable is required for the installation to be compliant with Ethernet standard 10GBASE-T.
What is Availability?
Balance confidentality tools and integrity are balanced so they will be used. Is this ready to go?
RADIUS is AAA
Authentication, authorizes and accounting
MDI-X Auto-Sensing or Auto-:MDI-X
Automatically detects the cable type to perform switch to switch communication. No need to create a cross-over cable.
Disaster Recovery and Backup - MTTR (mean time to repair)
Average length of time required to perform a repair on the device
Deployment Models - BYOD - Policy
Challenges: Personal Use vs Company Use MDM Must manage from anywher Personal data vs Comany Data
New Switch
Change default password Save Configuration
Risk Managment - Other elements
Changes in Laws Natural Disasters Personal Disasters - Death or disablement of key corporate personell
What can indicate high tempertures of a server
Chassis sensor
What is a benefit of DWDM?
Cheaper to repalce old Sonic OCX equipment and lines. Long distance line.
Protecting Networks - Rouge DHCP
Check ipconfig /all and check IP Range based on gateway and your IP -Know network ID -Know IP Address Disable unused wall plate ports.
Data Center:Audit and Assesment reports
Checking on parts of Network
Which cable type consists of a single core made of solid copper surrounded by insulation, a braided metal shielding, and an outer cover?
Coax or Coaxial
What is an ACL?
Collection oa access control entries or ACEs that determines which subjects (user accounts, host IP addresses and so on) are allowed or denied access to the object and the prvileges given (read only, read/write, and so on.
Protecting Networks - Social Engineering -
Convince someone to give you information.
What elements are used to specify Fiber-Optic Cables?
Core size/Cladding size/Mode/Compoisition glass or plastic
What are the 3 layers in a Fiber Optic Cable?
Core, Claddiing and Jacket or Buffer.
Brienne, an administrator, attempts to connect a laptop to a server with a length of CAT5 cable that has RJ-45 connectors on each end. She verified the IP settings as correct, but the two computers still cannot connect. Which of the following would MOST likely fix the connectivity problem?
Crossover Cable. It is direct to a server. Wire pairs 1/2 and 3/6 need to be swapped on one end of the connecting cables.
What is CPE?
Customer Premises Equipment
Example of Load Balancing
DNS Server does round robing Puts all servers in a zone.
Which OSI layer packages bits of data from the Physical layer into frames?
Data Link.
Data VLAN vs Voice VLAN
Data VLAN is traditional VLAN Voice is prioritized over Data Voice uses MAC Addresses or VLAN Tags
What applies to data as it travels from Layer 1 to Layer 7 of the OSI model?
Decapsulation. Stuff gets stripped as it gets to the application level.
What is crosstalk measured in?
Decibels.
VPN concentator/headend
Dedicated device that acts a s the endpoint to a network.
Which of the following answers can be used to describe leased-line connections?
Dedicated, point-to-point, always-on connections Typically used by businesses and organizations WAN links
Protecting Networks - Firewalls - DPI
Deep Packet Inspection or Application or Context aware running at Layer 7
Network Operations - Security Policy - Acceptable Use Policy
Define Ownership Web Site Access Access time - Time of Day
Protecting Networks - Physical Security - Physical Controls - Deterrent Controls
Designed to prevent badguys from getting into physical infrastructure Lighting Signage Guards
Routing Packet contents
Destination and Source IP, Destination Port and Source Port number. Sequence number and data
auditing
Detailed and specific evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported to ensure that the target of the audit is in compliance with the organization's policies, regulations, and legal responsibilities. Also called audit report.
Subnetting
Dives Network IDs into two or more networks
Protecting Networks - VLAN Hopping - Double Tagging - Fix
Do not use native VLAN1. Should be 1 port only for maintenance.
MAN Metro Ethernet/Optical
Does not use internet. Lower Cost for MPLS or SD WAN Network. No Security
What is a DNS DKIM record?
Domain Key Identified Mail - it stores the public key the receiving mail server will use to verify a message's signature to verify no change to the message has occured.
What is the benefit of port mirroring?
Enables administrators to inspect traffic remotely.
What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?
Evil Twin
What if a device has a 164.254 apipa address and some systems sometimes have the same problem.
Exhausted scope.
EGP
Exterior Gateway Protocol. Outside of Autonomus system. Border Gateway Protocol. Used between AS (Autonomus Systems)
Proxy is Application Specific
FTP Proxy Web Proxy VoIP Proxy
Protecting Networks - System Life Cycle - Asset disposal - Switches
Factory Reset
True or False? The Session layer is responsible for passing data to the Network layer at the lower bound and the Presentation layer at the upper bound.
False. The Session layer is between the Transport and Presentation layers.
True or False? Devices can only transmit on an Ethernet network when the media is clear, and the opportunity to transmit becomes less frequent as more devices are added. Also, the probability of collisions increases. These problems can be overcome by installing a hub.
False. The description of the problem is true, but the solution is not. This issue is resolved by using a bridge or (more likely these days) a switch.
True or False? Documentation should be created only at the end of the troubleshooting process.
False. The last step of the methodology is to ensure that findings, actions, and outcomes are documented, but you cannot do this effectively without existing notes. Most troubleshooting takes place within a ticket system. Ideally, a documented job ticket would be opened at the start of recording the incident.
True or False? Cat standards apply only to wiring.
False—Connectors and interconnects are also rated to cat standards.
Unmanaged Switch
Fewer configuration options than managed switch Must be on same subnet Change default password
What Layer 1, Physical Layer cabling would you use fo long-distance telecommunications networks and for reliable, high-speed networking within datacenters.
Fiber Optic
angled physical contact (APC)
Fiber optic connector finishing type that uses an angled polish for the ferrule.
Protecting Networks - Dmilitarized Zone (DMZ)
Firewall and Router routes incomming traffic to one of the two networks, Public to web site, private if packet is destined to LAN.
Forensics
First Responder Person who is notified of a computer crime -Determine severity of cituation -Collecting information -Documenting findings and actions -Providing necessary information to the proper authorities.
Protecting Networks - Defense in Depth - Perimeter
First line of defense -Vulnerability -Honey Pot = Host that entices attckers by showing a vulnerability. -Honeynet =Collection of Honeypots
Patching - OS Updates - Drivers
Fix incomatibility issue New Features Bug fix.
Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?
Flash the router firmware.
Disaster Recovery and Backup - Methods
Full Backups = Everything
Protecting Networks - URL Hijacking: Typosquatting/Brandjacking
Getting a domain name that is close to the url desired. gogle vs google.
Protecting Networks - Social Engineering - Tailgating/piggybacking
Getting through the locked door following someone before it shuts to gain entry.
Datra Center:Site Survey
Gives physical location information, flood info, power etc.
Which of the following protocols reside(s) at the application layer of the OSI model? (Select all that apply)
HTTP, FTP, SMTP
Protecting Networks - CIA Protecting Data - CIA Protecting Data - External Threats
Hackers Poor Physical Security Outdated Software
Authoratative DNS Server
Has local information about its hosts. Does not need to reachout to a different DNS Server
Network Monitoring - System Monitoring - File Integrity
Hash values alert you
Authorization
Here is what you can do once Authenticated
Data Center:Fiber Channel needs what on the host?
Host Bus Adapter
IPV6 AAAA Record
Host record related to IPv6 address.
Network Troubleshooting Methodology
Identify Problem Question Users symptoms Changes Establish a theory of Probable Cause (Use the layers,) Test theory Establish a plan of action Implement and test the solution Verify if the problem is fixed Implement preventative Measures Document findings, actions and outcomes
Sam calls in complaining that "the Internet is down," which probably means his computer has lost it's network connection. What should you do first to begin troubleshooting this problem?
Identify affected areas of the network.
Troubleshooting Steps
Identify the problem: Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. Establish a theory of probable cause: Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model. Divide and conquer. Test the theory to determine cause: Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, reestablish new theory or escalate. Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality, and if applicable, implement preventive measures. Document findings, actions, and outcomes.
What is the first thing you should do when identfying a problem?
Identify the scope of the problem
Risk Managment - Security Assesment - Vulnerability Assessment
Identify weaknesses that can be avoided. Outdated software Not patched in long time Poor physical security No strong policies put in place.
A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?
If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address.
Cable Certifier
If you are working with existing cable and want to determine its category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can use a cable certifier.
802.11 Jammer
Illegal in US.
Change Managment Maintennace Window
Impacted users may expierience down time, may need substitute work stations or locations during the window.
IPS
Intrusion prevention system - Also does function of IDS but will take action, like Active IDS only in-band actively stops for rejects.
Protecting Networks - Dmilitarized Zone (DMZ) - Honey Pot
Invites attacks to capture information. Honeynet does it for a network.
What is a bidi MSA transciever?
It allows single mode, multi-colored lasers to be interfaced to an Ethernet switch.
Protecting Networks - Malware - Mitigating
Keep antivirus up to date Educate users
Hardening IOT items
Keep firmware up to date, implememt physical security, applying internal security options.
Why is it good to setup seperate crendtials for each use.
Keep track of what the credential can do. Restrict damage from what a compromised credential can do Revoke a singal credential if it becomes compromised without shutting down other single use services.
Kerbros/EAP
Kerberos - Authentication for LAN networks. Created for Wired networks.
Which of the following standards is used by Windows for client authentication?
Kerberos - WINDOWS is the key word here.
MPLS description
Lable-Unique Identifier, Exp Bits-Realitive Value for priorotizing, Bottom of Label Stack - Single bit value for initial label. TTL
SCADA (supervisory control and data acquisition)
Large-scale, industrial-control systems. Longer distance
What is LOMMF?
Laser Optimized MMF. Same as VCSEL.
Change Managment - Documentation
Last Step Network Diagrams Floor Plans
Satellite Latency
Latency caused by distance of Satellite.
What Layer does a VLAN Work on?
Layer 2
Virtual Switch is at what layer?
Layer 2. Each NIC in a virtual environment gets its own MAC
Network Operations - Security Policy - Saftey Policy
Lifting equipment Equipment Handling Spills
Protecting Networks - Network Hardening - Port Security - DHCP Snooping
Like DAI, Share same Database as DAI List of MAC Addresses of DHCP servers and clients.
What is Link State when refeering to routing?
Link state dynamic protocol routers advertise. If diffrence detected then routing tables are changed.
At Vista Windows uses LLMNR
Linked Local Multicast Name Resolution. UDP 53,55 Improved name resolve service.
Disaster Recovery and Backup - Methods - File Attribute
Linux - stat Windows attrib
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Log Files
List who was in.
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Locks
Locks - Key Managment Inventory of all keys
Cloud provider's reporting
Log, Monitor and fire alerts based on account activity and changes to resources.
Protecting Networks - CIA Protecting Data - CIA Protecting Data - Availability
Make sure the authorized people can get to the Data.
Protecting Networks - Password Attacks - Stopping Attacks
Make sure there is a password policy in effect. Brute force and Dictionary Train users best way.
Certificate types
Make your own certificate known as Unsigned certificate. Web of Trust and PKI
Benefit of IPv6 Aggregation
Makes IPv6 Faster than IPv4 Lower latency
Network Operations - Change Managment
Making sure that everyone on Network is aware of changes to the network.
Protecting Networks - CIA Protecting Data - Confidentiality
Making sure that only the people that need the data have access to it. Tools: -Encryption -Pricipal of Least Privelage
Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Man Trap
Man Trap
Protecting Networks - Vulnerbilities - Zero Day - Exploit
Method to attack systems with previously unidentified vulnerability
Data Center:Cost of entry to SAN
Minimum is around 50k.
Points of Failure - Critical Assest - High Availabiltiy
Network keeps working with no downtime or interruption
Reverse Lookup Zone
Network ID Backwards. If there is an IP address, looks for the FQDN in.addr.apra
What are the 3 components of a Subnet Address?
Network ID, Subnet ID and Host ID
Network Operations - Forensics
Network Tech is a first responder. Need to know your Incident Response
Protecting Networks - Defense in depth - Networking layer
Network segmentation enforcement Network access control -Limit communication between resources. -Deny by default. -Restrict inbound internet access and limit outbound, where appropriate. -Implement secure connectivity to on-premises networks.
You have selected an SFP+ 1310 nm Tx and 1490 nm Rx transceiver to implement a BiDi link between two switches. Should you provision a second SFP+ 1310 nm Tx and 1490 nm Rx for the other switch?
No, you need an SFP+ module with 1490 nm Tx and 1310 nm Rx.
Network Operations - Documentation
Non-Disclosure (NDA) Memorandum of Understanding (MOU) Bring Your Own Device (BYOD) Statement of Work (SOW)
What are the severity levels and the range?
OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.
What grade of SMF Fiber optic cable is used indoors?
OS1
What Grade of SMF Fiber optic cable is used outdoors?
OS2
What is the order of colors for the 568B standard?
OW Or GrW Blu BluW G BrW Br
Toredo Tunneling
Older version of tunneling. Free Lets you go from IPv4 to IPv6
When can you use double colons? :: for two consecutive strings of 0s?
Once in an IPV6 number
Video Confrencing
One Way enables meeting between geographically separated people who use a network such as the internet to transmit video/audio
Patch Panel
One end of Horizontal Run
What are the two addresses in IPv6?
One is Link Local and the other is the Internet address
UC gateway
One of three components of a UC network, it is an edge device used to add extra services to an edge router.
UC Server
One of three components of a UC network, it is typically a dedicated box that supports any UC-provided service.
UC Device
One of three components of a UC network, it is used to handle voice, video, and more.
Greenfield mode (mode 0)
Only 802.11n devices can talk
Why was PAP replaced by CHAP for PPP connections?
PAP sent usernames in the clear.
What is Port Address Translation (PAT)
PAT is a function that allows multiple users within a private network to make use of a minimal number of IP addresses. Its basic function is to share a single IP public address between multiple clients who need to use the Internet publicly. It is an extension of network address translation (NAT).
What are 3 transporting options through a VPN
PPTP 1723 IPSec 500 4500 SSL 443
Data Center:What is a SAN Pod?
Pods consist of one rack with multiple servers connected to one top-of-rack switch (or two for redundancy)
PTR
Pointer Record to Mail Server in Reverse Loookup Zone
PTR
Pointer record, points to
Network Monitoring - Documenting Logs - Windoes Event Viewer
Popular for Windows.
Protecting Networks - Malware - Adware
Populates screen with ads. Use Alt F4 to close. Not x
What port does NTP use?
Port 123
The FTP's Control Connection for administering a session is established through:
Port 21
UC Ports MGCP Media Gateway Control Protocol
Port 2427 and 2727
STARTTLS Now
Port 587
You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their laptop to that same switch port. Which of the following security features would BEST accomplish this goal?
Port Security
PKI
Public Key Infrastructure - Uses hierarchiacal structure with root servers
Data Center:What does SAN provide?
Redundancy, Power and Saftey.
Scalability
Refers to how well a system can adapt to increased demands in cloud.
Slow Down Tools
Resource Monitor Check properties of Wireless NIC
Unmanaged Switch
Retail Store version of switch GUI Interface IP on Bottom
Protecting Networks - Physical Security - Detection Methods - Bio Metrics
Retinal/Iris Scanner Cell phone - Fingerprints, Voice, Face
You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client's requirements?
Ring
Network Operations
Risk Managment Documentation Training Contingency Planning Multi-Device Policies
Risk Managment - Security Assesment - Vulnerability Assessment - Posture Assessment
Risk Posture Threat factors Map of overall Security for the network.
Patching - Firmware
Risky updates Can Brick device Applies to many devices
DHCP Snooping is what?
Root Bridge is configured with a specific port to allow access to the DHCP server. If another DHCP server gets on another port, the port is disabled.
What is a distance vector?
Rotung protocols for sharing Router information. Sends entire routing table to other routers.
A router has not been configured properly, and as a result, packets are not reaching their destination. What could be the cause of this?
Route Mismatch
Which device forwards frames between Networks
Router
Home routers are four devices in one. List them.
Router Switch Wireless Access Point DHCP Server
Protecting Networks - Network Hardening - Port Security - Router Advertisement (RA) - Mitigating
Router Advertising Guard. Prtects against rogue advertisements
Protecting Networks - Dmilitarized Zone (DMZ) -Bastion Host
Router that is exposed to public internet. Treat and use a seperate router for local network.
What are 3 componets of the Network Layer
Router, IP Address, Packet
RIP
Routing Internet Protocol Dynamic Routing Protocols, Counts hops to destination and removes the route with more hops from the router table. Rip is limited to 15 hops. Rip is a distance Vector Protocol
To provide encryption on a tunnel you can do what?
Run the data from the computer through an encryption app then to the tunnel. Piggy backing.
Data Center:Network Attached Storage
Runs tight operating system Linux is common Runs over regular network Shows up as normal drive
What type of connector is shown in this picture?:
SC or Subscriber Connector. It is a push/pull design for quick insertion and removal. Used for single or multi-mode. Common for Gigabit Ethernet
Which of the following answers refers to a solution that simplifies large network infrastructure management through the use of software?
SDWAN
2nd Generation MSA was the
SFP - Small Form-factor pluggable. SFP+ is an improved version.
SSTP
Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL over port 443.
Forensics responsibility
Secure state of media -Remove all doubt of unintentional or intentional
Forensics - Four Steps
Secure the area Document the scene Collect evidence Interface with authorities.
Network Operations - Risk Managment
Security Risk Business Risk
abnormal warnings of high error rate or utilization might signify what?
Security breaches ofr broken equipment.
Authentication and authorization take place at the:
Session Layer
Which OSI layer assumes the responsibility for opening, closing, and maintaining connections between applications?
Session Layer
Web of Trust Certificate
Several members of web of trust provide trust. Takes lots of maintenance.
A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?
Shared Secret mismatch.
Dotted Decimal Notation
Shorthand used reprsent 32 bits. There are 256 combinations 0-255
Protecting Networks - Social Engineering - Dumptser Diving
Shred documents
antenna cable attenuation
Signal loss caused by an external antenna connected to an access point over cabling.
Protecting Networks - Social Engineering - Shoulder Surfing
Someone looks over your shoulder. Get privacy filter on your monitor Be aware.
MFA Attriubutes
Something you do. Something you exhibit Someone you know - Trust Somewhere you are
Which of the following answers refer to the OSI layer 2 header data? (Select 2 answers)
Source and Destination MAC
STP
Spanning Tree Protocol Sends Bridge protocol data units to let the other switches know which switch is the lead.
antenna type
Specially arranged metal wires that can send and receive radio signals, typically implemented as either an omnidirectional or a unidirectional type.
TIA Standards
Specifies wiring standards for structured cabling.
A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?
Split horizon or split view DNS
Protecting Networks - Wired Man in the Middle - Get in the Middle
Spoofing -Spoof MAC -IP Spoof -DNS Spoof
Points of Failure - Critical Assest - High Availabiltiy - Failover - Redundancy - Fault Tolerance - Load Balancing
Spread data amoungst multiple devices before reaching centralized location.
A small business has Internet service that provides three static IP addresses. The customer has assigned one of the static addresses to a Web server that he wants to make available on the public Internet. The server is on-premises on the private side of a router. What service on the router can enable the public to access the Web site from one of the static IP addresses?
Static NAT Static Network Address Translation - Sends specific traffic to one Internal address.
What 2 ways can a switch learn a MAC Address and the port it is on?
Statically or dynamically
What are two ways to load the CAM in a switch?
Statically or dynamically. Statically, the MAC and port are entered manually. Dyanmically, the switch senses the MAC. In an empty table, the first MAC is broadcast to the domain, when the second MAC sends back the packet to the first MAC, its address is added to the CAM. These two ports are then left out of the broadcast when this occurs again until all ports have a CAM entry.
What is used to protect a Fiberoptic Cable from rodents gnawing throught the cable?
Steel shield or armor.
Data Center:SAN
Storage Area Network. A specialized network of high-speed storage devices. Block level.
Patch Cable- Stranded or Solid Core
Stranded
What is the highest strata?
Stratum 0 - Atomic Clocks, GPS System Stratum 1 - Servers that synchronize to within a few milliseconds of Stratum 0 Stratum 2 Clients - Sligghtly less synchronized that 1 Strtum 3 Clients- Slightly less synchonized than 2 There are 15 Strata
Protecting Networks - System Life Cycle - Asset disposal - Hard Drives
Strong Magnet Shred
Points of Failure - Critical Asset
Stystems needed to maintain production.
How does STP elect the Root Bridge?
Switch with lowest Bridge ID, which is the Bridge Priority value + Mac Address. Packed in a Bridge Protocol data unit. BPDU
Switch Port Protection
Switches do not have IP addresses. They work at Layer 2.
UC Ports SIP Session Initiation Protocol
TCP Ports 5060 and 5061
UC Ports H.323 ITU Protocol for Switching audio
TCP port 1720
Which of the following ports is used by HTTPS?
TCP port 443
What Layer does ICMP work at?
TCP/IP model Layer 3 OSI Model Layer 3 (Network)
Network Monitoring - SNMP - Trap
TCP/UDP 162 Setup on device Sends info to NMS
The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server's availability in the future. Which of the following recommendations would BEST increase the server's availability based on your experience with this UPS battery replacement?
The BEST recommendation would be to install a redundant power supply in the server.
On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?
The switch must be configured to mirror traffic to the sniffer's port.
Protecting Networks - Social Engineering - Mitigation
Train the users.
What are the characteristics of S/FTP cable?
This is a twisted pair type of copper cable using a braided outer screen and foil shielding for each pair to reduce interference.
Something has changed and now no one within the organization can access the Internet. The ISP has checked everything beyond the demark and found no problems. Which are likely culprits for the outage?
Throttling Policy Customer-Premises equipment Router Configurations
Data Center:FreeNaS
Tool to setup network storage.
Data Center:Floor Plan
Top Down view of Data Center
Data Center:Access/Ege
Top-of-Rack switches server only servers on the one particular rack.
Which three means of establishing a theory of probable cause refer to the OSI model?
Top-to-bottom\ bottom-to-top OSI model. Divide and conquer.
asymmetrical routing
Topology where the return path is different to the forward path.
Protecting Networks - Malware - Spyware
Tracks thing. Key logger Software key logger Hardware key logger - plugs into USB
Voltage Monitor
Tracks voltage over time to check for electrical issues.
Data Center:Southbound traffic
Traffic coming into the datacenter.
SD-WAN - software-defined wide area network
Traffic over the internet. MPLS Features with security. Abstracted, centralized control of networking devices that manage network functions across a diverse infrastructure.
Network Monitoring - Zabbix
Triggers can be set for exceptions against baseline.
adjacent channel interference (ACI)
Troubleshooting issue where access points within range of one another are configured to use different but overlapping channels, causing increased noise. Also called channel overlap.
Protecting Networks - Social Engineering - Tailgating/piggybacking - Mitigation
Turnstile Access Control Vestibule (mantrap)
How many pairs of wires in the cable does 100BaseTX use?
Two Pairs. Fuill Duplex
Duplex mis-match
Two computers connected with a crossover cable. Need to go to Device Manager and change duplex ffrom auto to 1/2 on both systems.
Speed mis-match
Two different speed switches. Speed lights will show two different speeds. No data will flow. This is an older problem and modern switches are auto-speed.
How many firewalls in a dMZ
Two firewalls. One routes pot 80 traffic or whatever port the server application needs. The other isolates the private network through firewall rules.
Change Managment - Change Request
Type of change Configuration procedures Rollback process Potential Impact Notification
application-specific integrated circuit (ASIC)
Type of processor designed to perform a specific function, such as switching.
Flood Guard
Type of switch feature a denial of service (DOS) attack and turn the port off.
Disaster Recovery and Backup - Methods- Snapshots
Typically on Virtual Machines - Traditionally not stored on another medai.
Dynamic Host Configuration Protocol (DHCP) runs on: (Select 2 answers)
UDP port 67 and 68
Data Center:Power
UPS PDU Power Distribution Units Distribute power to devices
Rouge Access Point/Rouge AP
Unauthorized Access point
What is a DHCP offer?
Unicast DHCP address sent back to the client MAC
Protecting Networks - Firewalls - UTM
Unified Threat Managment is a group of functions like firewall, malware detection, VPN Endpoint, Proxie.
Addressing (Network)
Unique identifier for a network node, such as a MAC address, IPv4 address, or IPv6 addres
Network Monitoring - Documenting Logs - Syslog
Unix/Linux Stanardized Format Errors go from 0 to 7 Interactive syslog Viewer Works with SNMP
Protecting Networks - Firewalls - Stateless - Weaknesses
Unsolicited packets comes in, say on a port there is no setting for, causes issues. All the stateless router knows is the ip and port number.
How fast is the data capibility of an SMF Cable?
Up to 100 gps
A 50 Micron OM2 Cable is rated for what speed?
Up to 1gps and uses LED transmitters.
Protecting Networks - Vulnerbilities - Zero Day - Mitigation
Update systems Only use applications essential to your org. Use a firewall Educate Users
DCS (Distributed Control System)
Used to control industrial processes such as electric power generation, oil and gas refineries, water and wastewater treatment, and chemical, food, and automotive production. A hiearchey of ICS Systems.
Business Risk Assessment
Used to identify, understand, and evaluate potential hazards in the workplace
Reverse Lookup Zones
Used to map an IP to a hostname.
TACACS+
Uses TCP Port 49 TACACS+ User goes to TACACS+ Client which goes to TACACS+ Server
Protecting Networks - Wired Man in the Middle - Get in the Middle - ettercap - Penetration Testing Tool
Uses poisons
RADIUS
Uses ports 1812-1813 and 1645-1646 both UDP
Automation in IaC
Using code to set up (provision) and maintain systems in a consistent manner without having to make manual changes.
Orchestration
Using code to setup (provision) and maintain systems in a consistent manner without having to make manual changes.
Which step follows "Implement the solution or escalate as necessary" in the troubleshooting methodology?
Verify full system functionality, and if applicable, implement preventive measures.
OSCP
Verifys each time if set. Good way to verify that you have a good certificate.
What is VCSEL
Vertical-Cavity Surface-Emitting Lasers
What kind of lease should a Public WiFi have?
Very short. If not you can exhaust your IP Scope.
ICS Interface
Where people talk to the ICS Server
Presence
Who is there who is not.
Identification
Who you are.
Secure error from browser to website.
Will cause certificate error exists. Happens when certificate for a web server is self signed. 443 error
Protecting Networks - System Life Cycle - Asset disposal - Hard Drives
Wipe with DoD 5220.22M
Deployment Models - BYOD - Policy - MDM - Middle Ground
Wipes company data, keeps yours.
Protecting Networks - Ettercap Tool
Wired Network Tool for Penetration Testing. Allows spoofing and DoS attacks.
WLAN
Wireless Local Area Network
802.11
Wireless Standard Radio waves to transmit network information between wireless nodes.
CISCO Commands
YOST Cable/Console Cable Use Serial Connection switch>enable (gives privelage mode) switch#show running-config switch#show interface fa 0/1 runts-under packet size giants-over size packt switch#show ip route switch#copy run start (saves changes)
What color is a Single-Mode Fiber Optic Cable
Yellow
Can tunnels encapsulate unencrypted protocols
Yes
Do you need one NS for a domain?
Yes, you need a Name Server for each Zone or Domain
How do you connect VLANs?
You can use a seperate router or inter VLAN routing.
Network Monitoring - Interface statistics or Interface Data - Applications
Zabbix LibreNMS Grafana SolarWinds Nagios Spiceworks
Software as a Service (SaaS)
delivers applications over the cloud using a pay-per-use revenue model
Time Division Multiple Access (TDMA)
divides each channel into six time slots. Each user is allocated two slots: one for transmission and one for reception. This method increases efficiency by 300 percent, as it allows carrying three calls on one channel
MSA 1st Gen
gBic 2 connectors
Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?
nbtstat -R Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the "nbtstat -R" command to purge and reload the cached name table from the LMHOST file on their Windows workstation.
TCP/IP Apps
ping: sends IP packets to check network connectivity tracert: similar to PING but returns path information to an IP address destination; in macOS & Linux the command is traceroute nslookup: gathers the network's DNS (domain name system/server) information ipconfig: displays TCP/IP network information on a computer; in macOS & Linux the command is ifconfig iptables: Linux command to put rules in place for packet filtering for the Linux kernel firewall netstat: displays a list of active TCP connections on a local network tcpdump: a data-network packet analyzer computer program that runs under a command line interface (CLI). Displays TCP/IP & other packets being transmitted or received over a network to which the computer is attached. pathping: used to combine the functionality of ping & tracert. It is used to locate spots that have network latency & network loss. nmap: used to discover hosts, services, & operation system detection on computer networks by sending packets and analyzing the responses route: allows you to make manual entries into network routing tables. It distinguishes between routes to hosts and routes to networks by interpreting the network address of the destination variable, which can be specified either by symbolic name or numeric address. arp: displays & modifies entries in the Address Resolution Protocol (ARP) cache. The ARP cache contains one or more tables that are used to store IP addresses & their resolved Ethernet or token ring physical addresses. dig: performs DNS lookups & displays the answers that are returned from the queried name server(s).
Public Cloud
promotes massive, global, and industrywide applications offered to the general public
ssocircle
provides a variety of service provider SP samples.
Low Optical Link Budget
refers to low fiber-optic signal strength
Community Cloud
serves a specific community with common business models, security requirements, and compliance considerations
Private Cloud
serves only one customer or organization and can be located on the customer's premises or off the customer's premises
Can you use an LTE NIC on a USB Port
yes.
What to do for setting up a WiFi Network
you do a floor plan, site survey, heat maps, check capacity,
