CompTIA - Net+

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Segmentation

Breaking PDUs from the session layer into a segment format where sequence numbers are used by the receiver to rebuild the message correctly.

Power Distribution Unit (PDU)

"Cleans" the power signal and provides protection against spikes, surges, and brownouts.

Asymmetrical DSL (ADSL)

"Consumer" version of DSL that provides fast downlink but slow uplink.

You want to use a fiber optic cabling to support 1 Gigabit Ethernet in a LAN. Which Ethernet standard should you use?

1000BASE-SX

What is the difference between physical and logical schematics?

A logical schematic shows the topology of the network in abstract (such as IP networks); a physical schematic shows the locations of components and their IDs.

What is 6to4?

A method of tunneling IPv6 packets over an IPv4 network.

A host is configured with the IP address 10.0.10.22 and subnet mask 255.255.255.192. How many hosts per subnet would this addressing scheme support?

62. To work this out, either subtract the least significant octet from 256 then subtract two for the network and broadcast addresses or having work out that there 6 host bits calculate (2^6)-2.

OM1

62.5 micron cable rated for applications up to 1Gbps and use LED transmitters. Supports 10GBASE-SR over 33m. Color-coded orange.

Noise

Anything that gets transmitted within or close to the channel that isn't the intended signal.

Layers in the OSI Model

Application, Presentation, Session, Transport, Network, Data Link, Physical

IPSec - Encapsulation Security Protocol (ESP)

Attaches three fields to a packet (header, trailer, and Integrity Check Value (ICV)).

Phishing

Attacker sets up a spoof website, and then attempts to have customers redirected to that site input sensitive information.

PEAPv1/EAP-GTC

Cisco's implementation of PEAP.

Enhanced Interior Gateway Routing Protocol (EIGRP)

Cisco's proprietary hybrid protocol that has elements of both distance vector and link state routing.

LDAPS - Simple Authentication and Security Layer (SASL)

Client and server negotiate the use of a supported security mechanism.

Nontransparent Proxy

Client must be configured with the server address to use it.

LDAPS - Simple Authentication

Client must supply its DN and password, which are passed as plaintext.

Dial-Up

A type of network connection in which data is passed through phone lines. Fastest connection is 33.6 Kbps (V.34+) because of analog line limitations.

Active FTP

Client send a PORT command specifying its chosen data connection port number (typically N+1) and the server opens the data connection between the chosen client port and TCP port 20 on the server.

Credentialed Scan

A user account is provisioned with log on rights to various hosts plus whatever permissions are appropriate for the testing routines.

Nslookup

A utility that is used to test and troubleshoot domain name servers.

SSH Client Authentication - Username / Password

Client submits credentials that are verified by the SSH server against a local user database or using an AAA server.

Zero Day Exploit

A vulnerability that is exploited before the developer knows about it or can release a patch.

ANT+

ANT is a proven ultra-low power (ULP) wireless protocol that is responsible for sending information wirelessly from one device to another device, in a robust and flexible manner.

Multiuser MIMO (MU-MIMO)

Allows the accept point to send a particular signal more strongly in the direction of a particular client using an array of antennas.

Point-to-Point Protocol

Allows the user to be authenticated and TCP/IP packets to be tunneled over a connection and routed over the wider Internet.

BNC Coupler

Allows two cables terminated with BNCs to be connected to one another. Impedence of the connector must match cable type (50 or 75 ohm).

iptables -L -v

Displays the current status of the IP tables and the volume of traffic using the chains.

Netstat -o

Displays the owning process ID associated with each connection.

Netstat -r

Displays the routing table

VoIP Endpoint

Establish communications directly in a peer-to-peer architechture.

SMTPS

Establishes the secure connection before any SMTP commands are exchanged.

Synchronous Digital Hierarchy (SDH)

European fiber carrier standard equivalent to SONET.

Pointer (PTR)

Found in reverse lookup zones and is used to resolve an IP address to a host name.

Pin 1

Green/White (T568A) or Orange/White (T568B), Tx+ (10/100 Mbps), BixA+ (1/10 Gbps)

Best Practice

Guidelines for areas of policy where there are no procedures.

What type of server infrastructure is IPAM designed to monitor?

IP Address Management (IPAM) is used to monitor (and manage) DHCP and DNS services (and Domain Controllers in a Windows network environment).

What parameters can a layer 3 firewall ruleset use?

IP source and destination address, protocol type, and port number.

Differentiated Services Code Point (DSCP)

IPv4 field used to indicate a priority value for the packet. Helps to facilitate better quality "real-time" data transfers (video streaming, VoIP).

What address is used to contact a DHCPv6 server?

IPv6 does not support broadcast so clients use the multicast address ff:02::1:2 to discover a DHCP server.

6to4 Tunneling

IPv6 packets are inserted into IPv4 packets and routed over the IPv4 network to their destination.

Routing Metrics

Path length, reliability, latency, bandwidth, load (link utilization), MTU, price/costs

0000::/8

IPv6 reserved address for special functions.

Primary Rate Interface (PRI)

ISDN that provides either T1 or E1 capacity levels (23xB or 30xB channels) and one 64 Kbps D channel.

Basic Rate Interface (BRI)

ISDN that provides two 64 Kbps B channels for data and one 16 Kbps D channel for link management control.

Virtual Private Server (VPS)

ISP allocated you a VM on a physical server. Isolated from other customer instances by the hypervisor.

Dedicated Server

ISP allocates your own private server computer.

L

Locality, usually a city or area.

IPv4 Address Structure

Network number (network ID) Host number (host ID) 32 bits long and used to define the source and destination of a packet.

Wide Area Network (WAN)

Network of networks, connected together by long distance links.

Target

Network port for a storage device. Identified by a 64-bit World Wide Name (WWN).

Crossover Cable

Connects two hubs together with the Tx port on one hub connecting to the Rx port on the other, and vice versa.

Site-to-Site VPN

Connects two or more local networks, each of which runs a VPN gateway (or router). Very cost-effective.

Horizontal Cabling

Connects user work areas to the nearest horizontal cross-connect. Wired in a star topology.

Beacon Frame

Contains the SSID, supported data rates and signaling, and encryption/authentication requirements.

Single-Mode Fiber (SMF)

Small core (8-10 microns) and long wavelength, near infared (1310nm or 1550nm) light signal, generated by a laser. Supports up to 10Gbps on multiple kilometer cable.

Local Connector (LC)

Small form factor connector that is smaller to allow for higher port density. Used for Gigabit Ethernet and 10GbE.

Mechanical Transfer Registered Jack (MTRJ)

Small form-factor duplex connector with a snap-in design. Used for multimode networks.

Brute Force Attack

Software tries to match the hash against one of every possible combinations it could be.

Default Routes

Special type of static route that identifies the next hop router for an unknown destination.

EAP - Authentication Server

Performs the authentication (typically an AAA server).

Crosstalk

Phenomenon where one wire causes interference in another as a result of their close proximity.

Which two OSI layers define how multiple computers can simultaneously use the network media without interfering with each other?

Physical and data link.

What is PoE?

Power over Ethernet - an IEEE specification for delivering power to devices from switch ports over network cabling.

Conventional Lock

Prevents the door handle from being operated without the use of a key.

Circuit Switched Data (CSD)

Requires data connection to be established to the base station and is only capable of around 14.4 Kbps at best.

Host Name

The unique name given to a network node on a TCP /IP network.

Quad SFP

Transceiver form factor designed to support 40 GbE plus other high bandwidth applications. Combines 4 SFP or SFP+ links to support either 4x1 Gbps or 4x10 Gbps.

True or false? If a client accepts a DHCPOFFER, the DHCPREQUEST packet is broadcast on the network.

True.

True or false? Receiving an echo reply message indicates the link between two hosts is operational.

True.

True or false? A router would normally have more than one network interface.

True. Routers with a single interface (a "router on a stick") might be used to router between VLANs though.

True or false? Switch ports should normally be set to autonegotiate speed and duplex settings.

True; speed / duplex setting only very rarely needs to be manually configured on modern networks.

Teredo Tunneling

Tunnels IPv6 packets as IPv4-based UDP messages over port 3544. Allows for tunneling through NAT devices.

Private Virtual Switch

Usable only by the VMs. They cannot use the switch to communicate with the host.

Something You Know Authentication

Username and password

Switch Flooding

When a switch does not know the correct port for a particular destination MAC address, it sends the frame out to all ports, even if the frame is unicast not broadcast. Can seriously adversely affect network performance.

Converged

When all ports on all bridges are in forwarding or blocking states. Communication cannot take place if the network is not converged.

Discards/Drops

When an interface discards (drops) incoming and/or outgoing frames.

Flooding

When a MAC address cannot be found in the MAC address table so the switch acts like a hub and transmits the frame out of all the ports (except for the incoming port).

Why would a developer choose to use unreliable delivery over reliable, connection oriented delivery?

When speed is more important than reliability.

Time Exceeded

When the TTL of a packet reaches zero. TTL has a maximum of 255, which is decreased every time the packet crosses a router. Can be caused by looping packets (due to a corrupted routing table), or when the router is considerably congested

Bandwidth Saturation

When the frequency of a band is filled to capacity due to the large number of devices using the same bandwidth.

Overcapacity (Device Saturation)

When too many client devices connect to the same access point.

What protocol can be used to implement a SAN without provisioning dedicated storage networking adapters and switches?

iSCSI.

After asking the three basic questions of anyone reporting a problem, what should you have determined? (Choose THREE): • Whether to look for recent change or an oversight in configuration. • Where to look for the problem. • The severity of the problem. • If the problem should be escalated.

• Whether to look for recent change or an oversight in configuration. • Where to look for the problem. • The severity of the problem.

Write the command to use tcpdump to capture traffic from the IP address 172.16.16.254 on the interface eth0 and output the results to the file router.pcap:

tcpdump -I eth0 -w 'router.pcap' src host 172.16.16.254

Fault Tolerant Systems

A system that can experience failures and continue to provide the same (or nearly the same) level of service. Usually achieved by provisioning redundant components.

Data Loss Prevention (DLP)

A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users.

Spoofing

A technique intruders use to make their network or internet transmission appear legitimate to a victim computer or network

Network Address Translation (NAT)

A technique that allows private IP addresses to be used on the public Internet.

Port Address Translation (PAT)

Allocates each new connection with a high-level TCP or UDP port and creates new port mappings for these requests so multiple hosts can initiate web connections at the same time.

Plesiochronous Digital Hierarchy (PDH)

Allowed multiple calls to be placed on a single cable and enabled voice traffic to be digitized for transport around the core network.

Local Address Resolution

Allows a host to discover other nodes and routers on the local network (neighbors)

Reverse ARP (RARP)

Allows a host to obtain an IP address from a server configured with a list of MAC:IP address mappings.

Server Message Block (SMB)

Allows a machine to share its files and printers to make them available for other machines to use. Runs over TCP port 445.

Variable Length Subnet Masking (VLSM)

Allows a network to be divided into different-sized subnets to make one IP network that would have previously been considered a class (such as Class A) look like Class B or Class C.

SSID Broadcast

Allows a user to connect to a named network.

Network Access Control (NAC)

Allows administrators to devise policies or profiles describing a minimum security configuration that devices must meet to be granted network access. Called a health policy.

Lightweight Access Point Protocol (LWAPP)

Allows an AP configured to work in lightweight mode to download an appropriate SSID, standards mode, channel, and security configuration.

Network Load Balancing (NLB)

Allows an array of front-end servers to share a single IP address. An algorithm within the array determines which of the members should accept each packet.

Link-Local Multicast Name Resolution (LLMNR)

Allows clients to perform name resolution on a local link without needing a server.

Dynamic DNS

Allows either individual clients or the DHCP server to notify the DNS server of any IP address changes.

Urgent Pointer - TCP

If urgent data is being sent, this specifies the end of that data in the segment.

In what sort of circumstances should you escalate a problem?

If you cannot solve it yourself (though it won't been good for your career if you give up too easily). You might also escalate if you do not have authorization to perform the necessary changes or if the system is under some sort of warranty.

What is the function of a network controller?

Implements the policies defined by Software Defined Networking (SDN) control applications by interfacing with the configuration interfaces of network appliances.

In a stateless environment, what sort of information does DHCPv6 provide?

In a stateless environment, the host autoconfigures an address using a network prefix provided by the router (typically). DHCPv6 is then used to provide the IPv6 addresses used to access network services such as DNS or SIP gateways.

10 Gigabit Ethernet (10GbE)

Increases bandwidth for server interconnections and network backbones, especially in data centers and Storage Area Networks (SAN), Replaces existing switched public data networks based on proprietary technologies with simpler Ethernet switches (Metro Ethernet). Only works in full-duplex mode.

Destination Unreachable

Indicates that a local host or a hot on a remote network cannot be contacted.

What is the function of the protocol field in an IPv4 header?

Indicates the protocol type of the payload. This would typically be TCP or UDP but could be something else (ICMP or GRE for instance).

Flag

Indicates whether more fragments will follow

ID/Flag/Fragment Offset

Indicates whether the IP datagram has been split between multiple packets for transport over the underlying data link protocol.

Is InfiniBand a competitor technology to Fiber Channel or an upgrade path allowing integration with legacy infrastructure.

InfiniBand is a competitor technology to Fiber Channel.

Procedure

Inflexible, step-by-step listing of the actions that must be completed for any given task.

Availability

Information is accessible to those authorized to view or modify it.

DHCP Snooping

Inspects DHCP traffic arriving on access ports to ensure that a host is not trying to spoof its MAC address. Can also prevent rogue DHCP servers from operating on the network.

Packet Filtering

Inspects headers of IP packets and makes decisions based on the contents (allow or block).

Router Between the Client and DHCP Sevrer doesn't Support BOOTP Forwarding

Install RFC 1542 compliant routers or add another type of DHCP relay agent to each subnet or VLAN.

Guest Operating Systmes

Installed under virtual environment. Number only restricted by hardware capacity.

LTE-Advanced (LTE-A)

Intended to provide a 300 Mbps downlink, but has around 40 Mbps downlink in real-world performance.

Nmap -sV / -a [ip address]

Intensive scan that discovers the software or software version operating on each port.

Transparent Proxy

Intercepts client traffic without the client having to be configured.

Trunks

Interconnection between switches.

Network Access Points (NAPs)

Interconnections between trunk lines.

Storage Area Network (SAN)

Interconnects storage devices such as RAID arrays or tape drives to make "pools" of shared storage capacity available to servers.

Static IP Addressing

Manually configuring a host with an IP address and information as opposed to obtaining the address dynamically through a DHCP server.

IPSec - Authentication Header

Protocol that performs a cryptographic hash on the packet, plus a shared secret key, and adds this HMAC in its header as a Integrity Check Value (ICV).

Certificate Authority (CA)

Proves the identity of the server.

SNMP Management Software

Provides a location from which network activity can be overseen.

Network Time Protocol (NTP)

Provides a transport over which to synchronize time dependent applications. Works over UDP port 123.

Remote Access Service (RAS)

Provides access to an internal network from an outside source.

Internet Layer

Provides addressing and routing functions. Uses a number of protocols, notably the Internet Protocol (IP) and Address Resolution Protocol (ARP), to facilitate the delivery of packets.

Nmap -sU [ip address]

Scans UDP ports. Waits for response or timeout to determine port state.

On the DHCP server, what is a range of IP addresses that are available to be leased or assigned to clients called?

Scope.

IPv6 Unicast Addressing

Scoped (region of a network). Provides the equivalent of public addressing schemes in IPv4 while linklocal schemes provide private addressing.

Wired Connectivity Troubleshooting - Blinking Amber Light

Some kind of fault has been detected.

Nmap -sS [ip address]

TCP SYN. Half-open scanning as the scanning host request a connection without acknowledging it. Responding SYN packet identifies the port state.

Nmap -sT [ip address]

TCP connect. Half-open scan that requires administrative access to the network driver to craft packets. Less stealthy.

Hypertext Transfer Protocol (HTTP)

The set of rules that controls the transfer of web pages. It is a protocol that allows web browsers to talk to web servers. Uses TCP port 80.

0:0:0:0:0:0:0:0

Unspecified address. A host that has not obtained a valid address. Expressed as "::"

When connecting an ordinary client workstation to a switch and assigning it to a VLAN, should the switch port be tagged or untagged?

Untagged - this means the switch handles VLAN assignment.

What characters are allowed in a DNS host name?

Up to 63 alphanumerics and the hyphen, though the hyphen cannot be used at the beginning or end of the name.

Fiber to the X (FTTx)

Updating unstable wiring infrastructure with fiber optic links.

Internal Virtual Switch

Usable only by VMs on the host and the host itself.

File Checksum Integrity Verifier (FCIV)

Use the -v switch to compare the target with the value stored in a file

Explicit TLS (FTPES)

Use the AUTH TLS command to upgrade an unsecure connection established over port 21 to a secure one. Protects authentication credentials.

If you receive a "Request timed out" error message when using ping, what would you attempt next?

Use tracert to try to identify the routing problem.

IR Sensor

Used as proximity sensors and to measure health information.

Internet Key Exchange (IKE)

Used by IPSec to create a master key, which is in turn used to generate bulk encryption keys for encrypting data.

DHCPv6 Prefix Delegation (PD)

Used by ISPs to provide routable address prefixes to a SOHO router.

169.254.0.0 - 169.254.255.255

Used by hosts for Automatic Private IP Adressing (link-local addressing)

Enhanced Interior Gateway Routing Protocol (EIGRP/88) and Open Shortest Path First (OSPF/89)

Used by routers to exchange information about routes dyanmically

iptables -FORWARD

Used for connections that are passing through the server rather than actually being delivered locally.

What is the purpose of the Window field in a TCP segment?

Used for flow control (indicates the amount of data that the host can receive before sending another acknowledgement).

Internet Control Message Protocol (ICMP/1)

Used for status messaging and connectivity testing.

Echo Request/Reply

Used for testing a connection with the ping utility. Generates a reply if the ping reaches the destination host or an error message if it does not.

Fiber to Coaxial

Used in Hybrid Fiber Coax (HFC) networks to deliver broadband internet to offices and homes. Ethernet models for SMF and MMF are not interchangeable.

Internet Group Management Protocol (IGMP)

Used to configure group memberships and IP addresses.

DomainKeys Identified Mail (DKIM)

Used to decide whether you should allow received mail from a particular source, preventing spam and mail spoofing.

Neighbor Discovery Protocol (NDP)

Used to discover and exchange information about devices on the same subnet (neighbors). Replaces the IPv4 ARP protocol.

Subnet Masks

Used to distinguish the Network ID and Host ID within a single IP address. Hides the Host portion of the IP address to reveal the Network ID portion.

Session Control

Used to establish, manage, and disestablish communications sessions.

IP Address

Used to identify a host at layer 3 of the OSI model.

Service (SRV)

Used to identify a record that is providing a particular network service or protocol.

Mail eXchanger (MX)

Used to identify an email server for the domain.

Sender Policy Framework (SPF)

Used to list out the IP addresses or names of servers that are allowed to send email from a particular domain. Also used to combat spam.

Time Domain Reflectometer (TDR)

Used to measure the length of a cable run and is able to locate open and short circuits, kinks/sharp bends, and other imperfections in the cable.

Lightweight Directory Access Protocol (LDAP)

Used to query and update an X.500 directory or any type of directory that can present itself as an X.500 directory. Uses TCP and UDP port 389 by default.

Internet Control Message Protocol (ICMP)

Used to report errors and send messages

Internet Control Message Protocol (ICMP)

Used to report errors and send messages about the delivery of a packet. Can also be used to test and troubleshoot connectivity issues.

Canonical Name (CNAME)

Used to represent an alias for a particular host (A or AAAA).

Address (A)

Used to resolve a host name to an IPv4 address.

Address (AAAA)

Used to resolve a host name to an IPv6 address.

Text (TXT)

Used to store any free form text that may be needed to support other network services.

66 Block

Used to terminate telephone cabling and legacy data applications. Comprises of 50 rows of 4 IDC terminals. On one side, 25-pair cables from access provider are terminated. On the other, wiring from PBX is terminated. A jumper is installed over the middle two terminals, completing the connection.

Certifiers

Used to test and certify cable installations to a particular category (I.E. TIA/EIA 568B Category 6A Compliant).

Tone Generator and Probe

Used to trace a cable from one end to the other.

Generic Routing Encapsulation (GRE/47)

Used to tunnel packets access an intermediate network.

Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51)

Used to with the encrypted form of IP (IPSec)

Anycast

Used when a message must be sent to any member of a group but not necessarily all of them. Packets are sent to the member of the group physically closest to the transmitting host.

RJ-11

Used with 2- or 3-pair UTP. One pair carries the dial tone and voice circuit. Other pair is usually unused, but can be deployed as a secondary circuit. Used for telephone systems.

RJ-45

Used with 4-pair (8-wire) cables. All eight potential wire positions are supplied with contacts so that they can all carry signals if needed. Used for Ethernet twisted pair cabling.

Internet Group Messaging Protocol (IGMP/2)

Used with multicasting

Time Division Multiplexing (TDM)

Allows for multi-line support and configuration of an internal phone system to direct and route calls and provide other telephony features such as intercom and music on hold.

Application Layer (TCP/IP)

Allows high level protocols to be run (FTP. HTTP, SMTP)

Post Office Protocol (POP)

Allows mail to be downloaded to the recipient's email client. Can be secured using SSL/TLS.

Client-to-Site VPN

Connects over the public network to a VPN gateway (VPN-enabled router) positioned at the edge of the local network. Gives those outside of the internal network access to it.

IPv6 Stateless Address Autoconfiguration

Host generates a link-local address and tests that it is unique using the ND protocol. Host listens for a Router Advertisement (RA) and acts based on host requirements.

Posture Assessment

Host health checks are performed against a client device to verify compliance with the health policy.

What type of software would you use to protect a web server against applicationlevel attacks?

Host-based or application-based firewall / intrusion protection system.

Looking Glass Site

Hosts a server that exposes its routing table to public queries via HTTP.

Private Addressing

Hosts communicate with one another over a LAN.

End Systems (ES)

Hosts with no capacity to forward packets to other IP networks.

Broadcast Domain

A domain where all hosts receive the same broadcast packets. Boundaries established at network layer by routers. Different domains for each IP network or subnetwork.

Routing Information Protocol (RIP)

A dynamic protocol that uses distance-vector routing algorithms to decipher which route to send data packets.

CEPT1 (E1)

Bandwidth is 2.048, has 32 channels and one E1 unit.

CEPT3 (E3)

Bandwidth is 34.368, has 512 channels and 16 E1 units.

Deadbolt Lock

Bold on the frame of the door, separate to the handle mechanism.

PSTN - Local Loop

Cabling from the customer premises to the local exchange.

CN

Common name, identifies the person or object.

What type of DNS enables clients to report a change of IP address to a DNS server?

Dynamic DNS.

Acceptable Use Policy (AUP)

Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet

Class C Private Address

192.168.0.0 - 192.168.255.255

Class C Networks

192.x.x.x - 223.x.x.x Supports 254 hosts, and there are 2,000,000 available network addresses.

Hosts Per Subnet Formula

2^n-2 n = number of bits allocated for the host ID

Which pins are used for the receive pair under 100BASE-T?

3 and 6.

Internet Service Provider (ISP)

A company that provides access to the internet for a monthly fee

iptables - INPUT

Affecting incoming connections.

Flat Routing

All routers can inter-communicate with one another.

Source NAT (SNAT)

Converts a source IP address to another address.

Personal Firewall

Implemented as a software application running on a single host.

What is an MTU?

Maximum Transmission Unit - the amount of data that a frame payload can carry.

STS-1 / OC-1

SDH is STM-0, data rate is 51.84 Mbps.

Rack

Specially configured steel shelving system for server and network equipment.

Nmap -sX

XMAS scan that sets the SIN, PSH, and URG flags.

Dynamic Routing Protocl

Manually configures or learns routes to other IP networks.

Category 5e Copper Cable

100 MHz freq., 1 Gbps capacity, 100m (328ft) max distance, 1000BASE-T

Category 5 Copper Cable

100 MHz freq., 100 Mbps capacity, 100m (328ft) max distance, 100BASE-TX

Full Mesh Formula

(N(N-1)/2

TIA/EIA IS-95

(cdmaOne)-based handsets using Code Division Multiple Access (CDMA).

Steps to Send Message through Default Gateway

1. IP attempts to establish a connection with the destination host 2. The destination network address is compared with that of the source 3. Message is fragmented if necessary 4. Checksum is calculated and datagram is sent 5. TTL is decreased by at least one if the packet is routed at the gateway 6. Steps 2-5 repeated by the router

Class A Networks

1.x.x.x - 126.x.x.x Supports 16,000,000 hosts, but there are only 126 available network addresses.

Class A Private Address

10.0.0.0 - 10.255.255.255

If a host is configured with the IP address 10.0.10.22 and mask 255.255.255.192, what is the broadcast address of the subnet?

10.0.10.63. To work this out, convert the IP to binary (00001010 00000000 00001010 00010110) then work out the number of bits in the mask (26). Change the remaining host bits (6) to 1s and convert back to dotted decimal.

Convert the decimal value "72" into binary.

1001000

If the IP address 10.0.10.22 were used with an /18 mask, how many subnets and hosts per subnet would be available?

1024 subnets each with 16,382 hosts. From the default mask, 10 bits are allocated to the subnet ID and 14 remain as host bits.

Loopback Address

127.0.0.1. Typically used to check that TCP/IP is correctly installed on the local host. Does not require a physical interface.

Source Address (IPv6)

128 bits. Originating address.

Destination Address (IPv6)

128 bits. Target address.

Class B Networks

128.x.x.x - 191.x.x.x Supports 16,000 hosts, and there are 65,000 available network addresses.

Class C Default Subnet Mask

255.255.255.0

Category 3 Copper Cable

16 MHz freq., 10 Mbps capacity, 100m (328ft) max distance, 10BASE-T

If assigned a single global IPv6 address prefix, how many bits are available for subnetting?

16 bits.

Payload Length (IPv6)

16 bits. Indicates the length of the packet payload, up to a maximum of 64KB. If the payload is bigger than that, this field is 0 and a special Jumbo Payload (4GB) option is established.

Class B Private Address

172.16.0.0 - 172.31.255.255

Which of the following are class C IP Addresses? (Choose four). • 195.243.67.51 • 165.247.200.100 • 190.234.24.6 • 11001101 01110100 00000100 00101110 • 11001111 100000001 01111110 10010010 • 213.54.53.52 • 233.168.24.6

195.243.67.51 11001101 01110100 00000100 00101110 11001111 100000001 01111110 10010010 213.54.53.52

Flow Label (IPv6)

20 bits. Used for QoS management, such as real-time streams. This is set to 0 for packets not part of any delivery sequence or structure.

Class D Networks

224.0.0.0 - 239.255.255.255 Multicast

Class E Networks

240.0.0.0 - 255.255.255.255, reserved (experimental use and testing)

Convert the binary vale "11110010" to decimal.

242

Category 6 Copper Cable

250 MHz freq., 1 Gbps capacity with 100m (328ft) max distance OR 10 Gbps capacity with 55m (180ft) max distance, 1000BASE-T OR 10GBASE-T respectively.

Class A Default Subnet Mask

255.0.0.0

Class B Default Subnet Mask

255.255.0.0

OM3

50 micron cable designed for use with the 850nm Vertical-Cavity Surface-Emitting Lasers (VCSEL). Supports 10Gbps at 300m range. Color-coded aqua.

Version (IPv6)

4 bits. Used to indicate which version of IP is being used (0110 or 0x06 for IPv6)

OM2

50 micron cable rated for applications up to 1Gbps and use LED transmitters. Supports 10GBASE-SR over 82m. Color-coded orange.

Private/Dynamic Ports

49152-65535

Category 6A Copper Cable

500 MHz freq., 10 Gbps capacity, 100m (328ft) max distance, 10GBASE-T

ATM Cell

53 bytes, fixed length packet that contains 48 bytes of data and 5 bytes of header information.

Next Header (IPv6)

8 bits. Used to describe what the next extension header (if any) is, or where the actual payload begins.

What is the upper limit of a dialup modem's connection speed?

56 Kbps for the downlink and 33.3 Kbps for the uplink. A 48 Kbps uplink is possible with V.92 but only by reducing the downlink rate.

Category 7 Copper Cable

600 MHz freq., 10 Gbps capacity, 100m (328ft) max distance, 10GBASE-T

IEEE 802.11n

600 Mbps and uses 5.0-GHz or 2.4-GHz radio frequency and supports Multiple-Input-Multiple-Output (MIMO).

Traffic Class (IPv6)

8 bits. Describes the packet's priority.

Hop Limit (IPv6)

8 bits. Replaces the TTL field in IPv4 but performs the same functoin.

Which IEEE WLAN standards specify a data transfer rate of up to 54 Mbps?

802.11a and 802.11g.

Channel Bonding

802.11n feature that allows two adjacent 20 MHz channels to be used as a single 40 MHz channel.

PoE Standards

802.3af - powered devices can draw up to about 13W over the link. Power is supplied as 350mA@48V and limited to 15.4W but the voltage drop over the maximum 100 feet of cable results in usable power of around 13W 802.3at (PoE+) - powered devices can draw up to about 25W.

In IPv6, how is the loopback address best expressed?

::1.

HTTP Secure (HTTPS)

A combination of HTTP with Secure Sockets Layer (SSL) that results in a secure connection. It uses port 443 by default.

Tracert

A command that determines the route data takes to get to a particular destination.

Extensible Authentication Protocol (EAP)

A framework for transporting authentication protocols that defines the format of the messages.

Cell Switching

A switch in which the transmission is broken into smaller, fixed length pieces and is individually transmitted.

Small Form Factor Pluggable (SFP)

A Cisco module that enables you to add additional features to its routers.

Hot Standby Router Protocol (HSRP)

A Cisco-proprietary protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails.

Conditional Forwarder

A DNS server to which other DNS servers send requests targeted for a specific domain.

Primary Zone

A DNS zone containing a read/write master copy of all resource records for the zone; this zone is authoritative for the zone.

What type of security control provisions resources and procedures to cope with major incidents?

A Disaster Recovery Plan (DRP).

What type of access point is designed to work with a wireless controller?

A Lightweight or Thin access point (or one working on thin mode).

What type of DNS server is likely to accept recursive queries?

A Local name server providing DNS resolution for ordinary workstations. Queries between name server are usually iterative.

Data Terminal Equipment (DTE)

A PC or terminal that interacts with a user.

What type of devices are connected in a PAN?

A Personal Area Network (PAN) is used to link devices such as laptops and smartphones and provide connectivity with peripheral devices (printers, input, headsets, and so on) plus wearable technology, such as fitness trackers and smart watches.

What rack-mountable device can provide line filtering and power monitoring features?

A Power Distribution Unit (PDU).

Secure Sockets Layer (SSL)

A Protocol developed by Netscape for securely transmitting documents over the Internet that uses a private key to encrypt data.

What is the purpose of a SAN?

A Storage Area Network links together all different types of storage devices (RAID array, hard disks, SSDs, and so on) and makes "pools" of storage capacity available to server to access using blocklevel file read/write commands.

Pathping

A TCP / IP command that provides information about latency and packet loss on a network.

Virtual Router Redundancy Protocol (VRRP)

A TCP/IP RFC protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails. Supports IPv6.

ACL Authorization

Determining what rights subjects should have on each resource and enforcing those rights.

Simple Network Management Protocol (SNMP)

A TCP/IP protocol that exchanges management information between networked devices. It allows network administrators to remotely monitor, manage, and configure devices on the network.

Netstat

A TCP/IP utility that shows the status of each active connection.

Session Initiation Protocol (SIP)

A VoIP signaling protocol used to set up, maintain, and tear down VoIP phone calls.

H.323

A VoIP standard that handles the initiation, setup, and delivery of VoIP sessions. Endpoints (terminals) connect to gatekeepers in order to request services.

Multiprotocol Label Switching (MPLS)

A WAN technology popular among service providers. Forwards traffic within a cloud by inserting a 32-bit header (which contains a 20-bit label) between a frame's Layer 2 and Layer 3 headers and making forwarding decisions based on the label within the inserted header.

Uninterruptible Power Supply (UPS)

A battery power source that provides electric current during a power outage.

ANDing

A binary process used to determine the network address of a host address by using the host address subnet mask.

DHCPDISCOVER Packet

A broadcast sent out when a client initializes to find a DHCP server. Sent via UDP, with the server listening on port 67 and the client on port 68.

Small Office Home Office (SOHO)

A business office with usually fewer than 10 employees often located in the business professional's home

Wireless Controller

A central management console for all of the APs on a network.

Multihoming

A client with multiple interfaces (such as Wi-Fi and cellular) can keep the IPSec connection alive when switching between them.

Bootstrap Protocol (BOOTP)

A component of TCP/IP that allows computers to discover and receive an IP address from a DHCP server prior to booting the OS. Other items that may be discovered during the process are the IP address of the default gateway for the subnet and the IP addresses of any name servers.

Classless Addressing

A concept in IPv4 addressing that defines a subnetted IP address as having two parts: a prefix (or subnet) and a host.

Continuity

A conductor does not form a circuit (open) either because of cable damage or the connector is not properly wired.

What types of baseline are useful when performing configuration management?

A configuration baseline records the initial setup of software or appliance. A performance baseline records the initial throughput or general performance of a network (or part of a network). These baselines allow changes in the future to be evaluated.

BNC Connector

A connector used with thin coaxial cable. Some BNC connectors are T-shaped and called T-connectors. One end of the T connects to the NIC, and the two other ends can connect to cables or end a bus formation with a terminator.

Border Gateway Protocol (BGP)

A core routing protocol that bases routing decisions on the network path and rules. Works over TCP on port 179.

Insider Threat

A current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems.

What is an Internet Exchange Point?

A data center and network access point where several ISPs interconnect their networks to save costs.

DSL Access Multiplexer (DSLAM)

A device located in a telephone company's central office that connects multiple customers to the Internet.

What is a RADIUS client and how should it be configured?

A device or server that accepts users connections. Using RADIUS architecture, the client does not need to be able to perform authentication itself; it passes the logon request to an AAA server. The client needs to be configured with the RADIUS server address an a preshared key.

What are the main features of a digital certificate?

A digital certificate contains the subject's public key, which can be used to cryptographically authenticate the subject and encrypt messages sent to it. The certificate is signed by a Certificate Authority (CA) that has validated the subject's identity. The certificate contains other information to identify the subject and describe its purpose.

Stateless Address Autoconfiguration (SLAAC)

A feature of IPv6 in which a host or router can be assigned an IPv6 unicast address without the need for a stateful DHCP server.

Plenum Cable

A grade of cable that does not give off noxious or poisonous gases when burned. Uses treated PVC or Fluorinated Ethylene Polymer (FEP).

Cluster Services

A group of servers, each referred to as a node, which is a means of ensuring that the total failure of a server does not disrupt services generally.

Network Attached Storage (NAS)

A hard drive with a cut-down server board that provides network access, various file sharing protocols, and a web management interface.

What is a directly connected route?

A host or subnet connected to one of the router's interfaces.

Metropolitan Area Network (MAN)

A large computer network usually spanning a city.

Trivial File Transfer Protocol (TFTP)

A light version of FTP that uses a small amount of memory and has limited functionality.

Open Shortest Path First (OSPF)

A link-state protocol that monitors the network for routers that have a change in their link-state, meaning whether they were turned off, on, or were restarted.

Biometric Lock

A lock that reads a unique biological attribute such as a fingerprint, iris, retina, or palm and then uses that input as a key.

Botnet

A logical computer network of zombies under the control of an attacker.

Subnet

A logical subset of a larger network, created by an administrator to improve network performance or to provide security.

Standard

A measure by which to evaluate compliance with the policy.

Broadcast Traffic

A mechanism that transmits the same traffic to multiple nodes using a special type of destination address.

Router Advertisement (RA)

A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used by routers to announce their willingness to act as an IPv6 router on a link. These can be sent in response to a previously received NDP Router Solicitation (RS) message.

Security Information and Event Management (SIEM)

A method for analyzing risk in software systems. It is a centralized collection of monitoring of security and event logs from different systems. Allows for the correlation of different events and early detection of attacks.

Security Content Automation Protocol (SCAP)

A method of using specific protocols and data exchanges to automate the determination of vulnerability management, measurement, and policy compliance across a system or set of systems.

Hub

A multiport repeater, deployed as the central point of connection for nodes wired in a star. Internally wired with transmit (Tx) and receive (Rx) pairs for each port.

Steady State Routing

A network where all routers share the same topology.

Automatic Private IP Addressing (APIPA)

A networking feature in operating systems that enables DHCP clients to self-configure an IP address and subnet mask automatically when a DHCP server isn't available.

Multicast Packet

A packet sent to a group of devices.

Unicast Packet

A packet sent to a single device on the network. Delivered using layer 2 MAC addresses.

Link-State Advertisement (LSA)

A packet that includes information about a router, its neighbors, and the attached network.

Broadcast Packet

A packet that will be received by every device on the network.

What is a 110 block?

A particular type of Insulation Displacement Connector (IDC) used to terminate solid cabling at the back of a wall port or patch panel.

What type or security audit performs active testing of security controls?

A penetration test (pen test). A vulnerability assessment is on that uses passive testing techniques.

Cabled (Transmission Medium)

A physical signal conductor is provided between two nodes.

HOSTS File

A plaintext file configured on a client machine containing a list of IP addresses and their associated host names, which can be used for host name resolution as an alternative to DNS.

What use is a PTR DNS record?

A pointer maps an IP address to a host name enabling a reverse lookup. Reverse lookups are used (for example) in spam filtering to confirm that a host name is associated with a particular IP address.

What is a trunk port?

A port used to connect switches. This allows hosts connect to different switches to communicate and to configure VLANs across multiple switches.

Metric

A preference value assigned to a route in a routing table, with low values being preferred over high ones.

Class of Service (CoS)

A prioritization value used to apply to services, ports, or whatever a quality of service (QoS) device might use.

Virtual Network Computing (VNC)

A program that allows you to control a computer at a remote location.

Transport Layer Security (TLS)

A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet.

Point-to-Point Protocol (PPP)

A protocol that allows a computer to connect to the Internet over a phone line.

Iterative Query

A query used by the DNS server for name resolution when a client requests only the information the server already has in its cache for a particular domain name.

Recursive Query

A query used by the DNS server for name resolution when a client requests that its preferred DNS server find data on other DNS servers.

Secondary Zone

A read-only copy of the data that is stored within a primary zone on another server.

Registered Jack (RJ)

A rectangular connector with a locking clip on one side and a number designation that refers to the size rather than the number of wires.

Active/Passive Clustering

A redundant node is used to failover, preserving performance during failover at the cost of provisioning a redundant resource.

Exterior Gateway Protocol (EGP)

A routing protocol that operates between autonomous systems, which are networks under different administrative control. Border Gateway Protocol (BGP) is the only EGP in widespread use today.

Interior Gateway Protocol (IGP)

A routing protocol that operates within an autonomous system, which is a network under a single administrative control. OSPF and EIGRP are popular examples of IGPs.

Virtual Private Network (VPN)

A secure, private tunnel that communicates with public internet infrastructure privately.

What is a looking glass site?

A server allowing third parties to inspect the routing infrastructure of an autonomous system, assisting troubleshooting.

DHCP Relay Agent

A service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to a DHCP server on a remote subnet.

Access Control List (ACL)

A set of IF-THEN rules used to determine what to do with arriving packets.

Protocol Suite

A set of protocols that are commonly used together and operate at different levels of the OSI seven-layer model.

Pre-Shared Key (PSK)

A shared secret that has been previously shared between parties and is used to establish a secure channel.

Twisted Pair

A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference and crosstalk.

Point-To-Point

A single link is used to connect two sites.

What is a heat map?

A site survey plotting the strength of wireless signals in different parts of a building.

What function does a smart jack serve?

A smart jack is a means of terminating a T1 digital leased line. The smart jack typically provides a loopback facility for the access provider to test the line.

Spectrum Analyzer

A software tool that assesses the characteristics (for example, frequency, amplitude, and the effects of interference) of wireless signals.

ip6.arpa

A special domain that is specifically designed for reverse name resolution using IPv6.

in-addr.arpa

A special domain that is specifically designed for reverse name resolution.

What is anycast?

A special type of multicast where a message can be sent to any member of a group (the closest available one) but not all of them.

Wi-Fi Direct

A standard for connecting Wi-Fi devices directly, without using a router or an access point

Optical Multimode (OM)

A standard for multimode fiber.

Common Vulnerabilities and Exposures (CVE)

A standard that enables security devices to share information about attack signatures and other vulnerabilities so that they can work together to protect networks.

How does a traffic shaper benefit real-time data applications?

A traffic shaper can reserve bandwidth so that a real-time data application is guaranteed QoS (in terms of latency and jitter).

What device enables termination of different patch cord types in an appliance such as a switch or router?

A transceiver or interface converter such as a GBIC, SFP, SFP+, or QSFP.

Generic Routing Encapsulation (GRE)

A tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets.

Shielded Twisted Pair (STP)

A twisted pair cable that has an aluminum shield inside the plastic jacket that surrounds the pairs of wires.

Digital Subscriber Line (DSL)

A type of Internet connection that uses phone lines but transmits signals digitally across an always-open connection. Can make high bandwidth, full-duplex transmissions.

Integrated Services Digital Network (ISDN)

A type of Internet connection that uses standard circuit-switched phone lines to send digital data.

Gigabit Ethernet

A version of Ethernet that supports rates of data transfer up to 1 gigabit per second. Documented as IEEE 802.3z and 1000BASE-X.

Vulnerability

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Digital Certificate

A wrapper for a subject's (or end entity's) public key. Also contains information about the subject and the certificate's issuer or guarantor.

Convert the binary value "1010 0001 1000 1100" to hex.

A18C.

What type of DNS record resolves IPv6 addresses?

AAAA.

What distinguishes ATM from Ethernet?

ATM uses fixed size cells compared to Ethernet's variable size frames.

Four Layers of Hierarchy

Access, distribution, core, and data center

What four layers can be used to conceptualize network design and hierarchy?

Access, distribution, core, and data center.

What configuration request would be implemented by IT services during employee onboarding?

Account creation, issuance of user credentials, and allocation of permissions / roles.

Infrastructure Topology

Adapter is configured to connect through a base station or Access Point to other wireless and wired devices.

Internet Key Exchange, Version 2 (IKEv2)

Added support for EAP authentication methods, simplified connection setup, reliability.

Scalability

Additional users or devices can be added to the network without having to significantly re-design or re-engineer the existing infrastructure.

Default Gateway

Address of a router on the same IP network as the host.

Hub-and-Spoke Topology

All communications are channeled via the hub network.

Telnet

All communications are in the clear. Replace by SSH.

Differential Backup

All data modified since last full backup is backed up.

Active/Active Clustering

All nodes are processing concurrently. Performance will be reduced during failover.

Full Backup

All selected data, regardless of when it was previously backed up, it backed up.

Classful Addressing

Allocates a network ID based on the first octet of the IP address.

Multicast Listener Discovery (MLD)

Allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.

Wireless Access Point

Allows nodes with wireless network cards to communicate and joins wired networks to wireless ones

Power over Ethernet (PoE)

Allows power to be transmitted over Ethernet cable to remote devices.

Route Redistribution

Allows routes learned by one routing protocol to be injected into the routing process of another routing protocol.

Internet Message Access Protocol (IMAP)

Allows sharing of mailboxes and multiple mail server access.

Apart from software crashes, what is a possible effect of a software exploit?

Allows the attacker to execute code on the system.

IR Blaster

Allows the device to interact with an IR receiver and operate a device such as a TV or HVAC monitor as though it were the remote control handset.

Mesh Topology

Also known as a Wireless Mesh Network (WMN). Nodes are capable of discovering one another and peering. These mesh stations can perform path discovery and forwarding between peers.

What is the measurement standard for wire thickness?

American Wire Gauge (AWG).

Data Rate

Amount of information that can be transferred per second.

Bit Rate

Amount of information that can be transmitted. Measured in bits per second.

Repeater

Amplifies the signal to extend the maximum allowable distance for a media type.

Captive Portal

An AP that requires users to agree to some condition before that can use the network / internet.

What is an ASN and how does it assist route aggregation?

An Autonomous System Number (ASN) identifies a group of network prefixes under the administrative control of a single entity (such as an ISP) the AS can be advertised to other AS through a single prefix (route aggregation), hiding the complexity of the internal network from other autonomous systems.

Wired Equivalent Privacy (WEP)

An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.

Automatic Allocation

An IP address that is leased permanently to a client.

IPv6 Link-Local Addressing

An IP address that is required for every IPv6-enabled network interface and that allows a device to communicate with other IPv6-enabled devices on the same link.

IPv6 Anycast Addressing

An IPv6 anycast address is a single address that can be assigned to multiple interfaces.

Thin AP

An access point that requires a wireless controller to function.

Fat AP

An access point whose firmware contains enough processing logic to be able to function autonomously and handle clients without the use of a wireless controller.

User Datagram Protocol (UDP)

An alternative to TCP that achieves higher transmission speeds at the cost of reliability.

Video Teleconference (VTC)

An application that allows people to communicate in video and voice.

Configuration Item (CI)

An asset that requires specific management procedures for it to be used to deliver the service. Must be labeled.

Baseline

An asset's normal state of being.

LDAP Injection Attack

An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.

VLAN Hopping

An attack that sends traffic to a VLAN other than the one the host system is in.

DNS Poisoning

An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.

Multimeter

An instrument for measuring the properties of an electrical circuit.

Synchronous Optical Network (SONET)

An interface standard for transporting digital signals over fiber-optic lines; allows the integration of transmissions from multiple vendors.

What is a "top listener" in terms of network monitoring?

An interface that receives the most incoming traffic.

Common Address Redundancy Protocol (CARP)

An open standard variant of HSRP, which provides first-hop router redundancy.

LDAPS - No Authentication

Anonymous access is granted to the directory

Riser Cable

Another term for vertical cable; refers to cable that goes between floors in a building.

Cloud Computing

Any sort of IT infrastructure provided to the end user where the end user is not aware of or responsible for any details of the procurement, implementation, or management of the infrastructure.

If a mapping for a local destination host is not found in a source host ARP cache, how does the source host send an ARP request?

As a broadcast to all local hosts.

If you detect a significant increase in noise affecting a cable link, how would you go about determining the cause?

Ask what has changed - it is likely that some equipment or power cabling has been installed near the data cable link.

PHY (Physical Layer) Diagram

Asset IDs and cable links. Use colors to represent cable types.

VLAN ID

Assigned to a port, and represents a separate broadcast domain. They can communicate across multiple switches, so users can be attached to different switches (same VLAN) and be in the same broadcast domain.

IPv6 Unique Local Addressing

Assigns addresses that are only routable within a site (or collection of sites). Not routable over the internet.

Offset

Assists the destination host in reconstructing the fragments into the original packet

Encapsulation

At each layer, sending node adds a header to the payload (data).

Distributed Reflection DoS (DRDoS)

Attacker spoof the victim's IP address and attempts to open connections with multiple servers, which direct their SYN/ACK responses to the victim server.

Smurf Attack

Attacker spoofs the victim's IP address and pings the broadcast address of a third-party network. Each host on that network directs its echo responses to the victim server.

File Integrity Monitoring

Audits key system files to make sure they match authorized ones.

KDC Authentication Service

Authenticates user logon requests.

Remote Authentication Dial-In User Service (RADIUS)

Authentication, Authorization, and Accounting is performed by a separate server (the AAA server). Remote access devices (routers, layer 3 switches, WAPs, VPN services) function as client devices for the AAA server to pass data between the AAA server and the remote user.

What element is missing from the following list and what is its purpose: identification, authentication, accounting.

Authorization - assigning privileges over the network object to the subject.

Dynamic Host Configuration Protocol (DHCP)

Autoconfiguration service that enables the host to obtain a valid IP address and other network configuration information, such as the address of a default gateway (or router) that can be used to connect to other networks.

Private Branch Exchange (PBX)

Automated switchboard providing a single connection point for an organization's voice and data lines.

Flood Guard

Automatically shuts down a port that is receiving an unacceptable number of broadcast frames

Remediation - Quarantine Network

Based on a captive portal, which only allows HTTP traffic that is redirected to a remediation server. Allows clients to install OS and anti-virus updates to make the client machine compliant.

Global System for Mobile Communications (GSM)

Based phones using Time Division Multiple Access (TDMA), where each subscriber gets access to the radio channel by being allocated a time slot. Used by AT&T and T-Mobile.

Layer 4 Load Balancer

Bases forwarding decisions on IP address and TCP/UDP port values. Stateless, as it doesn't retain any information about user sessions.

DS1 (T1)

Bandwidth is 1.544 Mbps, has 24 channels and one T1 unit.

DS3 (T3)

Bandwidth is 44.736 Mbps, has 672 channels and 28 T1 units.

CEPT0

Bandwidth is 64 Kbps, has one channel and no E1 units.

DS0

Bandwidth is 64 Kpbs, has one channel and no T1 units.

Why might the baud rate be different from the bit rate?

Baud is the number of symbols measured is Hertz; bit rate is the amount of information, measured in bits per second. A signaling technique might encode more than one bit per second.

External Virtual Switch

Binds to the host's NIC to allow the VM to communicate on the physical network.

Other than attempting to block access to sites based on content, what other security options might be offered by internet content filters?

Blocking access based on time of day or total usage.

Pin 4

Blue (T568A and T568B), BixC+ (1/10 Gbps)

Pin 5

Blue/White (T568A and T568B), BixC- (1/10 Gbps)

Split Pair

Both ends of a single wire in one pair are wired to terminals belonging to a different pair.

255.255.255.255

Broadcasts to the local network when the local network address is not known.

Pin 8

Brown (T568A and T568B), BixD- (1/10 Gbps)

Pin 7

Brown/White (T568A and T568B), BixD+ (1/10 Gbps)

How is jitter mitigated by a VoIP application?

By buffering packets.

What means might an attacker use to redirect traffic to a fake site by abusing DNS name resolution?

By injecting false mappings into the client cache or into the server cache or by getting the client to use a rogue DNS resolve.

How might an attacker recover a password from an encrypted hash?

By using a password cracking tool. This may recover the password if it uses a simple dictionary word or if it is insufficiently long and complex (brute force).

UC Server

Centralizes the presence information and coordinates the communication channels.

Initiator

Host Bus Adapter (HBA) installed in the file or database server. Identified by a 64-bit World Wide Name (WWN).

Hosted Private

Cloud hosted by a third-party for the exclusive use of one organization.

Hybrid Fiber Coax (HFC)

Coax cable links the fiber optic trunk serving the whole street to the cable "modem" installed in the customer's premises.

Which cable type consists of a core made of solid copper surrounded by insulation, a braided metal shielding, and an outer cover?

Coax.

Ultra Physical Contact (UPC)

Cable and connector are polished to a higher standard.

Patch cables are vulnerable to failure because they frequently trail from the PC to the wall socket. What bit of equipment would you use to check that a cable is physically intact?

Cable tester.

User Key

Can be used instead of a password to authenticate with the appliance.

Public IP Network

Can establish a connection with other hosts over the Internet

Next Generation Firewall (NGFW)

Can inspect and parse (interpret) the contents of packets at the application layer (layer 7).

Omnidirectional Rod

Can send and receive signals in all directions.

Host-based IDS (HIDS)

Captures information from a single host (a server, router, or firewall for instance).

Sniffing

Capturing and reading data packets as they move over the network.

Which categories of unshielded twisted pair cables are certified to carry data transmission faster than 100 Mbps?

Cat 5e, Cat 6 / 6A, and Cat 7.

Jitter

Caused by congestion at routers and other internetwork devices, or by configuration errors. Manifests as inconsistent rate of packet delivery.

BPDU Guard

Causes a fast-configured port that receives BPDU to become disabled. Protects against misconfiguration or malicious attack.

Denial of Service (DoS)

Causes a service at a given host to fail or become unavailable to legitimate users.

BPDU Filter

Causes the port to drop all BPDUs. Could cause traffic to loop if used improperly.

Confidentiality

Certain information should only be known to certain people.

LAN Manager

Challenge/response authentication protocol using an encrypted hash of the user's password.

Single Mode Fiber to Ethernet

Change light signals from SMF cabling into electrical signals carried over a copper wire Ethernet network (and vice versa).

What does it mean if a routing protocol converges to a steady state quickly?

Changes to the network topology are propagated between routers quickly. This makes the network quicker and more reliable.

What options may be available for an 802.11n network that are not supported under 802.11g?

Channel bonding, Multiple-Input-Multiple-Output (MIMO), and use of either 2.4 GHz or 5 GHz frequency bands.

Widget Corporation has provided wireless access for its employees using several access points located in different parts of the building. Employees connect to the network using 802.11g-compatible network cards. On Thursday afternoon, several users report that they cannot log on to the network. What troubleshooting step would you take first?

Check whether the problem machines are trying to utilize the same access point.

What surrounds the core of optical fibers in a fiber optic cable?

Cladding.

Differentiated Services (DiffServ)

Classifies each packet passing through a device. Helps to prioritize delivery.

If a routing protocol carries a subnet mask field for route updates, what feature of IP routing does the routing protocol support?

Classless addressing (subnetting and supernetting).

Secure Sockets Tunneling Protocol (SSTP)

Client establishes a secure connection with the server using HTTPS and digital certificates. PPP frames are then tunneled over the secure link.

Passive FTP

Client opens a data port (typically N+1) and sends the PASV command to the server's control port. Server then opens a random high port number and sends it to the client using the PORT command. Client initiates the connection between the two ports.

EAP - Supplicant

Client requesting authentication.

KDC Ticket Granting Ticket

Client requests a service ticket (a token that grants access to a target application server) by supplying a ticket to the Ticket Granting Service (TGS).

SSH Client Authentication - Kerberos

Client submits the Kerberos credentials (a Ticket Granting Ticket) obtained when the user logged into the workstation to the server using GSSAPI.

Transport Layer Security (TLS) VPN

Clients access the server using TLS so that the server is authenticated to the client. Creates an encrypted tunnel for the user to submit authentication credentials.

Elasticity

Cloud can scale to meet peak demand.

Public (multi-tenant)

Cloud hosted by a third-party and shared with other subscribers. Risks with performance and security.

What mechanism does RTS/CTS support?

Collision avoidance (CSMA/CA). Rather than try to detect collisions, a wireless station indicates its intent to transmit by broadcasting a Request to Send (RTS) and waits to receive a Clear to Send (CTS) before proceeding.

Multifactor Lock

Combines different methods (I.E. smart card with a PIN).

Storage Virtualization

Combines multiple network storage devices so they appear to be a single storage device. Makes it easier to expand or shrink storage capacity without having to reconfigure the client.

Link Aggregation

Combining two or more separate cabled links into a single logical channel. NIC teaming from the host-side, port aggregation from the switch-side.

STARTTLS

Command that upgrades an existing unsecure connection to use TLS.

Domain Information Groper (DIG)

Command-line tool in non-Windows systems used to diagnose DNS problems.

Network number

Common to all hosts on the same IP network.

Learned Routes

Communicated to the router by another router using a dynamic routing protocol.

Port Forwarding

Communications over a particular port are channeled through SSH, which provides authentication and encryption for that application.

Link Layer/Network Interface

Comprises the hardware and software involved in the interchange of frames between hosts.

Honeypot

Computer system setup to attract attackers, with the intention of analyzing attack strategies and tools, provide early warning of attacks, or to divert attention from actual systems.

Incorrect Termination / Mismatched Standards

Conductors are incorrectly wired into the terminals at one or both ends of the cable.

What mechanisms protect the switching infrastructure from malicious STP traffic?

Configuration settings such as BPDU Guard and BPDU Filter prevent hosts from injecting Bridge Protocol Data Units (BPDU) into the network. Root guard prevents devices from attempting to become root.

When configuring multiple DHCP servers for redundancy, what would you take care to do?

Configure the servers with non-overlapping scopes.

What is a virtual terminal?

Configuring a management IP address on a switch to connect to its command line interface over the network (rather than via a serial port).

You are troubleshooting a connectivity problem with a network application server. Certain clients cannot connect to the service port. How could you rule out a network or remote client host firewall as the cause of the problem?

Connect to or scan the service port from the same segment with no host firewall running.

DSL Modem

Connected to the phone line via an RJ-11 port and to the local network's router via an RJ-45 Ethernet port.

TCP/IP Data Delivery Methods

Connection-oriented delivery using the Transmission Control Protocol (TCP) Connectionless delivery using User Datagram Protocol (UDP)

Virtual NIC

Connects a VM to a virtual switch and functions like a physical NIC. Has a unique MAC address and IP addresses. Forwards the VMs network I/O in the form of Ethernet frames to the virtual switch

Backbone Cabling

Connects horizontal cross-connects to the main cross-connect. Wired in a star topology.

Fibre Channel Fabric

Connects initiators and targets. Can be up to 10km (6 miles) in length using a single mode cable, or 500m (1640ft) using multimode cable.

Signaturebased Detection

Engine is loaded with a database of attack patterns or signatures. If traffic matches a pattern, the engine generates an incident.

What is the function of a dig subcommand such as "+nostats"?

Control what is shown by the tool. You can use these commands to suppress certain kinds of output, sch as sections of the response from the DNS server.

Channel Service Unit/Data Service Unit (CSU/DSU)

Convert Ethernet frames from the router to the frame format and digital signaling supported by the WAN environment.

Media Converter

Converts one media signaling type to another

Media Types

Copper cable, fiber optic cable, wireless radio

RG-6

Core = 18 AWG, Impedance = 75 ohms, used as a drop cable for modern Cable Access TV (CATV) and broadband cable modems.

RG-59

Core = 20 AWG, Impedence = 75 ohms, used as a drop cable for older CATV/cable modem installs and CCTV network cabling.

Pharming

Corrupts the way the victim's computer performs internet name resolution, which redirects them to a malicious site instead of the genuine one.

C

Country, a country's 2-character ISO code.

Local Area Network (LAN)

Covers a wide range of different sizes of network but is mostly confined to a single geographical location.

No More Addresses Available (Exhaused DHCP Scope)

Create a new scope with sufficient addresses or reduce lease period.

Secure Hash Algorithm (SHA)

Creates a fixed sized output based on the file contents. No other input can produce the same hash output.

Host-to-Host VPN

Creates a secure tunnel between two hosts.

ACL Identification

Creating an account or ID that identifies the user or process on the computer system.

Patch Panel

Cross-connect that uses modular jacks and connectors. 110 Block IDCs on one side and pre-wired RJ-45 jacks on the other. Simplifies wiring connections.

True or false? User Datagram Protocol (UDP), like TCP, uses flow control in the sending of data packets.

False.

Troubleshooting - Test the Theory to Determine Cause

Determine next steps to resolve the problem, (if theory is not confirmed) re-establish new theory or escalate.

Interface ID/EUI-64

Determined by using the interface's MAC address or by assigning a pseudorandom number for the interface ID.

DHCPv6 Stateless

DHCP servers only serve optional information, host use router discovery and autoconfiguration

DHCPv6 Stateful

DHCP servers server IPv6 address, subnet mask, default gateway, and optional items.

TCP Port 53

DNS Server for larger record transfers over 512 bytes.

What is an I/G/ bit?

Determines whether a frame is addressed to a single node (0) or group (1). The latter is used for multicast and broadcast.

Resource Records

Data in a DNS database containing information about network resources, such as hostnames, other DNS servers, and services; each record is identified by a letter code.

Storage Attached Network (SAN)

Data is provided at the block level (actual location of data on media [Block I/O]). Helps to integrate different kinds of storage technology, and can be isolated from the main network.

Integrity

Data is stored and transferred as intended, and any modification to that data is authorized.

Data Emanation

Data leakage. Packet sniffing a WLAN is very easy if you can get within range.

Utilization

Data transferred over a particular period.

Personally Identifiable Information (PII)

Data used to identify, contact, or locate an individual (SSN, static IP).

Users on a particular network segment have been experiencing poor performance. The cause has been identified as a "broadcast storm". What is often the cause of broadcast storms?

Defective network card or switch, misconfiguration of STP, or the unauthorized or unplanned attachment of bridging devices that create a loop.

What step can you take to prevent unauthorized use of a remote access server?

Define which user accounts have dial-in rights and ensure each user protects their authentication credentials.

IEEE 802.11g

Defines a WLAN that operates up to 54 Mbps in the 2.4 GHz frequency.

MAC Filtering

Defines which MAC addresses are allowed to connect to a particular port.

What sort of maintenance must be performed on signature-based monitoring software?

Definition / signature updates.

Fibre Channel over Ethernet (FCoE)

Delivers Fibre Channel packets over a 10G Ethernet cabling. Maps WWNs onto MAC addresses.

Top Level Domains (TLD)

Denotes the type of organization or country the address specifies (.com, .org, .uk, .ca)

What is the default rule on a firewall?

Deny anything not permitted by the preceding rules.

Protocol Field

Describes what is contained (or encapsulated) in the payload so that he receiving host knows how to process it.

AUX Port

Designed to connect to a modem and provide remote access over a dial-up link.

Wi-Fi Protected Access (WPA)

Designed to fix the problems of WEP. Still uses RC4 cipher but addess Temporal Key Integrity Protocol (TKIP) to make it stronger. (TKIP-RC4).

Application Firewall

Designed to run on a server to protect a particular application only.

ICMPv6 Error Messages

Destination unreachable. Packet too Big. Time Exceeded.

Lightweight EAP (LEAP)

Developed by Cisco in 200 to try and resolve weaknesses in Wired Equivalent Privacy (WEP). Vulnerable to password leaking because it relies on MS-CHAP to transmit authentication credentials.

Your office block is hosting a conference event. During the morning coffee break, several guests report that they cannot access their webmail. What is likely the cause?

Device saturation - the access point is likely to be experiencing greater load than usual and cannot cope with the volume of requests.

Add/Drop Multiplexer (ADM)

Device that allows inputs from lower bit rate streams to be added and removed.

EAP - Authenticator

Device that receives the authentication request and establishes a channel for the supplicant and authentication server to exchange credentials. Blocks any other traffic.

Near Field Communication (NFC)

Device that works as both tag and reader to exchange information with other devices. Works at up to 2 inches at data rates of 106, 212, and 424 Kbps.

What general requirements and limitations should you consider when implementing a basic network?

Device types, environment, equipment, compatibility, wired / wireless, and security.

Machine-to-Machine (M2M) Communication

Devices that communicate and pass data between themselves and other traditional systems like computer servers.

Attenuation to Crosstalk Ratio (ACR)

Difference between insertion loss and NEXT. High values mean that the signal is stronger than any noise present. Lower values mean that the link is likely to be subject to high error rates.

Margin

Difference between the actual signal loss and the maximum value allowed for the cable standard. Higher values are better.

What must be installed on a server to use secure (HTTPS) connections?

Digital certificate.

Netstat -e

Displays Ethernet statistics.

Netstat -n

Displays addresses and port numbers in numerical form.

Netstat -a

Displays all connections

NETSTAT -p [protocol]

Displays connections by protocol (TCP, UDP, TCPv6, UDPv6).

Netstat -s

Displays per-protocol statistics.

Load Balancer

Distributed client requests across available server nodes in a "farm" or pool. Provides fault tolerance.

Port State - Blocking

Does not forward frames or learn MACs and drops all frames other than BPDUs.

Port State - Disabled

Does not forward frames or learn MACs because it has been disabled by an administrator.

DC

Domain Component, components of the object's domain.

Inverse-Square Rule

Doubling the distance decreases the signal strength by a factor of four.

War Driving

Driving around with a wireless-enable laptop scanning for unsecure WLANs.

Dotted Decimal Notation

Each octet in an IP address is converted to a decimal value.

Packet Switching

Each packet is addressed with a source and destination address and then transferred using any available pathway to the destination computer. Can automatically recover from communication link failures by re-routing data packets if transmission lines are damaged.

Distance Vector Routing

Each router passes a copy of its routing table to its adjacent neighbors.

Code Division Multiple Access (CDMA)

Each subscriber uses a code to "key" the modulation of their signal. This "key" is used by the receiver to extract the subscriber's traffic from the radio channel. Used by Sprint and Verizon.

Session Initiated Protocol (SIP)

End-user devices (user agents) are assigned a unique Uniform Resource Indicator (URI). Runs over UDP or TCP ports 5060 (unsecure) and 5061 (secured via TLS).

What is microsegmentation?

Each switch port creates a separate collision domain for each attached host, essentially eliminating the effect of collisions on network performance.

PPP over Ethernet (PPPoE)

Easy to establish connection without needing to know more than how to establish a dial-up connection.

ICMP Error Types

Echo Request/Reply, Destination Unreachable, Time Exceeded, Redirect

ICMPv6 Informational Messages

Echo request. Echo Reply.

How can a DMZ be implemented?

Either using two firewalls (external and internal) as a screened subnet or using a triple-homed firewall (one with three network interfaces).

ACL Trusted Users

Employees, approved partners, or contractors who are authorized to use network resources.

Traffic Shapers

Enable administrators to closely monitor network traffic and to manage that traffic. Delay certain packet types based on their content to ensure that other packets have higher priority.

H.323 Gateway

Enabled non-H323 networks to connect to H.323 networks and access the services provided.

Realtime Transport Protocol (RTP)

Enabled the delivery of a stream of media data via UDP, while implementing some of the reliability features of TCP. Runs on UDP port 5004.

SIP Authentication - Domain and SIP Trunk Identifiers

Enables DNS-based domain information to be used to check the source and/or destination of calls.

IPv6 Prefix Discovery

Enables a host to discover the known network prefixes that have been allocated to the local segment. Allows for next-hop determination.

Redirection

Enables a router to inform a host of a better route to a particular destination.

Circuit Switching

Enables a temporary dedicated path to be established between two locations such as two routers, which provide a path for communications. Provides guaranteed bandwidth.

Internet SCSI (iSCSI)

Enables the transfer of SCSI data over an IP-based network.

IP Packets (Datagrams)

Encapsulate data from the transport layer, adding a number of fields as a header.

EAP-TLS

Encrypted Transport Layer Security tunnel is established between the supplicant and the authentication server using public key certificates on the authentication server and supplicant.

Protected Extensible Authentication Protocol (PEAP)

Encrypted tunnel is established between the supplicant and authentication server, but only requires a server-side public key certificate. Supplicant does not require a certificate.

Crypto-Malware Ransomware

Encrypts data files on the victim's computer, removable drives, and network drives.

True or false? The IP address 172.24.0.1 is routable over the Internet.

False. 172.16.0.0 - 172.31.255.255 is the "Class B" private address range.

You are planing to reconfigure static and DHCP-assigned static IP addresses across the network during scheduled downtime. What preliminary step should you take to minimize connectivity issues when the network is reopened?

Ensure that clients obtain a new DHCP license, either by shortening the lease period in advance or by using a script to force clients to renew the lease at startup.

Transport Layer Responsibilities

Ensures reliable data delivery using acknowledgment messages

VLAN Pooling

Ensures that the total number of stations per VLAN is kept within specified limits, reducing excessive broadcast traffic.

Checksum - TCP

Ensures validity of the segment.

What are the main elements of password policy?

Ensuring strong password selection and preventing sharing of passwords. You might also mention password aging / changing passwords regularly.

Cloud Access Security Broker (CASB)

Enterprise management software designed to mediate access to cloud services by enterprise users across all types of devices.

Port Scanning

Enumerates the TCP or UDP application ports that are open on a host. Might also help to identify the operating system of the target.

Topology Exchange Notifications

Exchanged between bridges if devices are added or removed, enabling them to change the status of forwarding/blocked ports appropriately.

What is an EUI-54 and how might it be used in IPv6?

Extended Unique Identifier (EUI) is IEEE's preferred term for a MAC address. EUI-64 is a 64-bit hardware interface ID. A 48-bit MAC address can be converted to an EUI-64 using a simple mechanism. The EUI-64 can be used as the IPv6 interface ID, though a randomly generated token is often preferred.

Terminal Adapter (TA)

External appliance or plug-in card for a PC or compatible router.

IPv6 Unique Local Address

FC00::/7 or FC00::/8

Nmap -sF

FIN scan that sends an unexpected FIN packet.

Teardown

FIN, ACK/FIN, ACK

What is a generic top-level domain?

FQDNs are arranged in a hierarchy from the root. Top-level domains are those farthest to the right. Generic TLDs are those maintained by ICANN (.com, .org, .net, .info, .biz) - the other main sets of TLDs are country codes and sponsored.

Angle Physical Contact (APC)

Faces are angled for an even tighter connection. Cannot be mixed with PC or UPC. Used to carry analog signalling.

Tail Drop

Failing to deliver packets once the configured traffic threshold has been reached.

True or false? Rack units are sold in models of vary width.

False - a 19" width is standard while the height varies in "U" units of 1.75".

True or false? An ESD wrist strap is designed to provide a personal group to protect a technician from electrocution when working on energized electrical devices.

False - a safety or utility group is a pathway for electricity to flow in the event of a short so that it is less likely to electrocute someone touching a "live" bit of metal but the technician should NEVER be part of this grounding path. An ESD (ElectroStatic Discharge) group equalizes the electrical potential between surfaces to reduce the change of damage to components. Such wrist straps should have working resistors to prevent any dangerous about of current from flowing through them but the are not safety devices.

True or false? "Cat" standards only apply to wiring.

False - connectors and interconnects are also rated to cat standards.

True or false? It is only possible for VMs to be networked via a virtual switch (vSwitch).

False - it is possible to configure a VM to use either switches virtualized by the hypervisor or the network's physical switches (via the host's NIC).

True or false? Suppressing transmission of the WLAN beacon improves security.

False - the beacon cannot be suppressed completely. Increasing the broadcast interval reduces network overhead but increases the time required to find and connect to the network.

True or false? A Computer with a 10BASE-T Ethernet adapter cannot be joined to a 100BASE-T network.

False. Fast Ethernet is backwards-compatible with 10BASE-T (and Gigabit Ethernet is backwards-compatible with Fast Ethernet).

True or false? A bridge does not forward broadcast or unicast traffic.

False. Ports on a bridge are in the same broadcast domain.

True or false? The CRC mechanism in Ethernet allows for the retransmission of damaged frames.

False. The CRC only indicates that a frame may be corrupt.

True or false? Devices can only transmit on an Ethernet network when it is free and the opportunity becomes less frequent as more devices are added. Also the probability of collisions increases. These problems can be overcome by installing a hub.

False. The description of the problem is true but the solution isn't (use a switch).

True or false? The Session Layer is responsible for passing data to the Network layer at the lower bound and the Presentation Layer at the upper bound.

False. The session layer is between the transport and presentation layers.

Attenuation-to-Crosstalk Ratio, Far End (ACRF)

Far End Crosstalk (FEXT) measured at the recipient end. It is the difference between insertion loss and FEXT, and measures cable performance regardless of actual link length.

Straight Tip (ST)

Fiber optic connector that was used for multimode networks, but is not currently widely used anymore.

Fiber to the Curb (FTTC)

Fiber optic network is extended from exchanges to much closer to the customer premises.

Certutil -hashfile File Algorithm

File = input Algorithm= MD5, SHA1, SHA256, SHA512

Load Balancing Prioritization

Filters and manages traffic based on its priority.

What are the two basic principles of identifying the cause of a problem?

Find out if anything has changed and test on thing at a time.

What are the main elements of fire safety procedures?

Fire / smoke building detection and alarms plus safe escape routes from the building and emergency drills / procedures.

Screened Host

Firewall that sits between the perimeter router and the internal interface.

IPv6 Multicast Address Construction

First 8 bits indicate that the address is in multicast scope (1111 1111 or ff) Next 4 bits used to flag types of multicast if necessary Next 4 bits determine the scope Final 112 bits define multicast groups within that scope

How is the person who first receives notification of a potential security incident designated?

First responder.

A function of TCP is to handle flow control. What is the purpose of the flow control function?

Flow control makes sure the sender does not inundate the receiver with data packets.

Unidirectional Rod

Focused signal direction.

What type of activity is often a prelude to a full-scale network attack?

Footprinting - obtaining information about the network and security system. This might be done by port scanning, eavesdropping, or social engineering.

iptables - OUTPUT

For outgoing connections.

Under STP, if a host port is working as normal, what state is it in?

Forwarding

Port State - Forwarding

Forwards frames and learns MACs, meaning that it is working as normal.

Transmission Control Protocol/Internet Protocol (TCP/IP)

Four-layer model: application, transport, internet, and link (or network interface).

What sort of log would you inspect if you wanted to track web server access attempts?

History/security/audit log.

Troubleshooting - Identify the Problem

Gather information, duplicate the problem (if possible), question users, identify symptoms, determine if anything has changed, approach multiple problems individually

Public Switched Telephone Network (PSTN)

Global telecommunications network.

Pin 2

Green (T568A) or Orange (T568B), Tx- (10/100 Mbps), BixA- (1/10 Gbps)

100BASE-T transmit pins are 1 and 2. What color-code are the wires terminated to these pins under T568A and T568B?

Green / White (Pin 1) and Green (Pin 2) for T568A or Orange (Pin 1) / White and Orange (Pin 2) for T568B.

IEEE 802.11ah

HaLow. Uses sub 1 Ghz band to achieve long-distance transmissions. Optimizes low power consumption by making use of sleep states, shortened contention negotiation, and small packet sizes.

Data Plane

Handles the actual switching and routing of traffic and imposition of Access Control Lists (ACLs) for security.

Data Transport

Handles the delivery of the actual video or voice information.

SSL Offload

Handles the processing of authentication and encryption/decryption.

What technology provides data security assurance during the asset disposal phase of system lifecycle?

Hard drive / media sanitation, such as encryption or disk overwriting.

SNMP Agents

Hardware, software, or both, talks to the managed device.

Default VLAN

Has an ID of 1, which cannot be changed. All ports on a switch default to being in this group. Avoid sending data over this default.

Triple-Homed Firewall

Has three network ports (external interface, DMZ, internal interface). Saves on cost, but easier to compromise because it has a single point of failure.

Fragment Identifier

Helps group fragments together

Domain Name System (DNS)

Hierarchical system of distributed name server databases that contain information on domains and hosts within those domains.

Core and Distribution Layer - Aggregation Switch

High-performing switches deployed to aggregate links in a large enterprise or service provider's routing infrastructure.

InfiniBand

High-speed switching fabric representing another way to create a SAN. Supports up to 100Gpbs unidirectional throughput.

What is the purpose of HSRP and VRRP?

Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) allow multiple physical router appliances to act as the same logical router, providing redundancy, load balancing, and failover.

Telecommunications Room

Houses horizontal cross-connects. Termination point for the horizontal cabling along with a connection to backbone cabling.

Punchdown Block

How Copper Wiring is terminated. Used for telecommunications and data cabling.

What type of device is used to implement a star topology?

Hub/switch/router.

Something You Are Authentication

I.E. Fingerprint or retina scan

Something You Do Authentication

I.E. Making a signature

Something You Have Authentication

I.E. Smart card

Somewhere You Are Authentication

I.E. Using a mobile device with location services

Sequence Number - TCP

ID number of the current segment.

On a UNIX host, which TCP/IP parameters must be defined for the host to be able to communicate with hosts on a remote network?

IP Address, Subnet Mask, Default Gateway (address of the router).

Logical (IP/Layer 3) Diagram

IP addresses of router interfaces and firewalls plus links showing the IP network ID and netmask, VLAN ID, and DHCP scopes.

Round Robin DNS (RRDNS)

IP addresses that are provided to clients are pulled from a list so that different clients are distributed to different servers, balancing the load.

What technology could be used to provision security cameras without having to provide a separate circuit for electrical power?

IP cameras could be powered over data cabling using Power over Ethernet (PoE).

IPSec - Transport Mode

IP header for each packet is not encrypted, just the data (or payload). Used to secure communications on a private network.

What is the difference between IP and MPLS routing?

IP routing is "best effort" while MPLS allows for constraint-based routing, enabling traffic shaping.

Name Server (NS)

Identifies authoritative DNS name servers for the zone.

IPv6 Multicast Addressing

Identifies multiple networking interfaces. Must be supported by IPv6 routers.

Start of Authority (SOA)

Identifies the primary DNS name server that is authoritative for the zone, and is therefore responsible for resolving names in the domain (plus any subdomains).

CompTIA Net+ Troubleshooting Model

Identify the problem, establish a theory of probable cause, test the theory to determine cause, establish a plan of action to resolve the problem and identify the potential effects, implement the solution or escalate as necessary, verify full system functionality and implement preventive measures, document findings

Configuration Management

Identifying all components of ICT infrastructure (hardware, software, and procedures, and their properties.

Fingerprinting

Identifying an OS or software application from its responses to probes.

Why would you use a T1 extender?

If Customer Premises Equipment (CPE) cannot be installed at the minimum point of entry, it may be necessary to extend the T1 leased line to another point in the premises. This can be achieved using an extender or a line driver.

An entry in a routing table will list the destination network address and netmask plus a gateway and metrics. What other piece of information is required?

Interface - the local port used to router to the destination.

Network Controller Application

Interfaces with the network devices using Application Programming Interfaces.

Alien Crosstalk

Interference from nearby data cables.

Which of the protocols included with TCP/IP reports messages and errors regarding packet delivery?

Internet Control Message Protocol (ICMP).

What protocol would enable a client to manage mail subfolders on a remote mail server?

Internet Message Access Protocol (IMAP). Note that Post Office Protocol (POP3) allows download of mail messages not management of the remote inbox.

Uniform Resource Locator (URL)

Internet address that identifies hypertext documents.

Following maintenance on network switches, users in one department cannot access the company's internal web and mail servers. You can demonstrate basic connectivity between the hosts and the servers by IP address. What might the problem be?

It is likely that there is a problem with name resolution. Perhaps the network maintenance left the hosts unable to access a DNS server, possibly due to some VLAN assignment issue.

What is happening if a switch is flooding?

It is sending frames out on all ports. This typically happens when it is learning MAC addresses.

How does the "ARP inspection" security feature of a switch mitigate against ARP flooding?

It maintains a trusted database of IP:ARP mappings and blocks and nonconforming gratuitous ARP replies from untrusted ports.

What is the purpose of a port scanner?

It reveals the ports open on a server and consequently what high-level protocols it is running. It can also show how many client connections are open and how much bandwidth each port is consuming.

What is the advantage of having a DHCP server in a TCP/IP network?

It simplifies the configuration of TCP/IP on the client computers and reduces the chance of errors.

How does a switch keep track of the hardware addresses of hosts connected to its ports?

It uses a table stored in Content Addressable Memory (CAM).

In terms of day-to-day tasks, what demonstrates that effective configuration management procedures are in place?

Job logs and Standard Operating Procedures (SOPs) to control and document configuration and troubleshooting work.

Hypervisor

Manages virtual machine environment and facilitates interaction with the computer hardware and network.

How would you view the routing table on a Linux PC?

Just enter "route" without any other parameters.

RDP Restricted Admin (RDPRA) Mode / Remote Credential Guard

Keeps adversaries from using Pass-the-Hash or ticket forging accounts after obtaining password hash for an account used to make an RDP connection.

Destination NAT (DNAT)

Known as port forwarding. Router takes requests from the internet for a particular application and changes the destination address to send them to a designated host and port on the LAN.

Campus Area Network (CAN)

LAN that spans multiple nearby buildings.

Multi-Mode Fiber (MMF)

Large core (62.5 or 50 microns) and short wavelength (850nm or 1300nm) transmitted in multiple waves or varying length. Does not support high signal speeds or long distances.

What routing metric might you prioritize for a VoIP application?

Latency (minimizing delay) is important.

Floodwiring

Laying out cables in every location in a building that may need to support a telephone or computer.

Risk

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

Wired Connectivity Troubleshooting - Solid Green Light

Link is connected but there is no traffic.

Wired Connectivity Troubleshooting - Flickering Green Light

Link is operating normally (with traffic).

What type of IPv6 address is not routable?

Link-local address (an Unique Local Address (ULA)).

Which general class of dynamic routing protocol provides the best convergence performance?

Link-state.

Motion Detection Alarm

Linked to a detector triggered by movement.

md5sum/sha1sum/sha256sum/sha512sum

Linux command that calculates the fingerprint of a file supplied as the argument. Use the -c switch to compare the input file with a source file.

Area Border Routers

Located near the border between one or more Open Shortest Path First (OSPF) areas. It is used to establish a connection between backbone networks and the OSPF areas. Member of both the main backbone network and the specific areas to which it connects, so it stores and maintains separate routing information or routing tables regarding the backbone and the topologies of the area to which it is connected.

Electronic Lock

Lock is operated by entering an PIN on an electronic keypad.

Internet Protocol (IP)

Logical host and network addressing and routing. Provides the best effort delivery of an unreliable and connectionless nature.

Data Rollup

Logs for a certain period are summarized by averaging out individual sample values.

What standard(s) are intended to support 4G mobile wireless services?

Long Term Evolution (LTE) and LTE Advanced (LTE-A).

0:0:0:0:0:0:0:1

Loopback address. Used for testing (for the host to send a packet to itself). Expressed as "::1"

What is a principle requirement of IoT technologies, as demonstrated by the latest verison of Bluetooth?

Low power consumption.

In which sub-layer of the OSI model do network adapter cards operate?

MAC (a Data Link sublayer).

Coaxial Cable (Coax)

Made of two conductors that share the same axis. Categorized as using the Radio Grade (RG) "standard."

CDMA2000 / Evolution Data Optimized (EV-DO)

Main 3G standards. Can support a 3.1 Mbps downlink and 1.8 Mbps uplink.

IPv6 Packet Construction

Main header, one or more optional headers, and the payload

Circuitlevel Stateful Inspection Firewall

Maintains information gathered about a session established between two hosts (including malicious attempts to start a false session) in a state table.

Control Plane

Makes decisions about how traffic should be prioritized and secured and where it should be switched

Layer 7 Load Balancer

Makes forwarding decision based on application-level data.

Flow Control - TCP

Makes sure the sender does not flood the receiver with packets using a sliding window mechanism, which prepares the receiver for the amount of data it will receive.

What do malicious insider threats often pose a greater risk than malicious users generally?

Malicious insiders are trusted users, meaning they have existing privileges to work on the network and access resources.

Logic Bomb

Malware that executes in response to a system or user event.

Ransomware

Malware that tries to extort money from the victim.

Out-Of-Band (OOB)

Management link is limited to the attached device.

In-Band

Management link that shares traffic with all other communications on the "production" network.

certlm.msc

Manages machine certificates.

certmgr.msc

Manages user certificates.

What are the three main topologies for implementing a VPN?

Many Virtual Private Networks (VPN) use a client-to-site topology, where one or more hosts connect to a site (a remote access VPN). Other options include site-to-site and host-to-host topologies.

MAC/IP Reservation

Mapping of a MAC address to a specific IP address within the DHCP server's address pool. When the DHCP server receives a request form the given MAC address, it always provides the same IP address.

Long Term Evolution (LTE)

Maximum downlink of 150 Mpbs in theory, but has around 10 Mbps downlink in real-world performance.

What is MTBF and why is it associate with a "bathtub curve"?

Mean Time Between Failures - the bathtub curve is a plot of instances of failure over time and tends towards a "bathtub" shape because failures are more likely early or late in the service life of an appliance rather than in the middle.

Management Port / Virtual Terminal

Means of configuring a virtual network interface and IP address on the device to use for management functions and connecting to it via one of the normal Ethernet ports.

Secure Shell (SSH)

Means of obtaining secure remote access to a UNIX or Linux server. Used for remote administration, Secure File Transfer (SFTP), and Secure File Copy (SCP).

What is beamforming?

Means of performing primitive switching with an access point. The AP can send a signal more strongly to clients positioned along different axes.

Infrastructure as a Service (IaaS)

Means of provisioning IT resources quickly. Resources are rented on an as-needed basis.

Power over Ethernet (PoE)

Means of supplying electrical power from a switch port over ordinary data cabling to a connected powered device, such as a VoIP handset or wireless access point.

Radio Frequency Identification (RFID)

Means of tagging and tracking objects using specially encoded tags.

How would you test for excessive attenuation in a network link?

Measure the insertion loss in dB using a cable tester.

CPU and Memory Metrics

Measures CPU and memory usage

Storage Metrics

Measures available storage space, measured in MB or GB.

American Wire Gauge (AWG)

Measures copper wire thickness. Increasing the number represents a thinner wire. Solid cabling uses 22-24, while stranded cabling uses 26.

Link Status

Measures whether and interface is working (up) or not (down).

Unified Threat Management (UTM)

Merges the roles of firewall and IDS, creating Intrusion Detection and Prevention Systems that can provide an active response to network threats.

What type of network topology is used by IoT technologies such as ANT+ and Z-Wave?

Mesh topology.

unified communications (UC)

Messaging applications that combine multiple communications channels and technologies into a single platform.

What network infrastructure implementation is larger than a LAN but smaller than a WAN?

Metropolitan Area Network (MAN). You could also mention Campus Area Network (CAN).

Remote Desktop Protocol (RDP)

Microsoft's protocol for operating remote connections to a Windows machine.

You suspect that a network application is generating faulty packets. What interface metric(s) might help you diagnose the problem?

Monitoring errors and discards/drops would help to prove the cause of the problem.

RTP Control Protocol (RTCP)

Monitors the connection of the session and provides reports to the endpoints. Runs on UDP port 5005.

Management Plane

Monitors traffic conditions and network status.

Why is a logic bomb unlikely to be detected by anti-virus software?

Most anti-virus software depends on signatures of known malware to detect threats. A logic bomb is a specifically crafted script or program that runs according to specific triggers, usually perpetrated by an insider threat, and so unlikely to be detectable by routine scans.

Why are most DoS attacks distributed?

Most attacks depend on overwhelming the victim. This is typically requires a large number of hosts.

Minimum Point of Entry (MPOE)

Most convenient place for the cabling to enter the building.

Core and Distribution Layer - Layer 3 Switch

Moves traffic between VLANs.

Virtualization

Multiple operating systems can be installed and run simultaneously on a single computer.

Nmap -sN

NULL scan that sets all the flag bits to zero.

Authoritative Server

Name server that holds complete records for a particular domain. A record in the zone identifies the server as a name server for the domain.

Implicit TLS (FTPS)

Negotiate an SSL / TLS tunnel before the exchange of any FTP commands. Uses secure port 990 for the control connection.

What are the main differences between NAS and SAN?

Network Attached Storage (NAS) is typically a single appliance providing filelevel access to clients. Storage Area Networks (SAN) provide blocklevel access to multiple storage devices to file servers.

NetBIOS

Network Basic Input/Output System. Used for Microsoft workgroup networking.

Multi-Homed Router

Network Operating System (NOS) server with multiple interface cards.

Data Center

Network area that hosts the network services (such as authentication, addressing, and name resolution), application servers, and data.

IP Security Protocol (IPSec)

Network layer encryption protocol that provides security for IP packets.

Which OSI layer handles the concept of logical addressing?

Network layer.

To which layer of the OSI model does the TCP/IP Internet layer correspond?

Network.

Unshielded Twisted Pair (UTP)

Networking cable that has four twisted pairs of copper wire and a flexible outer coating. Used in many telephone systems.

Wireless Local Area Network (WLAN)

Networks based on Wi-Fi.

Incremental Backup

New files and files modified since last backup are backed up.

Adaptability

New or changed services and applications can be accommodated with a minimum of disruption to the existing physical and logical topology.

Bidirectional (BiDi) SFP

New type of transceiver that support the transmission and reception of signals over the same strand of fiber (simplex port). Uses either 100BASE-BX or 10GBASE-BX).

You need to audit services made publicly available on a web server. What commandline tool could you use?

Nmap is an ideal tool for scanning remote hosts to discover which ports they have open and the applications or services running them.

If the client is in the TIME-WAIT state, is the connection with the server still open?

Not normally - the server closes the connection when it receives the ACK from the client; if this packet is lost, the server connection may still be open.

Error Rate

Number of packets per second that caused errors.

Resets

Number of times an interface has restarted over the counter period.

What OSI layer does an NGFW work at and why?

OSI layer 7 (application) because the Next Generation FireWall (NGFW) is configured with application-specific filters that can parse the contents of protocols such as HTTP, SMTP, or FTP.

Using uptables, in which chain would you create rules to block all outgoing traffic not meeting certain exceptions?

OUTPUT chain.

Near End

Occurs close to the transmitter and is usually caused by excessive untwisting of pairs.

What is an RFC 1542 compliant router?

One that can forward DCHP traffic to and from remote networks (using IP helper for instance).

Screened Cables

One thin outer foil layer shield around all pairs.

What is a "Class D" address?

One used for multicasting.

IEEE 802.11ac

Only works in the 5 GHZ band. Aim is to get throughput similar to Gigabit Ethernet or better. Supports channel bonding. Maximum data rate with 8 streams and 160 MHz channel bonding is about 6.93 Gbps.

What cabling faults would a wire map tester detect?

Opens, shorts, transpositions (reversed and crossed pairs).

IEEE 802.11b

Operates in the 2.4 GHz frequency band and offers speeds of up to 11 Mb/s.

Intermediate Distribution Frame (IDF)

Optional level of hierarchy for distributing backbone cabling. MDF connects to IDF, which connects to horizontal cross-connects on each floor.

Pin 6

Orange (T568A) or Green (T568B), Rx- (10/100 Mbps), BixB- (1/10 Gbps)

Pin 3

Orange/White (T568A) or Green/White (T568B), Rx+ (10/100 Mbps), BixB (1/10 Gbps)

O

Organization, name of the organization.

OU

Organizational unit, unit or department within an organization.

Serial Cable

Original asynchronous serial transmission standard. Each byte of data is identified with start and stop signals, and is used on PCs to connect peripheral devices.

MAC Flooding

Overloading the switch's MAC cache (using Dsniff or Ettercap) to prevent genuine devices from connecting and potentially forcing the switch into "hub" or "flooding" mode.

Private Cloud

Owned completed by an organization. There is a dedicated business unit that manages the cloud while other units make use of it.

Power Sum

PSNEXT, PSACR, and PSACRF all confirm that a cable is suitable for a Gigabit and 10GbE Ethernet application. Measured by energizing each three of the four pairs in turn.

Network IDS (NIDS)

Packet sniffer (sensor) with an analysis engine to identify malicious traffic and a console to allow configuration of the system.

Service Level Agreement (SLA)

Part of a service contract where the service expectations are formally defined.

True or False? The arp utility allows you to discover another host's MAC address.

Partially false. While that is the function of the Address Resolution Protocol, the arp utility is used to inspect the arp cache table, which may or may not contain the other host's address. A standard means to ensure the MAC address is cached is to ping the destination address first (the basis of the arping utility).

Bottleneck

Particular point of poor performance that reduces the productivity of the whole network.

What type of attack is RDP Remote Credential Guard designed to protect against?

Pass-the-Hash (PtH) attacks. In PtH, the attacker obtains credentials from an RDP session from the RDP server and tries to re-use them. Credential Guard is designed to prevent the RDP server from storing or processing the password hash.

NAT Traversal

Passing through network address translation (NAT) to reach a user. Service that can inspect and modify the contents of packets.

Single Mode to Multimode Fiber

Passive (unpowered) device that converts between the two fiber cabling types.

Distribution Frame

Passive device allowing the termination and cross-connection of cabling.

When troubleshooting a cable link, which should you investigate first - the patch cord, permanent link, or network adapter?

Patch cord - or possibly network adapter.

Demilitarized Zone (DMZ)

Perimeter network that traffic cannot pass through directly.

If you have a workstation that cannot connect to a server, what is the first test you could perform to establish whether the cabling is OK?

Ping another local system.

Reverse Proxy Server

Placed in front of web servers to protect, hide, offload, and distribute access to web servers.

Host

Platform that hosts the virtual environment.

Why is plenum-rated cable used when cable is run in an area where building air is circulated?

Plenum-rated cable produces minimal amount of smoke if burned.

Admission Control

Point at which client devices are granted or denied access based on their compliance with the health policy.

Threshold

Point of reduced or poor performance that generate an administrative alert.

Snapshot

Point-in-time copy of data.

What term is used to describe a topology in which two nodes share a single link?

Point-to-point.

What is the difference between policy and best practice?

Policy establishes definite rules while best practice is "fuzzier" and might be demonstrated through examples and scenarios rather than explicit rules.

Postadmission Control

Polling a device to check that it remains compliant.

A server is equipped with 4 Ethernet interfaces and you want to aggregate them to a single interface. What feature must the switch support?

Port bonding / Link Aggregation Control Protocol (LACP [IEEE 802.3ad / 802.1ax]).

What is the reason for making power sum crosstalk measurements when testing a link?

Power sum crosstalk measures cable performance when all four pairs are used, as Gigabit and 10G Ethernet do.

Enhanced Data Rates for GSM Evolution (EDGE)

Precursor to 3G. Offered rates between 144 Kbps and 190 Kbps.

General Packet Radio Services (GPRS)

Precursor to 3G. Offered rates of about 48 Kbps.

ARP Inspection

Prevents a host attached to an untrusted port from flooding the segment with gratuitous ARP replies by maintaining a trusted database of IP:ARP mappings and ensuring that ARP packets are validly constructed and use valid IP addresses.

How does the principle of least privilege apply to privileged users?

Privileges can be allocated by role / domain rather than creating allpowerful "superusers". Holders should only logon to privileges accounts to perform specific tasks. The accounts should be subject to auditing and oversight.

Protocol

Procedures or rules used by networked computers to communicate.

MAC-Derived Address

Process of converting a 48 bit MAC address into a 64 bit interface ID (EUI-64).

Network Segmentation

Process of determining which bits of the network are accessible to other bits.

Fiber Optic Buffer

Protective plastic coating.

Socket

Provides an end-point to a connection. Two forms a complete path. Works as a bi-directional pope for incoming and outgoing data.

Data Circuit-Terminating Equipment (DCE)

Provides an interface between DTE equipment and other communication systems or networks.

Transport Layer (TCP/IP)

Provides communication between the source and destination hosts and breaks the application layer information into packets.

Core and Distribution Layer - Router

Provides connectivity between subnetworks based on their IP address

Frame Relay

Provides data packet forwarding for services running of T-carrier lines, ISDN, and dial-up. Uses packets up to 4096 Bytes.

UC Devices

Provides end user access.

Distribution Layer

Provides fault-tolerant interconnections between different access blocks and either the core or other distribution blocks. Implements traffic policies (routing boundaries, filtering, Quality of Service (QoS)).

Quality of Service (QoS)

Provides information about the connection to a QoS system, which in turn ensures that voice or video communications are free from problems.

UC Gateways

Provides interfaces between the various communications technologies.

Transmission Control Protocol (TCP)

Provides reliable, ordered, and error-checked delivery of a stream of packets on the internet. Data is taken from the application layer as a stream of bytes, which is divided up into segments, each of which is given a header. Requires a connection be established before hosts can exchange data.

Platform as a Service (PaaS)

Provides resources and network infrastructure, and also multi-tier web application/database platforms.

Kerberos

Provides single sign-on. Clients request services from a server, which both rely on an intermediary - a Key Distribution Center (KDC) - to vouch for their identity.

PSTN - Trunk Offices

Provides switching and interconnection between local exchanges within a metropolitan area and to international gateway services.

Fibre Channel Switch

Provides the interconnections between initiators and targets (a fabric). Provides multiple paths between initiators and targets, allowing for fault tolerance and load balancing.

Symmetrical DSL (SDSL)

Provides the same downlink and uplink bandwidth.

Fiber Optic Core

Provides the transmission path for the light signals (waveguide). Made from glass or plastic.

ACL Authentication

Proving that a subject is who or what it claims to be when it attempts to access the resource.

What type of door access control would allow entry based on the possession of a cryptographic smart card?

Proximity reader.

Subscriber Connector (SC)

Push/pull design, allowing for simple insertion and removable. Used for single- or multi-mode and Gigabit Ethernet.

Change Management

Putting policies in place to reduce the risk that changes to these components could mean service disruption.

Website Performance Checker

Query a nominated website to work out how quickly pages load.

Troubleshooting - Establish a Theory of Probable Cause

Question the obvious, consider multiple approaches, top-to-bottom/bottom-to-top OSI model, divide and conquer

DHCP Address Pool

Range of IP addresses that a DHCP server can allocate to clients on a particular subnet (scope).

What constraints should you consider when planning the placement of an access point?

Range, interference and obstructions, number of clients (device density and bandwidth requirements), and access to a network port and power supply.

Bandwidth/Throughput Metrics

Rated speed of all the interfaces available to the device, measured in Mbps or Gbps.

Speed

Rated speed of an interface, measured in Mbps or Gbps.

Rx

Receive

What technologies can be used to make network infrastructure fault tolerant?

Redundancy and failover needs to be provided at all levels:power, cabling / adapter teaming, switching, routing, and name services / addressing. Cluster services and load balancers can be deployed to make application and database servers fault tolerant.

Fiber Optic Cladding

Reflects signals back into the waveguide as efficiently as possible so that the light signal travels along the waveguide by multiple internal reflections. Made from glass or plastic.

What type of policy governs the use of a VPN?

Remote access policy.

Pruning

Removing transmissions related to particular VLANs from a trunk to preserve bandwidth.

Multimode Fiber to Ethernet

Required to convert the light signals carried over MMF media.

RDP - Network Level Authentication

Requires client to authenticate before a full remote session is started.

Console Port

Requires connecting a terminal to the device via a separate physical interface using a special console (or rollover) cable. This terminal can then be used to start a Command Line Interface (CLI).

Offline Storage

Requires physical interaction to access data.

Users on a floor served by a single switch cannot get a network connection. What is the best first step?

Reset the switch - if that works also investigate possible underlying causes, such as malicious attack on the switch or poorly seated plug-in module.

Object

Resources (networks, servers, databases, files, etc.).

Amplifying Attack

Resources required by the attacker to launch the initial attack are small, but the nature of the attack causes it to "snowball" and grow into something much more significant.

DHCP Server Offline

Restart DHCP Server

TCP Three-Way Handshake

SYN, SYN/ACK, ACK

Caching

Saves some user information from a session so that load is reduced on servers.

IPv6 Global Addressing

Routable over the internet and are the equivalent of public IPv4 addresses.

Border Router

Router designed to connect a private network to the Internet. Placed at the perimeter of a network.

Static Routes

Router entries are created in the router's memory and only change if they are edited.

What technology or technologies can you use to isolate broadcast domains?

Routers and VLANs.

Hierarchical Routing

Routers are categorizes as backbone or border routers, which can communicate with routers in other domains. Internal routers are limited to communication with routers within the current domain.

Link-State Routing

Routers communicate with other routers on the internetwork, but only share information about their own links to other routers.

Convergence Routing

Routers running dynamic routing algorithms agree on routes through the internetwok. As this network gets bigger, routers adapt to the changes to avoid loops.

Intermediate Systems (IS)

Routers that interconnect IP networks and can perform a packet forwarding process.

Cable Modem Termination System (CMTS)

Routes data traffic via a fiber backbone to the ISP's Point of Presence (PoP), and from there to the Internet.

Once installed, how would you check the TCP/IP configuration?

Run ipconfig or ifconfig.

STS-3 / OC-3

SDH is STM-1, data rate is 155.52 Mbps.

STS-48 / OC-48

SDH is STM-16, data rate is 2.488 Gbps.

STS-96 / OC-96

SDH is STM-32, data rate is 4.876 Gbps.

STS-12 / OC-12

SDH is STM-4, data rate is 622.09 Mbps.

STS-192 / OC-192

SDH is STM-64, data rate is 9.953 Gbps.

IP Address Management (IPAM)

Scans DHCP and DNS servers and logs IP address usage to a database.

What is the function of SIEM?

Security Information and Event Management (SIEM) is designed to consolidate security alerts from firewalls, anti-malware, intrusion detection, audit logs, and so on.

RST

Segment that ends the session abruptly. Not typical behavior that needs to be investigated.

What type of DNS record is used to prove the origin of email?

Sender Policy Framework (SPF) and DomainKeys Identified Email (DKIM) records can be used to validate the origins of email and reject spam. These are configured in DNS as TXT (text) records.

Disassociation Attack

Sends a stream of disassociation packets rather than fully deauthenticating the station. Works on WEP and WPA.

Deauthentication Attack

Sends a stream of spoofed deauth packets to cause a station to deauthenticate from an AP. Works on WEP and WPA.

Optical Time Domain Reflectometer (OTDR)

Sends light pulses down a fiber optic cable to determine the location of a break.

DHCPACK Packet

Sent to client as a response to DHCPREQUEST, to which the client will respond with an ARP message to ensure the provided IP address isn't in use.

DHCPREQUEST Packet

Sent to the DHCP server as a response to DHCPDISCOVER and signifies the client's acceptance of the provided IP address and configuration.

DHCPOFFER Packet

Sent to the client as a response to DHCPDISCOVER and provides the IP address and configuration information.

Ack Number - TCP

Sequence number of the next segment expected from the other host.

Bastion Hosts

Serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts.

Application Diagram

Server instances and TCP/UDP ports in use. Also include configuration information and performance baselines.

SSH Client Authentication - Host-Based Authentication

Server is configured with a list of authorized client public keys. The client requests authentication using one of these keys and the server generates a challenge with the public key. Client must use the matching private key to authenticate.

Cacheonly Server

Servers that don't maintain a zone. Only rely on forwarding to resolve queries for client resolvers.

Endpoint Security

Set of security procedures and technologies designed to restrict network access at a device level.

Standard Operating Procedures (SOPs)

Sets out the principle goals and considerations (budget, security, customer contact standards, etc.) for performing a task and identifies lines of responsibility and authorization for performing it.

Legacy System

Software vendor no longer provides support or fixes for problems.

Network Operating System Firewall

Software-based firewall running under a network server OS, such as Windows or Linux. Functions as a gateway or proxy for a network segment.

Dynamic Multipoint VPN (DMVPN)

Software-based mechanism that allows VPNs to be built and deleted dynamically. If two remote sites wish to communicate with each other, the site (spoke) instigating informs the hub, which then provides the connection details for the other spokes, facilitating a dynamic IP sec tunnel created directly between two spokes.

Data-link (Layer 2) Digram

Shows interconnections between switches and routers, with asset IDs, interface IDs, and linklayer protocol and bandwidth.

Netstat -b

Shows the process that has opened the port.

What is crosstalk?

Signal leakage between adjacent conductors within a single cable or between adjacent cables.

Terminal Access Controller Access Control System (TACACS+)

Similar to RADIUS, but more flexible. Often used for VPN connections and for authenticating administrative access to routers and switches. TCP port 49. All data in packets are encrypted, rather than just authentication data.

What is SNTP?

Simple Network Time Protocol.

What type of fiber optic cable is suited for long distance links?

Single Mode.

What is the purpose of SSO?

Single Sign-On allows users to authenticate once to gain access to different resources. This reduces the number of logins a user has to remember.

What are the main features provided by Kerberos authentication?

Single Sign-On and support for mutual authentication.

ACL Untrusted Users

Site visitors, customers, and suppliers without access or limited access to network resources.

Token-based Lock

Smart lock that may be opened using a magnetic swipe card or feature a proximity reader to detect the presence of a wireless key fob or onetime password generator.

Port Scanner

Software designed to report on the status and activity of TCP and UDP ports.

Firmware

Software instructions stored on a ROM chip or flash memory.

Software as a Service (SaaS)

Software is hosted on a supplier's servers on a pay-as-you-go or lease arrangement.

Dictionary Attack

Software matches the hash to those produced by ordinary words found in a dictionary.

Firewall

Software or hardware that filters traffic passing into and out of the network.

Persistent Agent

Software that is installed on the client.

Non-persistent Agent

Software that is loaded into memory during posture assessment but is not installed on the device.

Driver

Software that provides an interface between the operating system and the device.

Intrusion Detection System (IDS)

Software tools that provide real-time analysis of either network traffic or system and application logs.

Circuit Alarm

Sounds when the a circuit is open or closed.

UDP Datagram Structure

Source port, destination port, message length, checksum

TCP Segment Header

Source port, destination port, sequence number, ack number, data length, flags, window, checksum, Urgent Pointer, options

Work Area

Space where user equipment is located and connected to the network.

What is the function of STP?

Spanning Tree Protocol prevents switching loops (where broadcast traffic is continually looped around a switched network with redundant links between switches).

Entrance Facilities

Special types of equipment rooms marking the point at which the external cabling (outside plant) is joined to internal (premises) cabling.

SIP Authentication - Session Border Controllers (SBC) and Firewalls

Specialist security devices designed for VoIP.

Loopback Adapter

Specially wired RJ-45 plug with a 6" stub of cable. Wiring pinout is pin 1 (Tx) to pin 3 (Rx), and pin 2 (Tx) to pin 6 (Rx). Packet sent by NIC is received by itself, which is used to test for faulty ports and network cards.

Exploit

Specific means of using a vulnerability to gain control of a system or damage it in some way.

Nmap -p

Specifies port range to scan.

You have connected a new computer to a network port and cannot get a link. You have tested the adapter and cable and can confirm that there are no problems. No other users are experiencing problems. The old computer also experienced no problems. What cause would you suspect?

Speed mismatch - check the autonegotiate settings on the adapter and port.

Appliance Firewall

Stand-alone hardware firewall that performs the function of a firewall only.

In IPv6, how could you distinguish a unicast address with global scope from other addresses?

Starts with binary "001" or hex "2" or "3".

ST

State, a state province, or county within a country.

What bandwidth are T1 and E1 links and why are they different?

T1s are 1.544 Mbps and E1s are 2.048 Mbps; E-carrier uses 30 channels compares to T-carrier's 24.

In IPv6, how can a client obtain a routable IPv6 address without requiring manual configuration?

Stateless Address Autoconfiguration (SLAAC) allows a host to autoconfigure an interface by listening for Router Advertisements to obtain a network prefix.

What distinguishes port address translation from static NAT?

Static NAT establishes a 1:1 mapping between a public and private address. PAT uses port numbers to share one or more public addresses between many privately addresses hosts.

What are the advantages of deploying a wireless mesh topology over an ad hoc one?

Stations in a Wireless Mesh Network are capable of discovering one another, forming peering arrangements, and performing path discovery and forwarding between peers (routing).

Work Instruction

Step-by-step instructions for performing an installation or configuration task using a specific product or technology and credentials.

Routing Table

Stores discovered routes to other IP networks.

Fiber Distribution Panel

Structured links are installed the same way as copper cabling. Permanent cables are run through conduit to wall ports at the client access end and a fiber distribution panel at the switch end.

110 Block

Supports 100MHz operations and better. Describes both a punchdown format and a distribution frame. Arranged horizontally, making it more dense. More space for connector labels, and each column is color-coded. Incoming wire pairs are terminated by a connector block, and outgoing wire pairs are punched into the terminals on the connector blocks.

OM4

Supports 10GbE at 400m range or 100Gbps at 150m. Color-coded aqua.

Jumbo Frame

Supports a data payload of up to around 9000 bytes. Reduces number of frames that need to be transmitted, which reduces required switch and router processing.

Evolved High-Speed Packet Access (HSPA+)

Supports download speeds up to 168 Mbps and upload speeds up to 34 Mbps.

Infared (IrDA or IR)

Supports speeds up to 4 Mbps and ranges up to 1 meter. Requires line-of-sight and can easily be interrupted.

Portbased Network Access Control (PNAC)

Switch (or router) performs some sort of authentication of the attached device before activating the port.

Root Guard

Switch will not accept attempts from switches connected to the guarded port from attempting to become root. Prevents a misconfiguration or malicious attack from making a "downstream" switch or rogue host become root.

VLAN Trunking Protocol (VTP)

Switches can be grouped into management domains, identified by a domain name. These switches are assigned the roles of either server or client.

PSTN - Local Exchange

Switches links between local access subscribers and provides transports to trunk exchanges.

Common Platform Enumeration (CPE)

Syntax that organizes application and version fingerprint signatures.

Key Distribution Center (KDC)

System for granting authentication in Kerberos.

Top Listeners

Systems with very high incoming network traffic.

Top Talkers

Systems with very high network output.

What distinguishes TFTP from FTP?

T(rivial)FTP only supports GET and PUT commands (not directory browsing, file deletion, and so on).

What are the sizes of TCP and UDP headers?

TCP is 20 bytes (or more) while UDP is 8 bytes.

Which ports are closely associated with web applications?

TCP ports 80 (HTTP) and 443 (HTTPS[ecure]).

Port 21

TCP, FTP Control

Port 20

TCP, FTP Data

Port 1720

TCP, H.323 Call Signaling

Port 80

TCP, HTTP

Port 443

TCP, HTTPS

Port 143

TCP, IMAP

Port 993

TCP, IMAPS

Port 636

TCP, LDAPS

Port 110

TCP, POP

Port 995

TCP, POP3S

Port 3389

TCP, RDP

Port 445

TCP, SMB

Port 25

TCP, SMTP

Port 587

TCP, SMTPS

Port 22

TCP, SSH

Port 23

TCP, Telnet

Ephemeral Ports

TCP/IP ports 1024 and higher.

Port 53

TCP/UDP, DNS

Port 5060

TCP/UDP, SIP

Port 5061

TCP/UDP, SIPS

Administration

TIA 606 standard. Defines a system of identifiers to use to describe the elements of a network and manage the configuration changes.

Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

Takes an IPv6 packet and rewrites it as an IPv4 packet.

Data De-Duplication

Techniques to consolidate multiple copies of the same file in a single location.

Tunneling

Technology that is used when the source and destination computers are on the same logical network but are connected via different physical networks.

Fiber to the Premises (FTTP)

Technology that uses fiber-optic cables to provide high-speed Internet access to home and business users.

Nearline Storage

Technology, such as tape loaders or "slow" hard disk media, that can operate in low-power states.

What TCP/IP application protocol is associated with TCP port 23?

Telnet.

Internet of Things (IoT)

Term used to describe the global network of personal devices, home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity.

Network Interface Unit (NIU)

Terminates T1 links from telco, and contains testing facilities (loopback) for the telco to use.

Main Distribution Frame (MDF)

Terminates external cabling and distributes backbone cabling to intermediate or horizontal cross-connects.

PSTN - Customer Premises Equipment (CPE)

Termination and routing equipment placed at the customer site.

Broadband Speed Checker

Tests how fast the local broadband link to the internet is.

If a network adapter is using the address 169.254.1.10 on a host connected to the LAN, what would you suspect?

That a DCHP server is offline (the system is configured to obtain an address automatically but cannot contact a DCHP server and is using APIPA).

Which 10GbE Ethernet and SONET standards are interoperable?

The 10GbE WAN PHY (10BASE-SW, -LW, and -EW) are interoperable with OC-192.

Which frequency band is less likely to suffer from co-channel interference?

The 5 GHz band.

A technician is troubleshooting a network and has asked your advice. He is trying to ping 192.168.16.192. The network has been subnetted with the custom mask 255.255.255.254. Why might this return a "Destination host unreachable" message?

The IP address resolves to the subnet network address, not a host address. Windows does not normally allow pinging the network address. Other OS treat it as an alternative broadcast address but most systems are configured to disallow such "directed" broadcasts for security reasons.

Simple Mail Transfer Protocol (SMTP)

The Internet standard protocol for transferring e-mail messages from one computer to another.

If a packet is addressed to a remote network, what destination MAC address will the sending node use?

The MAC address of a default gateway.

What is BSSID?

The MAC address of an access point (or a random address in the case of ad hoc WLANs).

How does PPP work to allow a computer with a dialup modem to connect to the Internet?

The Point-to-Point Protocol (PPP) is a layer 2 protocol. IP packets are encapsulated within PPP frames to be transported to the ISP's router via the dialup link.

You are working at a telecommunications point and notice that the cables in one patch panel are all red while the ones in another are all blue. What, if anything, does this represent?

The TIA 606 Administration Standard recommends the use of red colorcoding for telephone links and blue for data links to the work area (horizontal cabling).

Configurable Load

The ability to assign a specific server in the farm for certain types of traffic or a configurable portion of the traffic.

TCP Offload

The ability to group HTTP packets from a single client into a collection of packets assigned to a specific server.

Route Summarization

The ability to take a group of subnetworks and summarize them, on the router, as one network route.

What happens if a message sent via SMTP cannot be delivered?

The server generates a Non-Delivery Report (NDR) with an appropriate error code.

DHCP Lease Time (TTL)

The amount of time an IP address can be used before needing to renew the lease. Longer lease times renew less often, but also replenish the IP pool less frequently.

Man-in-the-middle (MITM)

The attacker sits between two communicating hosts and transparently monitors, captures, and relays all information between them.

What is a characteristic of the bandwidth of a bus topology?

The bandwidth is shared between all nodes connected to the bus.

What would be the key difference between purchasing cloud web server instances and a virtual hosted server?

The cloud instances should offer between elasticity (being able to provision and pay for peak resources as needed rather than trying to anticipate demand and provision for peak resources at the outset).

fully qualified domain name (FQDN)

The complete domain name of an Internet compute (corp.navg.com).

With CSMA/CD, what will happen if a computer has data to transmit and there is already data on the cable?

The computer will wait until the cable is clear to transmit the data.

Network Throughput

The data transmission speed the network actually provides to users

VoIP Gateway

The device that converts an analog telephone call (voice and signals) into data packets (and vice versa) for traversal over an IP-based network.

Physical Contact (PC)

The faces of the connector and fiber tip are polished so that they curve slightly and fit together better.

How many different traffic classes can be defined by 802.1q/p?

The field is 3-bit, allowing up to 8 values. 7 is reserved for network infrastructure (routing table updates), 6-5 for 2-way communications, 4-1 for streaming multimedia, and 0 for "ordinary" best-effort delivery.

Broadcast Storms

The forwarding of a frame repeatedly on the same links, consuming significant parts of the links' capacities

A security consultant tells you that the headers used by your organization's database server should be change. Why might she recommend this?

The headers may reveal information about the way the database server is configured to a banner grabbing attack.

Which of the following IP addressing rules is true? • The host ID must be unique on the IP network. • Network and host IDs cannot be all zeros. • A network ID can be any number. • A network ID can be 255.

The host ID must be unique on the network. Network and host IDs cannot be all zeros.

Bare Metal

The hypervisor is installed directly onto the computer and manages access to the host hardware without going through a host OS.

Very High Bitrate DSL (VDSL)

The latest form of DSL with download and upload speeds of up to 100 Mbps. Designed to run on copper phone lines, but many suppliers use fiberoptic cabling to increase effective distances.

Wired Connectivity Troubleshooting - No Light

The link is not working or disconnected at the other end.

Assuming that sufficient bandwidth can be provided, what factor limits the usefulness of a microwave satellite internet link?

The link will be subject to high latency, which will impact real-time data services.

What is attenuation?

The loss of signal strength that occurs as the signal travels through the media.

Threat Vector

The means by which an attack could occur.

Personally Identifiable Information (PII)

The name, postal address, or any other information that allows tracking down the specific person who owns a device.

On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?

The network adapter must be put in p-mode (promiscuous mode) and the switch must be configured to mirror traffic to the sniffer's port.

Time to Live (TTL)

The number of seconds a packet is allowed to stay on the network before being discarded. Otherwise, packets could endlessly loop around an internet. Interpreted as "number of hops."

Network Operating System (NOS)

The operating system that runs a network, steering information between computers and managing security and users.

What is meant by "remediation" in the context of NAC?

The options provided to a client that does not meet the health policy - for example, allowed basic internet access only, given access to required patches, and so on.

Unpatched System

The owner has not updated the OS or applications.

Local Loop

The part of a phone system that connects a customer site with a telecommunications carrier's switching facility.

Wired Connectivity Troubleshooting - Solid Amber Light

The port is disabled.

Threat

The potential for an agent or actor to exercise a vulnerability.

Name Resolution

The process of associating a character-based name with an IP address.

Modulation

The process of converting digital signals to analog.

Directly Connected Route

The process of determining if a packet must be routed to another router or whether it can be delivered locally to another interface. Uses ARP to find the interface address of the destination host.

Demodulation

The process of the process of converting analog signals to digital.

Routing

The process that takes place when a hosts needs to communicate with a host on another IP network or in another subnet.

Footprinting

The processes of information gathering, in which the attacker attempts to learn about the configuration of the network and security systems.

You have pinged the router for the local subnet and confirmed that there is a valid link. The local host cannot access remote hosts, however. No other users are experiencing problems. What do you think is the cause?

The router is not configured as the default gateway (you can ping it but the host is not using it for routing).

What methods can be used to allocate a particular host to a VLAN?

The simplest is by connection port, but this can also be configured by MAC address, IP address, or user authentication.

What would be the purpose of configuring thresholds in networking monitoring software?

The software could produce an alert if network performance did not meet any given metric.

What is a hypervisor?

The software that hosts, configures, and manages multiple "guest" operating systems or Virtual Machines (VM). Can be implemented as an OS itself ("bare metal") or as an application running within the host OS.

ARP Poisoning

The switch's ARP table is "poisoned" with false MAC-IP address mapping, allowing the attacker to act as the subnet's default gateway.

Public Key Infrastructure (PKI)

The system for issuing pairs of public and private keys and corresponding digital certificates.

Latency (Delay)

The time it takes for a transmission to reach the recipient. Measured in milliseconds.

Administrative Distance

The trustworthiness of a route, which is assigned a number (0-255). Lower numbers are preferred over higher ones.

IPSec - Tunnel Mode

The whole IP packet is encrypted and a new IP header is added with the protocol ID 50 (for ESP) or 51 (for AH). Used for communications access an unsecured network (creating a VPN).

Ad Hoc (Peer-To-Peer) Topology

The wireless adapter allows connections to and from other devices.

What type of information is updated when a scanner received a new set of "feeds" or "plugins"?

These contain the scripts or identifiers used to detect whether a host is vulnerable to a specific security advisory.

What is the main advantage of circuit switched networks?

They can provide a guaranteed level of bandwidth.

How doe social engineering attacks succeed?

They generally depend on lack of security awareness in users. An attacker can either be intimidating (exploiting a user's ignorance of technical subjects or fear of authority) or persuasive (exploiting the "customer service" mindset to be helpful developed in most organizations).

Service Assets

Things, processes, or people that contribute to the delivery of an IT service.

Why might an attacker launch a jamming attack against a wireless access point?

This could be a simple Denial of Service (DoS) attack, but the attacker could also be attempting to use an evil twin / rogue AP to intercept network traffic.

Core Layer

This layer is also known as the network backbone. Provides redundant traffic paths for data to continue to flow around the access and distribution layers of the network.

Access Layer

This layer provides network access. Prevents the attachment of unauthorized devices.

How would a router appliance be patched to protect against a specific vulnerability described in a security advisory?

This type of OS does not support patching of individual files so the whole OS has to be replaced with a new version. Vendors keep track of which version first addresses a specific security advisory.

You need to analyze the information saved in a .pcap file. What type of commandline tool or other utility is best-suited to this task?

This type of file will contain a network packet capture. You could use a commandline tool such as tcpdump to display the contents but a graphical tool such as Wireshark will make analysis easier

You need operations to continue if one link fails. How many links does it take to connect three sites?

Three.

What would be a typical use of an IDF?

To cross-connect backbone cabling in a multi-building (campus) network. The Intermediate Distribution Frame introduces a hierarchy of cable organization between the Main Distribution Frame and the horizontal crossconnects.

Gathering systems' statistics regularly allows systems administrators to identify bottlenecks. Why do they want to do this?

To identify resource usage problems before they critically affect performance.

What is the purpose of a DMZ?

To provide service such as web and email that require Internet connectivity without allowing access to the private network from the Internet.

Why would you deploy a reverse proxy?

To public a web application without exposing the servers on the internal network to the Internet.

What is the usual goal of an ARP spoofing attack?

To redirect traffic to the attacker's machine by masquerading as the subnet's default gateway. This allows the attacker to eavesdrop on traffic or perform a Man-in-the-Middle attack.

What is the function of the command "nslookup - 98.8.8.8"?

To start nslookup in interactive mode with the DNS server set to 8.8.8.8 (Google's public DNS server).

Configuration Management System (CMS)

Tools and databases that collect, store, manage, update, and present information about Configuration Items (CI).

ACL Accounting

Tracking authorized and unauthorized usage of a resource or use of rights by a subject.

IEEE 802.1Q

Traffic is identified by a VLAN tag inserted into the Ethernet frame between the Source Address and the Ethertype fields. Contains VLAN ID and priority.

SIP Authentication - Static IP Addresses

Traffic is only allowed to and from a specific address.

Which component is responsible for translating the computer's digital signals into electrical or optical signals that travel on network cable?

Transceiver.

Tethering

Transforms a smartphone or Internet-capable tablet into a portable communications device that shares its Internet access with other computers and devices wirelessly.

Tx

Transmit

Serial Line Internet Protocol (SLIP)

Transmits IP over a serial link.

DNS Forwarder

Transmits a client query to another DNS server and routes the replies it gets back to the client.

Bix

Transmitting and receiving simultaneously

How does TLS improve the security of a VPN connection compared to PPTP?

Transport Layer Security (TLS) uses a digital certificate on the VPN gateway to authenticate the remote host and encrypt the setup of the VPN session, providing better protection for the exchange of user credentials.

At which OSI layer is the concept of a port number introduced?

Transport layer.

What IPsec mode would you use for data confidentiality on a private network?

Transport mode with Encapsulation Security Payload (ESP). Tunnel mode encrypts the IP header information, but this is unnecessary on a private network. Authentication Header only provides authentication and integrity validation, not confidentiality.

Duress Alarm

Triggered manually by staff if they come under threat.

True or false? The ipconfig utility can be used to empty the DNS cache.

True (though this functionality is not available in ifconfig).

True or false? Stations with 802.11ac capable adapters should be assigned to the 5 GHz frequency band.

True - 802.11ac is designed to work only in the 5 GHz frequency band with the 2.4 GHz band used for legacy clients.

True or false? DLP technology can assist with managing PII.

True - Data Loss Prevention (DLP) software can be configured to identify Personally Identifiable Information (PII) strings or fields and prevent transfer of such data by unauthorized mechanisms or formats.

True of false? A router will not forward a packet when the TTL field is zero.

True.

True or fale? SIP enables the location of User Agents via a specially formatted URI.

True.

True or false? A switch implementing 802.1X would be described as an "authenticator".

True.

True or false? DHCP options can be configured on a per-scope basis.

True.

Short

Two conductors are joined at some point, usually because the insulating wire is damaged or a conductor is poorly wired.

Screened Subnet

Two firewalls are placed at either end of the DMZ. One restricts traffic on the external interface, the other restricts traffic on the internal interface.

Asynchronous Transfer Mode (ATM)

Type of packet switching that provides a high-speed transport mechanism for all types of data, including voice and video. Uses cell switching.

What types of DNS records have priority or preference values?

Typically mail (MX) and service (SRV) records.

What are the main uses of SSH?

Typically to provide a secure terminal to a remote Linux or UNIX host(or any other host with an SSH server installed). SSH can also be used as a type of VPN.

Port 547

UDP DHCPv6 Server

What port should be open on the client for it to negotiate with a DHCP server?

UDP port 68.

Port 68

UDP, BOOTP/DHCP Client

Port 67

UDP, BOOTP/DHCP Server

Port 546

UDP, DHCPv6 Client

Port 123

UDP, NTP

Port 5005

UDP, RTCP

Port 5004

UDP, RTP

Port 161

UDP, SNMP

Port 162

UDP, SNMP Trap

Port 69

UDP, TFTP

What is the location of the hosts file?

Under Windows it is %SystemRoot%\system32\drivers\etc\ while under Linux it is usually placed in the /etc directory.

What is the function of a UC gateway?

Unified Communications (UC) gateways provide interfaces between different messaging technologies, such as between VoIP and the ordinary telephone (PSTN) network.

Port

Unique identification number that specifies the path of communications between the client and the server.

Distinguished Name

Unique identifier for any given resource within an X.500-like directory.

Host number

Unique number that identifies a host on a particular IP network.

Relative Distinguished Name (RDN)

Uniquely identifies the object within the context of successive (parent) attribute values).

Linux Local Authentication

User and group settings are stored in the /etc/password and /etc/group files. User password is stored as an encrypted hash in /etc/shadow, along with password settings (such as age and expiration date.).

Single Sign-On (SSO)

User only has to authenticate to a system once to gain access to all the resources that the user has been given rights to.

Challenge/Response Authentication

User's password is not sent to the server in plaintext and cannot (in theory) be obtained by an attacker.

SSH Client Authentication - Public Key Authentication

User's private key can be configured with a passphrase that must be input to access the key.

Subject

Users or software processes or anything else that can request and be granted access to a resource.

Wi-Fi Protected Access 2 (WPA2)

Uses Advanced Encryption Standard (AES) for encryption, which is deploy within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES replaced RC4 and CCMP replaced TKIP (CCMP-AES).

Voice over IP (VoIP)

Uses IP technology to transmit telephone calls.

PEAPv0/EAP-MSCHAPv2

Uses MS-CHAPv2 for authentication.

Flexible Authentication via Secure Tunneling (FAST)

Uses a Protected Access Credential (PAC), which is generated for each user from the Authentication server's master key.

Solid Cabling

Uses a thick single wire per conductor and is used for cables that run behind walls or through ducts.

Classless Interdomain Routing (CIDR)

Uses bits normally assigned to the network ID to mask them as host or subnet bits.

EAP-TTLS

Uses server-side certificate to establish a protected tunnel through which the user's authentication credentials can be transmitted to the authentication server.

Stranded Cabling

Uses thin wires wrapped around one another and is used to make flexible patch cords for connecting computers to wall ports and switch ports to panel ports.

Other than completely disabling the protocol, how could you mitigate the risk posed by an open port?

Using a firewall to block the port on segments of the network where the protocol should not be in use or restricting use of the port to authorized hosts.

Geofencing

Using the location services built into mobile devices to configure policies that are specific to the user's precise physical location.

What would be a typical scenario for implementing a content switch?

Using the switch as an interface from a web server farm. The switch performs load balancing by connecting clients to different server depending on traffic conditions and policies.

Native VLAN

VLAN into which any untagged traffic is put when receiving frames over a trunk port..

Remediation - Guest Network

VLAN or firewalled subnet (DMZ) granting limited access to network resources.

gpg

Verifies the signature of a file.

IPv6 Packet Format

Verion, Traffic Class, Flow Label, Payload Length, Next Header, Hop Limit, Source Address, Destination Address

IPv4 Header Fields

Version, length, protocol, DiffServe, Time to Live, ID/Flag/Fragment Offset

What place does a VDSL have in terms of access to public networks?

Very High Bitrate DSL (VDSL) supports high data rates over a limited distance. In this respect, it supports Fiber to the Curb (providing the final link from the fiber distribution frame to customer premises).

How does an SNMP agent report an event to the management system?

Via a trap.

Loopback Interface

Virtual interface configured on the route utilized for maintenance/management functions.

Nyquist Theorem

Voice frequency range is (or is assumed to be) 4000Hz. This must be sampled at twice the rate (8000Hz or 8KHz) to ensure an accurace representation of the original analog waveform.

Plenum Space

Void in a building designed to carry Heating, Ventilation, and Air Conditioning (HVAC) systems.

Noncredentialed Scan

Vulnerability scan ran without any user credentials. Cannot login to a host.

What is the main difference between WPA and WPA2?

WPA2 supports an encryption algorithm based on AES.

Shared Hosting

Website is hosted within a private directory on a shared server. All websites hosted on that server must compete for resources, so performance may be affected.

Cloud Hosting

Website is run on a cloud over a number of hardware computers, allowing more scalability if demand patterns change.

Remediation

What happens if a device does not meet the security profile.

Enterprise Network Construction Planning

What is the business goal that the network is going to provide? Determine the factors that will show whether the project has succeeded or failed. Establish the scope of the project. Understand how the business is organized. Identify stakeholders. Establish the project budget. Start to plan a schedule for the work to proceed.

Roaming

When a client connected to a different access point with the same SSID to get a better signal.

Redirect

When a more efficient route to another IP network is identified. The original message is still delivered.

Black Hole

When a packet is discarded without notification back to the source.

When might an Administrative Distance metric be factored into routing decisions?

When a router obtains routes from multiple different routing protocols, the AD metric is an index of routing protocol reliability.

0.0.0.0/8

When a specific address is unknown. Used as a source address by a client seeking a DHCP lease.

Routing Decision

When two computers attempt to communicate via IPv4, the protocol compares the source and destination address in each packet with the subnet mask. If the masked portions of the source and destination IPs match, then it is assumed they are on the same IP network.

Demarcation Point

Where the access provider's network terminates and the organization's network begins.

Internetfacing

Whether or not a host accepts inbound connections from the Internet. Placed in a Demilitarized Zone (DMZ)

Duplex

Whether or not the device is operating in half- or full-duplex mode.

IEEE 802.11af

White-Fi. Uses white space in the broadcast TV portion of the spectrum (up to about 700 MHz) to achieve long distance, non line-of-sight transmissions.

IEEE 802.11

Wireless Ethernet standard more commonly known as Wi-Fi.

What is a WLAN?

Wireless Local Area Network.

Z-Wave

Wireless communications protocol used primarily for home automation. Creates mesh network topology and uses low-energy radio waves to communicate from one appliance to another. Uses radio frequencies in the high 800 to low 900 MHz.

Protocol Analyzer

Works in conjunction with a packet sniffer to perform traffic analysis.

What are the main options for implementing connections to a cloud service provider?

You can use the internet and the provider's web servers (possibly over a VPN) or establish a direct connection for better security and performance. A direct connection could be establish by co-locating resources in the same data center or provisioning a direct link to the data center.

Which of the following IPv6 addresses is a valid unicast host address? • fe80::218:8bff:fea7:bd37 • fe80::219:d2ff::7850 • ff02::219:d2ff:fea7:7850 • ::/128

fe80::218:8bff:fea7:bd37

If you wanted to investigate connections on your machine, which utility would you use?

netstat.

IEEE 802.11a

operates in the 5 GHz band @ up to 54 Mbps, with a range of 120 feet indoors.

What tool(s) could you used to measure link statistics over time?

pathping or mtr.

Personal Area Network (PAN)

provides communication for devices owned by a single user that work over a short distance.

Software Defined Networking (SDN)

using a central control program separate from network devices to manage the flow of data on a network

Ethernet Error Checking

32-bit (4-byte) checksum called a Cyclic Redundancy Check (CRC) or Frame Check Sequence (FCS). CRC calculated based on contents of the frame (must match receiving node calculations).

Modem

A device that converts between digital and analog signal transmissions. Stands for modulator/demodulator.

Symbols

A number of events that occurs to a signal transmitted over a communications channel (pulse of higher voltage, etc.).

Blocking or Non-Designated Port

A port that would create a loop in a Spanning Tree Protocol.

Content Addressable Memory (CAM)

A table of MAC addresses and port mapping used by the switch to identify connected networking devices.

Bus Topology

All nodes attach directly to a single main cable. Data travels both directions, terminates after signal passes all devices.

Network Interface Card (NIC)

An expansion card that enables a computer to connect other computers or to a cable modem to facilitate a high-speed Internet connection.

ARP Cache

Area reserved in memory that contains the IP address and the associated hardware address.

Contention-Based MAC

Each network node within the same collision domain competes with the other connected nodes for the use of the transmission media. Reduces bandwidth.

Dialog Separation

Checkpoints are added to the data stream. Only data after last checkpoint can be resent in the event of an error.

MAC Address Format

Consists of 48 binary digits (6 bytes). Often displayed as 6 groups of 2 hexadecimal digits with colon or hyphen separators or no separators at all (00:60:8c:12:3a:bc or 00608c123abc).

Port Mirroring

Copies all packets sent to one or more source ports to a mirror (or destination) port.

Virtual Local Area Network (VLAN)

Creates a separate layer 2 broadcast domain on the same switch or configures separate broadcast domains across a network of distributed switches.

Orderly Connection Establishment and Takedown

Creates and manages multiple connections between computers.

Ring Topology

Each node is wired to its neighbor in a closed loop.

Two-Way Simultaneous (Duplex)

Either host can send messages at any time

Transport Layer Process (Host-Side)

Data from upper layers are segmented and tagged with port numbers, which are then given to the network layer for delivery

Spanning Tree Protocol (STP)

Defined by the IEEE 802.1D standard, it allows a network to have redundant Layer 2 connections, while logical preventing a loop.

Carrier Sense

Detect activity on the media

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

Detects collisions when a signal is present on the interface's transmit and receive lines simultaneously. Broadcasts a jam signal on collision detection.

Port State - Listening

Does not forward frames or learn MACs and listens for BPDUs to detect loops

Port State - Learning

Does not forward frames, but does learn MACs. Discovers the topology of the network and builds the MAC address table.

Star Topology

Each endpoint node is connected to a central forwarding node (hub, switch, router, etc.).

Flow Control

Enables one side to tell the other when the sending rate must be slowed

Protocol Analyzer

Hardware or software that captures packets to decode and analyze their contents.

Data Link Responsibilities

Header contains source and destination hardware address and error checking values. Determines how multiple nodes can share a network.

Bridge Protocol Data Unit (BPDU)

Helps to determine the shortest path to the root bridge by exchanging information with other bridges.

Network Adapter

Joins a host computer to network media and enables network communication by assembling/disassembling frames

Bridge

Joins two network segments while minimizing performance reduction of multiple nodes

MAC Access Control

Logical Topology, media access method, addressing, error detection, frame format

Attenuation

Loss of signal strength expressed in decibels.

Ethernet Frame Length

Minimum is 64 bytes (payload must be at least 46 bytes). Maximum is 1518 bytes (excluding the preamble).

Transport Layer Devices

Multilayer switches, advanced firewalls, intrusion detection systems

Multiplexing

Multiple analog or digital signals are combined into one signal over a shared medium. The aim is to share an expensive resource.

Multiple Access

Multiple nodes using the same media

Data Link Layer Devices

Network adapter, bridge, basic switch, wireless access point

CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)

Nodes listen to the media before transmitting and only transmit if the media is clear. Nodes detecting activity must wait for a clear channel before transmission.

Baud Rate

Number of symbols that can be transmitted per second. Measured in Hertz.

Session Modes

One-Way (Simplex), Two-Way Alternate (Half-Duplex), Two-Way Simultaneous (Duplex)

One-Way (Simplex)

Only one system is allowed to send messages, the other only receives.

Transport Layer Reliable Delivery Mechanisms

Orderly connection establishment and teardown, segmentation, flow control

I/G Bit

Part of the MAC address that determines whether the frame is addressed to an individual node (o) or a group (1)

Transmission Medium

Physical channel through which signals travel to allow nodes to communicate with one another.

Ethernet Frame Construction

Preamble, destination MAC, source MAC, length/type, payload, CRC

Frame Construction

Preamble, destination address, source address, payload, error checking

Promiscuous Mode

Processes all unicast traffic within the Ethernet broadcast domain, whether it is intended for the host machine or not.

Decapsulation

Removing a header or trailer from a lower OSI layer.

Address Resolution Protocol (ARP)

Resolves an IP address to a hardware address.

IEEE 802.2

Standard for Logical Link Control (LLC). Provides standard network layer server interface regardless of MAC sub-layer protocol.

Switched Networks

Switch establishes a temporary circuit between two nodes that are exchanging messages. Collisions can only occur is the devices attached to the port is operating in half-duplex mode.

Ethernet Deployment Standards

The bit rate in Megabits per second (Mbps) or Gigabits per second (Gbps), The signal mode (baseband or broadband). All types of Ethernet use baseband transmissions, so you will only see specifications of the form xBASE-y, a designator for the media type. 10BASE-T = 10 Mbps, baseband signal, twisted pair copper cabling

Baseband Transmission

The complete bandwidth of the media is available to a single transmission channel.

Addressing

The destination and source address fields contain the MAC address of the receiving and sending nodes.

Session Layer

The fifth layer in the OSI model. This layer establishes and maintains communication between two nodes on the network. It can be considered the "traffic cop" for network communications.

Organizationally Unique Identifier (OUI)

The first 24 bits of a MAC address, assigned to the NIC manufacturer by the IEEE.

Transport Layer (OSI)

The fourth layer of the OSI model. In this layer protocols ensure that data are transferred from point A to point B reliably and without errors. this layer services include flow control, acknowledgment, error correction, segmentation, reassembly, and sequencing.

Two-Way Alternate (Half-Duplex)

The hosts establish some system for taking turns to send messages, such as exchanging a token

Physical Layer

The lowest, or first, layer of the OSI model. Protocols in this layer generate and detect signals so as to transmit and receive data over a network medium. These protocols also set the data transmission rate and monitor data error rates, but do not provide error correction.

Media Access Control

The methods a network technology uses to determine when nodes are allowed to communicate on the media and to deal with possible problems.

Tranciever

The part of a network interface that sends and receives signals over the network media.

Microsegmentation

The process in LAN design by which every switch port connects to a single device, with no hubs connected to the switch ports, creating a separate collision domain per interface.

Bandwidth

The range of frequencies available to the communications channel.

Data Link Layer

The second layer in the OSI model. This layer bridges the networking media with the Network layer. Its primary function is to divide the data it receives from the Network layer into frames that can then be transmitted by the Physical layer.

Application Layer (OSI)

The seventh layer of the OSI model. Application layer protocols enable software programs to negotiate formatting, procedural, security, synchronization, and other requirements with the network.

Presentation Layer

The sixth layer of the OSI model. Protocols in the Presentation layer translate between the application and the network. Here, data are formatted in a schema that the network can understand, with the format varying according to the type of network used. The Presentation layer also manages data encryption and decryption, such as the scrambling of system passwords.

Network Layer

The third layer in the OSI model. Protocols in this layer translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.

Unicast Traffic

Traffic that is addressed by the sender to a single recipient.

Physical Layer Devices

Trancievers, media converters, repeaters, Hubs, Modems

Hertz

Unite of time representing the number of signaling cycles that can be completed per second.

Maximum Transmission Unit (MTU)

Upper limit of the payload, normally between 46 and 1500 bytes.

Preamble

Used for clock synchronization. Consists of 8 bytes of alternating 1s and 0s with two consecutive 1s at the end.

Wireless (Transmission Media)

Uses free space between nodes (no signal conductor).

Fast Ethernet

Uses same CSMA/CD protocols as original specs, but with higher frequency signaling and improved encoding methods. Raises bit rate from 10 Mbps to 100 Mbps. Written as 100BASE-TX

DIX Specification

Uses the length/type field to indicate the type of network layer protocol contained in the frame (IP, IPX, etc.). Values are 1536 or greater.

Line Coding

Using digital signals to represent binary digital data. Easier to regenerate the transmission over longer distances.

Basic Switch

a multiport bridge that creates links between nodes more efficiently.


Set pelajaran terkait

Dietary Reference Intakes (DRIs)

View Set

Machine Processes Section 8 unit 1

View Set

Management of Patients With Neoplasms

View Set

Abnormal psychology chapter 13 quiz 1

View Set

Copyright, patents, and trademarks

View Set