CompTIA Network+ Exam N10-008 - Lesson 5: Explaining IPv4 Addressing

A network administrator needs to break up a subnet into subnet masks containing 64 addresses. Which of the following subnet masks should the administrator use? A. 255.255.255.192 B. 255.255.255.240 C. 255.255.255.224 D. 255.255.255.128

A. 255.255.255.192 A subnet mask of 255.255.255.192 has 64 addresses. Subnet addressing has three hierarchical levels: a network ID, subnet ID, and host ID. A subnet mask of 255.255.255.240 has 16 addresses. To create logical subnets, the network administrator must allocate the bits from the host portion of the IP address as a subnetwork address, rather than part of the host ID. A subnet mask of 255.255.255.224 has 32 addresses. The mask will always have one of these values in the least significant octet: 128, 192, 224, 240, 248, 252, 254, 255. A subnet mask of 255.255.255.128 has 128 addresses. It is important to understand that only one mask is ever applied to the IP address on each interface.

A security administrator is investigating a CAM table flooded by an attacker. In the packet capture, what protocol should the security administrator filter on to look at related traffic? A. ARP B. IP C. TCP D. HTTP

A. ARP The Transmission Control Protocol/Internet Protocol (TCP/IP) suite includes the Address Resolution Protocol (ARP). The ARP performs the task of resolving an IP address to a hardware address. ARP messaging is only available to use with Ethernet. At the network layer, the TCP segment wraps in an Internet Protocol (IP) header. The IP packet encapsulates in an Ethernet frame at the data link layer. At the transport layer, the administrator adds a Transport Control Protocol (TCP) header to this application data. The HyperText Transfer Protocol (HTTP) protocol is an application layer protocol, which will include its own application header.

A network administrator wants to be able to address multiple address hosts. Which of the following would accomplish this task? (Select all that apply.) A. Broadcast B. ff:ff:ff:ff:ff:ff C. Unicast D. 255.255.240.0

A. Broadcast B. ff:ff:ff:ff:ff:ff One method of addressing multiple hosts is to perform a broadcast. An administrator performs a broadcast by sending a packet to the network or subnet's broadcast address. Implemented broadcasts occur at layer 2 by sending them to MAC address ff:ff:ff:ff:ff:ff. All hosts connected to the switch (or in the same VLAN) will receive them. When an IPv4 host wants to send a packet to a single recipient, it uses a unicast packet addressed to the destination host's IP address. If the subnet mask is 255.255.240.0, the last four digits of the last octet in the IP address are the host ID portion. Setting these digits to all 1s is the last possible address before the next subnet ID, hence the network broadcast address.

A systems administrator attempts to allow one host on the Internet to send content to other hosts that have identified themselves as interested in receiving the originating host's content. What should the administrator use to accomplish this? A. Multicast B. Anycast C. Broadcast D. Unicast

A. Multicast IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content. Anycast refers to a group of hosts configured with the same IP address. One method of addressing multiple hosts is to perform a broadcast. An administrator performs a broadcast by sending a packet to the network or subnet's broadcast address. When an IPv4 host wants to send a packet to a single recipient, it uses a unicast packet addressed to the IP address of the destination host.

A helpdesk technician is reviewing the network layout in various areas. What is the purpose of subnetting? A. Layer 2 tracking B. Layer 3 segments C. Port security D. Flow control

B. Layer 3 segments Subnetting creates layer 3 broadcast domain segments with fewer hosts. The trick with subnet design is to fit the scheme to the requirements for a number of subnetworks and hosts per subnet. The CAM table tracks Layer 2 and implements it as content addressable memory (CAM). It is a special type of memory, optimized for searching, rather than random access. A port security configuration validates the MAC address of end systems connecting to a switch port. Most often, the MAC address of servers and workstations does not change often, except for predictable upgrade cycles. IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames.

A security architect is dividing a network into logically distinct zones for security and administrative control. Which of the following should the security architect use? A. CAMs B. VLANs C. Port security D. Flow control

B. VLANs VLANs are useful to divide a network into logically distinct zones for security and administrative control. The CAM table tracks Layer 2 and implements it as content addressable memory (CAM). It is a special type of memory, optimized for searching rather than random access. A port security configuration validates the MAC address of end systems that connect to a switch port. In most scenarios, the MAC address of servers and workstations does not change often. IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames.

A security analyst is reviewing malicious packets and trying to understand the IPv4 header. What is the first field in an IPv4 header? A. Header Length B. Version C. Protocol D. Source address

B. Version The Version field is the first field in an IPv4 packet and indicates the version of the Internet Protocol in use, which in the case of IPv4 is 4. The field after Version is the Length field, which indicates the size of the header and the total packet size, including the payload. The maximum theoretical size is 65,535 bytes. The Protocol field describes what is contained (encapsulated) in the payload so that the receiving host knows how to process it. The source and destination address fields do not occur until the end of the header, before options and data. The options field is not as common in IPv4.

A security technician is looking at binary and trying to convert it to an IP address. The first field is 00110011. What does this translate to in decimal? A. 198 B. 100 C. 51 D. 1

C. 51 The IP address 00110011 would be 51 in decimal. The place values are powers of 2 (21=2, 22=4, 23=8, 24=16, and so on). The technician should memorize these values to perform binary/decimal conversions using the columnar method. The IP address 11000110 would be 198 in decimal. The technician can use the same columnar method to convert from decimal to binary. The IP address 01100100 would be 100 in decimal. Setting all the bits in an octet to 1, the number obtained is 255 (the maximum possible value). Similarly, setting all the bits to 0, the number obtained is 0 (the minimum possible value). The IP address 00000001 would be 1 in decimal.

A network architect is planning a new setup for a new company that has yet to build buildings. Which of the following would the architect set up for a /16 network? A. Multicast B. Class A C. Class B D. Class C

C. Class B Class B: 255.255.0.0 (/16). The first octet for class B is from 128 - 191. The only remaining use of classful terminology is to describe the default subnet masks. IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content. Class A: 255.0.0.0 (/8). The first octet for class A is from 1 - 126. The default masks reengineer the classful scheme but allow network designers to create subnets of different numbers. Class C: 255.255.255.0 (/24). The first octet for class C is from 192 - 223.

A helpdesk operator is troubleshooting communication issues for devices in different broadcast domains. What do the devices need to pass through to talk to each other? A. Switch B. Hub C. Router D. Modem

C. Router Nodes within each subnet can address one another directly since they are in the same broadcast domain, but they can only communicate with nodes in other subnets via the router. For switches on each subnet or broadcast domain, nodes use MAC addresses to forward frames to one another, using a mechanism to translate between layer 3 IP addresses and layer 2 MAC addresses. A hub acts like a multiport repeater so that every port receives transmissions sent from any other port. Modems, typically cable or digital subscriber lines, connect to the Internet Service Provider's (ISP's) network.

A security analyst is looking at traffic directed to 0.0.0.0/8. For what purpose is this IP range typically used? A. Variety of special purposes B. To check that TCP/IP is correctly installed on the local host C. Source address by client seeking a DHCP lease D. Examples

C. Source address by client seeking a DHCP lease The system uses the subnet 0.0.0.0/8 when a specific address is unknown and typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease. The subnets 100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15 are all set aside for a variety of special purposes. While nominally part of Class A, the range 127.0.0.0 to 127.255.255.255 (or 127.0.0.0/8) is reserved. This range is used to configure a loopback address, which is a special address typically used to check that TCP/IP is correctly installed on the local host. The subnets 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 are all set aside for use in documentation and examples. These are other IPv4 address ranges reserved for special use and are not publicly routable.

A client is trying to connect to a network. The client can get an IP address but does not have internet access and decides to see if they are issued an APIPA address. Which of the following would fall under the APIPA range? A. 10.0.0.0 to 10.255.255.255 B. 172.16.0.0 to 172.31.255.255 C. 192.168.0.0 to 192.168.255.255 D. 169.254.0.0 through 169.254.255.255

D. 169.254.0.0 through 169.254.255.255 The APIPA range is from 169.254.0.0 through 169.254.255.255. Microsoft developed Automatic Private IP Addressing (APIPA) for clients that could not contact a Dynamic Host Configuration Protocol (DHCP) server. The IP addresses from 10.0.0.0 to 10.255.255.255 represent the Class A private address range. Private IP addresses can be from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet. The IP addresses from 172.16.0.0 to 172.31.255.255 represent the Class B private address range. Any organization can use private addresses on its networks without applying to a registry or ISP, and multiple organizations can use these ranges simultaneously. The IP addresses from 192.168.0.0 to 192.168.255.255 represent the Class C private address range.

A network administrator is working for a large company on a subnet that requires an 8 bit mask. Which of the following would that be? A. 255.255.0.0 B. 255.255.255.0 C. 255.255.255.255. D. 255.0.0.0.

D. 255.0.0.0. 255.0.0.0 is an 8-bit mask. A short netmask (255.0.0.0) allows for millions of hosts per network but only 126 possible network addresses. 255.255.0.0 is a 16-bit mask. Note that this system is known as classless addressing. There is an older classful addressing method. 255.255.255.0 is a 24-bit mask. A longer network portion, such as 255.255.255.0, allows for more network IDs within the overall internetwork, but with fewer available host addresses per network. 255.255.255.255 is a 32-bit mask. A 32-bit network mask (or netmask) distinguishes these two components within a single IP address.

A systems administrator is looking into communications issues on a server. If the destination IPv4 address is on a different IP network or subnet, where will the host send the traffic? A. CAM B. SFD C. MTRJ D. Default gateway

D. Default gateway When the destination IPv4 address is on a different IP subnet, the host forwards the packet to its default gateway rather than trying to deliver it locally. The default gateway is a router configured with a path to remote networks. The CAM table tracks Layer 2 and implements it as content addressable memory (CAM). It is a special type of memory, optimized for searching rather than random access. The Start Frame Delimiter (SFD) is for clock synchronization and as part of the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol to identify collisions early. Mechanical Transfer Registered Jack (MTRJ) is a small-form-factor duplex connector with a snap-in design used for multimode networks.

A security researcher is looking at traffic directed to 192.0.2.128. What is this used for if used correctly? A. Variety of special purposes B. Local network address not known C. DHCP lease D. Examples

D. Examples The subnets 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 are all set aside for use in documentation and examples. These are other IPv4 address ranges reserved for special use and are not publicly routable. The subnets 100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15 are all set aside for a variety of special purposes. The subnet 255.255.255.255 broadcasts to the local network when the local network address is not known. A broadcast performs by sending a packet to the network or subnet's broadcast address. The system uses the subnet 0.0.0.0/8 when a specific address is unknown and typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease.